docs(security): correct PBKDF2 iteration count and salt size

SECURITY.md still documented the pre-hardening parameters (100,000
iterations, 32-byte salt); the code has used 600,000 iterations and a
16-byte salt (EncryptedFile.DefaultIterations) since the encryption
upgrade, with the count itself stored in the file container for
forward compatibility.
This commit is contained in:
2026-07-07 14:24:37 +02:00
parent c75e3921aa
commit b304996ff5
+1 -1
View File
@@ -55,7 +55,7 @@ It cannot (given correct Merkle verification):
## Encryption at rest ## Encryption at rest
- Algorithm: AES-256-GCM - Algorithm: AES-256-GCM
- Key derivation: PBKDF2-HMAC-SHA512, 100 000 iterations, 32-byte random salt - Key derivation: PBKDF2-HMAC-SHA512, 600 000 iterations, 16-byte random salt (fresh salt and nonce on every save; the iteration count is stored in the file container, so future increases remain backward-compatible)
- Authentication: GCM tag (16 bytes) — any tampering is detected before decryption - Authentication: GCM tag (16 bytes) — any tampering is detected before decryption
- The user can explicitly opt out of encryption (UI shows a warning); the `WalletStore.Save` API accepts `null` password only when the caller has confirmed user intent - The user can explicitly opt out of encryption (UI shows a warning); the `WalletStore.Save` API accepts `null` password only when the caller has confirmed user intent