Lower KDF iteration default

2025-09-09 15:58:48 +00:00 · 2025-07-13 14:40:15 -04:00
parent 7f43d79f6e
commit 96d5a1bb57
5 changed files with 13 additions and 11 deletions
--- a/src/password_manager/config_manager.py
+++ b/src/password_manager/config_manager.py
@@ -45,7 +45,7 @@ class ConfigManager:
                "pin_hash": "",
                "password_hash": "",
                "inactivity_timeout": INACTIVITY_TIMEOUT,
-                "kdf_iterations": 100_000,
+                "kdf_iterations": 50_000,
                "kdf_mode": "pbkdf2",
                "additional_backup_path": "",
                "backup_interval": 0,
@@ -66,7 +66,7 @@ class ConfigManager:
            data.setdefault("pin_hash", "")
            data.setdefault("password_hash", "")
            data.setdefault("inactivity_timeout", INACTIVITY_TIMEOUT)
-            data.setdefault("kdf_iterations", 100_000)
+            data.setdefault("kdf_iterations", 50_000)
            data.setdefault("kdf_mode", "pbkdf2")
            data.setdefault("additional_backup_path", "")
            data.setdefault("backup_interval", 0)
@@ -165,7 +165,7 @@ class ConfigManager:
    def get_kdf_iterations(self) -> int:
        """Retrieve the PBKDF2 iteration count."""
        config = self.load_config(require_pin=False)
-        return int(config.get("kdf_iterations", 100_000))
+        return int(config.get("kdf_iterations", 50_000))

    def set_kdf_mode(self, mode: str) -> None:
        """Persist the key derivation function mode."""
--- a/src/password_manager/manager.py
+++ b/src/password_manager/manager.py
@@ -397,7 +397,7 @@ class PasswordManager:
                iterations = (
                    self.config_manager.get_kdf_iterations()
                    if getattr(self, "config_manager", None)
-                    else 100_000
+                    else 50_000
                )
                print("Deriving key...")
                if mode == "argon2":
@@ -466,7 +466,7 @@ class PasswordManager:
            iterations = (
                self.config_manager.get_kdf_iterations()
                if getattr(self, "config_manager", None)
-                else 100_000
+                else 50_000
            )
            if mode == "argon2":
                seed_key = derive_key_from_password_argon2(password)
@@ -618,7 +618,7 @@ class PasswordManager:
            iterations = (
                self.config_manager.get_kdf_iterations()
                if getattr(self, "config_manager", None)
-                else 100_000
+                else 50_000
            )
            key = derive_key_from_password(password, iterations=iterations)

@@ -744,7 +744,7 @@ class PasswordManager:
                    iterations = (
                        self.config_manager.get_kdf_iterations()
                        if getattr(self, "config_manager", None)
-                        else 100_000
+                        else 50_000
                    )
                    seed_key = derive_key_from_password(password, iterations=iterations)

@@ -901,7 +901,7 @@ class PasswordManager:
            iterations = (
                self.config_manager.get_kdf_iterations()
                if getattr(self, "config_manager", None)
-                else 100_000
+                else 50_000
            )
            seed_key = derive_key_from_password(password, iterations=iterations)