[messaging] Secure OpenPGP Key Pair Synchronization via IMAP (RFC)

Tankred Hase tankred at whiteout.io
Fri Apr 10 01:38:47 PDT 2015

Hi Daniel,

> Is there reason why you've tied the number of PBKDF2 iterations to the
> version number? Other frameworks like Django separate out the number
> of iterations so that it can be increase the default over time without
> having to make new versions[1].

Good point. We could store the number of iterations in the stored
packet. That way it would be more flexible.

> Also, in the same vein, Django's default is 24,000 iterations[2].
> LastPass uses 100,000[3]. Any particular reason you settled on 10,000?

The "password" being stretched is a 24 char code generated with a
prng, so I'm not sure how much entropy more iterations would add. We
chose 10k mainly due to the performance constraints of JS runtimes.


Whiteout Networks GmbH c/o Werk1
Grafinger Str. 6
D-81671 München
Geschäftsführer: Oliver Gajek
RG München HRB 204479

More information about the Messaging mailing list