You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 16, 2019. It is now read-only.
You asked for questions in issue form, so here is one: Iron is based in deriving keys formencryption and authentication from a password with PBKDF. By default it uses a low iteration count.
I wonder why allow passwords at all. In a similar system I am using (hex encoded) completely random keys (and a tool to generate them together with a random Id). I derive the actual encryption keys with HKDF since I am sure there is no entropy problem with non-humanly chosen secrets.
The text was updated successfully, but these errors were encountered:
If by allowing passwords you mean no requiring buffer keys that are fed directly into iron, I don't see the harm in that. These tools are designed to be used by people who fully understand the security properties of the protocol. Iron usage of password makes sense for the many other use cases it is used for.
You asked for questions in issue form, so here is one: Iron is based in deriving keys formencryption and authentication from a password with PBKDF. By default it uses a low iteration count.
I wonder why allow passwords at all. In a similar system I am using (hex encoded) completely random keys (and a tool to generate them together with a random Id). I derive the actual encryption keys with HKDF since I am sure there is no entropy problem with non-humanly chosen secrets.
The text was updated successfully, but these errors were encountered: