use 15k iterations in PBKDF2 in backward compatible way

2023-04-19 15:17:44 +02:00 · 2023-04-19 15:17:44 +02:00 · 54cd15a1ab
commit 54cd15a1ab
--- a/cli/index.js
+++ b/cli/index.js
@ -70,15 +70,20 @@ try{
 * Salt and encrypt a msg with a password.
 * Inspired by https://github.com/adonespitogo
 */
-var keySize = 256;
-var iterations = 1000;
+var pbkdf2Parameters = {
+    keySize: 256/32,
+    iterations: 1000,
+};
+
+if (isTemplateSupporting15kIterations()) {
+    pbkdf2Parameters.iterations = 15000;
+    pbkdf2Parameters.hasher = CryptoJS.algo.SHA256;
+}
+
 function encrypt (msg, password) {
    var salt = CryptoJS.lib.WordArray.random(128/8);
    
-    var key = CryptoJS.PBKDF2(password, salt, {
-        keySize: keySize/32,
-        iterations: iterations
-    });
+    var key = CryptoJS.PBKDF2(password, salt, pbkdf2Parameters);

    var iv = CryptoJS.lib.WordArray.random(128/8);

@ -90,7 +95,7 @@ function encrypt (msg, password) {

    // salt, iv will be hex 32 in length
    // append them to the ciphertext for use  in decryption
-    var encryptedMsg = salt.toString()+ iv.toString() + encrypted.toString();
+    var encryptedMsg = salt.toString() + iv.toString() + encrypted.toString();
    return encryptedMsg;
 }

@ -123,6 +128,18 @@ var data = {

 genFile(data);

+function isTemplateSupporting15kIterations() {
+    return getTemplateContent().includes("// STATICRYPT VERSION: >= 1.4.3");
+}
+
+function getTemplateContent() {
+    try {
+        return FileSystem.readFileSync(namedArgs.f, 'utf8');
+    } catch (e) {
+        console.log("Failure: could not read template!");
+        process.exit(1);
+    }
+}

 /**
 * Fill the template with provided data and writes it to output file.
@ -130,12 +147,7 @@ genFile(data);
 * @param data
 */
 function genFile(data){
-    try{
-        var templateContents = FileSystem.readFileSync(namedArgs.f, 'utf8');
-    }catch(e){
-        console.log("Failure: could not read template!");
-        process.exit(1);
-    }
+    var templateContents = getTemplateContent();

    var renderedTemplate = render(templateContents, data);

--- a/cli/package-lock.json
+++ b/cli/package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "staticrypt",
-    "version": "1.4.2",
+  "version": "1.4.3",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/cli/package.json
+++ b/cli/package.json
@ -1,6 +1,6 @@
 {
  "name": "staticrypt",
-  "version": "1.4.2",
+  "version": "1.4.3",
  "description": "Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your input with your passphrase and put it in a HTML file with a password prompt that can decrypted in-browser (client side).",
  "main": "index.js",
  "bin": {
--- a/cli/password_template.html
+++ b/cli/password_template.html
@ -143,12 +143,14 @@
 {crypto_tag}

 <script>
+    // STATICRYPT VERSION: >= 1.4.3
+
    /**
     * Decrypt a salted msg using a password.
     * Inspired by https://github.com/adonespitogo
     */
    var keySize = 256;
-    var iterations = 1000;
+    var iterations = 15000;
    function decrypt (encryptedMsg, pass) {
        var salt = CryptoJS.enc.Hex.parse(encryptedMsg.substr(0, 32));
        var iv = CryptoJS.enc.Hex.parse(encryptedMsg.substr(32, 32))
@ -156,7 +158,8 @@

        var key = CryptoJS.PBKDF2(pass, salt, {
            keySize: keySize/32,
-            iterations: iterations
+            iterations: iterations,
+            hasher: CryptoJS.algo.SHA256,
        });

        var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
--- a/index.html
+++ b/index.html
@ -203,13 +203,14 @@ Filename changed to circumvent adblockers that mistake it for a crypto miner (se
     * Inspired by https://github.com/adonespitogo
     */
    var keySize = 256;
-    var iterations = 1000;
+    var iterations = 15000;
    function encrypt (msg, password) {
        var salt = CryptoJS.lib.WordArray.random(128/8);

        var key = CryptoJS.PBKDF2(password, salt, {
            keySize: keySize/32,
-            iterations: iterations
+            iterations: iterations,
+            hasher: CryptoJS.algo.SHA256,
        });

        var iv = CryptoJS.lib.WordArray.random(128/8);
--- a/password_template.html
+++ b/password_template.html
@ -143,13 +143,14 @@
 {crypto_tag}

 <script>
+    // STATICRYPT VERSION: >= 1.4.3

    /**
     * Decrypt a salted msg using a password.
     * Inspired by https://github.com/adonespitogo
     */
    var keySize = 256;
-    var iterations = 1000;
+    var iterations = 15000;
    function decrypt (encryptedMsg, pass) {
        var salt = CryptoJS.enc.Hex.parse(encryptedMsg.substr(0, 32));
        var iv = CryptoJS.enc.Hex.parse(encryptedMsg.substr(32, 32))
@ -157,7 +158,8 @@

        var key = CryptoJS.PBKDF2(pass, salt, {
            keySize: keySize/32,
-            iterations: iterations
+            iterations: iterations,
+            hasher: CryptoJS.algo.SHA256,
        });

        var decrypted = CryptoJS.AES.decrypt(encrypted, key, {