09-13-2016, 01:22 PM
Oh sorry I'm sure there is some key derivation from the password to the actual encryption key.
I haven't had a chance to figure out what the actual KDF is but the code uses crypto-js
AES 256 implementation with default settings (I'll try to dig into the KDF next).
I'll looked a bit more into the password generation and the implementation is as follows
Math.random().toString(36).substr(2, 6);
I originally thought the password can only have letters(upper and lower caps) but that actually a bit weaker (only lower caps and numbers with no upper case). also the I'm not sure about the security of Math.random()
I know chrome recently changed there builtin random generation to be a bit more secure,
but I assume it's still not cryptographically secure and there might be a way to limit the key space even more but I don't have enough knowledge on how to do it (and the password might have been derived using a differentfrent browser)
Any way I guess I'll have to get the KDF first but using crypto-js with node.js I can check ~3 keys in ms (using 4 cores)
I thought any better AES implementation might help me increase the rate at least ten times
I haven't had a chance to figure out what the actual KDF is but the code uses crypto-js
AES 256 implementation with default settings (I'll try to dig into the KDF next).
I'll looked a bit more into the password generation and the implementation is as follows
Math.random().toString(36).substr(2, 6);
I originally thought the password can only have letters(upper and lower caps) but that actually a bit weaker (only lower caps and numbers with no upper case). also the I'm not sure about the security of Math.random()
I know chrome recently changed there builtin random generation to be a bit more secure,
but I assume it's still not cryptographically secure and there might be a way to limit the key space even more but I don't have enough knowledge on how to do it (and the password might have been derived using a differentfrent browser)
Any way I guess I'll have to get the KDF first but using crypto-js with node.js I can check ~3 keys in ms (using 4 cores)
I thought any better AES implementation might help me increase the rate at least ten times