As of now, the iteration count is 1000.
At the same time 1Password increased their count from 100000 to 650000.
OWASP recommended 600,000 iterations for PBKDF-HMAC-SHA256.
The standard was written 24 years ago recommending a minimum number of 1000, with the intention of increasing as CPU speeds increase. A count of 1000 is too low for today’s CPU speeds.
Is there any development going on regarding this issue?
I have seen a pull request from 杨赫然 on the seafile-server project regarding this issue to propose encryption v5. Is this being reviewed?
Intentionally using weak encryption is a dealbreaker for us.
Actually the pr for encryption v5 is obsolete. We have a new design to use Argon2 for key derivation. You can find the new PR: Support argon2id password hash algo by feiniks · Pull Request #637 · haiwen/seafile-server · GitHub . The plan is to release it in version 12.