bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-15 15:53:27 +00:00
Code Issues Releases Wiki Activity

[PM-3565] Enforce higher minimum KDF (#6440)

Browse Source 
Changes minimum iterations for PBKDF2 to 600 000. Also converts the constants into ranges to ensure there is only a single place for all checks.
This commit is contained in:
Oscar Hinton
2023-12-05 16:55:12 +01:00
committed by GitHub
parent 56860482b1
commit 7bbdee9daa
10 changed files with 150 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libs/exporter/src/vault-export/services/vault-export.service.spec.ts
View File

@@ -5,7 +5,7 @@ import { KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
import { CipherWithIdExport } from "@bitwarden/common/models/export/cipher-with-ids.export";
import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
import { KdfType, DEFAULT_PBKDF2_ITERATIONS } from "@bitwarden/common/platform/enums";
import { KdfType, PBKDF2_ITERATIONS } from "@bitwarden/common/platform/enums";
import { Utils } from "@bitwarden/common/platform/misc/utils";
import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
import { StateService } from "@bitwarden/common/platform/services/state.service";
@@ -159,7 +159,7 @@ describe("VaultExportService", () => {
folderService.getAllDecryptedFromState.mockResolvedValue(UserFolderViews);
folderService.getAllFromState.mockResolvedValue(UserFolders);
stateService.getKdfType.mockResolvedValue(KdfType.PBKDF2_SHA256);
stateService.getKdfConfig.mockResolvedValue(new KdfConfig(DEFAULT_PBKDF2_ITERATIONS));
stateService.getKdfConfig.mockResolvedValue(new KdfConfig(PBKDF2_ITERATIONS.defaultValue));
cryptoService.encrypt.mockResolvedValue(new EncString("encrypted"));
exportService = new VaultExportService(
@@ -240,7 +240,7 @@ describe("VaultExportService", () => {
});
it("specifies kdfIterations", () => {
expect(exportObject.kdfIterations).toEqual(DEFAULT_PBKDF2_ITERATIONS);
expect(exportObject.kdfIterations).toEqual(PBKDF2_ITERATIONS.defaultValue);
});
it("has kdfType", () => {