default to 256,000 PBKDF2 iterations

src/crypto.h

@@ -70,7 +70,7 @@ void sqlite3pager_reset(Pager *pPager);
 #define CIPHER_READWRITE_CTX 2
 
 #ifndef PBKDF2_ITER
-#define PBKDF2_ITER 128000
+#define PBKDF2_ITER 256000
 #endif
 
 /* possible flags for cipher_ctx->flags */

test/crypto.test

@@ -1427,7 +1427,7 @@ do_test default-hmac-kdf-attach {
     ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
     SELECT count(*) from db2.t1;
     PRAGMA cipher_default_use_hmac = ON;
-    PRAGMA cipher_default_kdf_iter = 128000;
+    PRAGMA cipher_default_kdf_iter = 256000;
     PRAGMA cipher_default_page_size = 4096;
     PRAGMA cipher_default_kdf_algorithm = PBKDF2_HMAC_SHA512;
   } 
@@ -1478,7 +1478,7 @@ do_test change-default-hmac-kdf-attach {
     ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
     SELECT count(*) from db2.t1;
     PRAGMA cipher_default_use_hmac = ON;
-    PRAGMA cipher_default_kdf_iter = 128000;
+    PRAGMA cipher_default_kdf_iter = 256000;
     PRAGMA cipher_default_page_size = 4096;
     PRAGMA cipher_default_kdf_algorithm = PBKDF2_HMAC_SHA512;
   } 
@@ -1790,13 +1790,13 @@ db close
 file delete -force test.db
 
 # verify the pragma default_cipher_kdf_iter
-# is set to 128000 by default
+# is set to 256000 by default
 do_test verify-pragma-cipher-default-kdf-iter-default {
     sqlite_orig db test.db
     execsql {
         PRAGMA cipher_default_kdf_iter;
     }
-} {128000}
+} {256000}
 db close
 file delete -force test.db
 
@@ -1808,7 +1808,7 @@ do_test verify-pragma-cipher-default-use-hmac-off {
     execsql {
         PRAGMA cipher_default_kdf_iter = 1000;
         PRAGMA cipher_default_kdf_iter;
-        PRAGMA cipher_default_kdf_iter = 128000;
+        PRAGMA cipher_default_kdf_iter = 256000;
     }
 } {1000}
 db close
@@ -1822,7 +1822,7 @@ do_test verify-pragma-kdf-iter-reports-default {
         PRAGMA key = 'test';
         PRAGMA kdf_iter;
     }
-} {128000}
+} {256000}
 db close
 file delete -force test.db