From bf8bffb8acfc93bd2ffde9258b630a0e5eb5c1b6 Mon Sep 17 00:00:00 2001
From: Stephen Lombardo <sjlombardo@zetetic.net>
Date: Fri, 21 Sep 2018 16:30:45 -0400
Subject: [PATCH] default to 256,000 PBKDF2 iterations

---
 src/crypto.h     |  2 +-
 test/crypto.test | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/crypto.h b/src/crypto.h
index 1a9f8a8..2836842 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -70,7 +70,7 @@ void sqlite3pager_reset(Pager *pPager);
 #define CIPHER_READWRITE_CTX 2
 
 #ifndef PBKDF2_ITER
-#define PBKDF2_ITER 128000
+#define PBKDF2_ITER 256000
 #endif
 
 /* possible flags for cipher_ctx->flags */
diff --git a/test/crypto.test b/test/crypto.test
index 544a193..4c108b5 100644
--- a/test/crypto.test
+++ b/test/crypto.test
@@ -1427,7 +1427,7 @@ do_test default-hmac-kdf-attach {
     ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
     SELECT count(*) from db2.t1;
     PRAGMA cipher_default_use_hmac = ON;
-    PRAGMA cipher_default_kdf_iter = 128000;
+    PRAGMA cipher_default_kdf_iter = 256000;
     PRAGMA cipher_default_page_size = 4096;
     PRAGMA cipher_default_kdf_algorithm = PBKDF2_HMAC_SHA512;
   } 
@@ -1478,7 +1478,7 @@ do_test change-default-hmac-kdf-attach {
     ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
     SELECT count(*) from db2.t1;
     PRAGMA cipher_default_use_hmac = ON;
-    PRAGMA cipher_default_kdf_iter = 128000;
+    PRAGMA cipher_default_kdf_iter = 256000;
     PRAGMA cipher_default_page_size = 4096;
     PRAGMA cipher_default_kdf_algorithm = PBKDF2_HMAC_SHA512;
   } 
@@ -1790,13 +1790,13 @@ db close
 file delete -force test.db
 
 # verify the pragma default_cipher_kdf_iter
-# is set to 128000 by default
+# is set to 256000 by default
 do_test verify-pragma-cipher-default-kdf-iter-default {
     sqlite_orig db test.db
     execsql {
         PRAGMA cipher_default_kdf_iter;
     }
-} {128000}
+} {256000}
 db close
 file delete -force test.db
 
@@ -1808,7 +1808,7 @@ do_test verify-pragma-cipher-default-use-hmac-off {
     execsql {
         PRAGMA cipher_default_kdf_iter = 1000;
         PRAGMA cipher_default_kdf_iter;
-        PRAGMA cipher_default_kdf_iter = 128000;
+        PRAGMA cipher_default_kdf_iter = 256000;
     }
 } {1000}
 db close
@@ -1822,7 +1822,7 @@ do_test verify-pragma-kdf-iter-reports-default {
         PRAGMA key = 'test';
         PRAGMA kdf_iter;
     }
-} {128000}
+} {256000}
 db close
 file delete -force test.db