feat: make kdf iterations configurable when creating a multiaccount (#2796)

2022-09-27 16:27:20 -04:00 · 2022-09-27 16:27:20 -04:00 · bf9abfc350
parent 506921509e
commit bf9abfc350
59 changed files with 238 additions and 137 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-0.110.3
+0.111.0
--- a/api/geth_backend.go
+++ b/api/geth_backend.go
@ -266,7 +266,7 @@ func (b *GethStatusBackend) ensureAppDBOpened(account multiaccounts.Account, pas
 		_ = os.Rename(oldPath+"-wal", newPath+"-wal")
 	}

-	b.appDB, err = appdatabase.InitializeDB(newPath, password)
+	b.appDB, err = appdatabase.InitializeDB(newPath, password, account.KDFIterations)
 	if err != nil {
 		b.log.Error("failed to initialize db", "err", err)
 		return err
@ -296,6 +296,15 @@ func (b *GethStatusBackend) setupLogSettings() error {
 // TODO: we should use a proper struct with optional values instead of duplicating the regular functions
 // with small variants for keycard, this created too many bugs
 func (b *GethStatusBackend) startNodeWithKey(acc multiaccounts.Account, password string, keyHex string) error {
+	if acc.KDFIterations == 0 {
+		kdfIterations, err := b.multiaccountsDB.GetAccountKDFIterationsNumber(acc.KeyUID)
+		if err != nil {
+			return err
+		}
+
+		acc.KDFIterations = kdfIterations
+	}
+
 	err := b.ensureAppDBOpened(acc, password)
 	if err != nil {
 		return err
@ -498,7 +507,7 @@ func (b *GethStatusBackend) ExportUnencryptedDatabase(acc multiaccounts.Account,
 		_ = os.Rename(oldPath+"-wal", newPath+"-wal")
 	}

-	err = appdatabase.DecryptDatabase(newPath, directory, password)
+	err = appdatabase.DecryptDatabase(newPath, directory, password, acc.KDFIterations)
 	if err != nil {
 		b.log.Error("failed to initialize db", "err", err)
 		return err
@ -518,7 +527,7 @@ func (b *GethStatusBackend) ImportUnencryptedDatabase(acc multiaccounts.Account,

 	path := filepath.Join(b.rootDataDir, fmt.Sprintf("%s.db", acc.KeyUID))

-	err := appdatabase.EncryptDatabase(databasePath, path, password)
+	err := appdatabase.EncryptDatabase(databasePath, path, password, acc.KDFIterations)
 	if err != nil {
 		b.log.Error("failed to initialize db", "err", err)
 		return err
@ -538,7 +547,11 @@ func (b *GethStatusBackend) ChangeDatabasePassword(keyUID string, password strin
 		}
 	}

-	err := appdatabase.ChangeDatabasePassword(dbPath, password, newPassword)
+	kdfIterations, err := b.multiaccountsDB.GetAccountKDFIterationsNumber(keyUID)
+	if err != nil {
+		return err
+	}
+	err = appdatabase.ChangeDatabasePassword(dbPath, password, kdfIterations, newPassword)
 	if err != nil {
 		if config != nil {
 			keyDir := config.KeyStoreDir
@ -594,7 +607,12 @@ func (b *GethStatusBackend) ConvertToKeycardAccount(keyStoreDir string, account
 }

 func (b *GethStatusBackend) VerifyDatabasePassword(keyUID string, password string) error {
-	err := b.ensureAppDBOpened(multiaccounts.Account{KeyUID: keyUID}, password)
+	kdfIterations, err := b.multiaccountsDB.GetAccountKDFIterationsNumber(keyUID)
+	if err != nil {
+		return err
+	}
+
+	err = b.ensureAppDBOpened(multiaccounts.Account{KeyUID: keyUID, KDFIterations: kdfIterations}, password)
 	if err != nil {
 		return err
 	}
--- a/appdatabase/database.go
+++ b/appdatabase/database.go
@ -15,8 +15,8 @@ import (
 const nodeCfgMigrationDate = 1640111208

 // InitializeDB creates db file at a given path and applies migrations.
-func InitializeDB(path, password string) (*sql.DB, error) {
-	db, err := sqlite.OpenDB(path, password)
+func InitializeDB(path, password string, kdfIterationsNumber int) (*sql.DB, error) {
+	db, err := sqlite.OpenDB(path, password, kdfIterationsNumber)
 	if err != nil {
 		return nil, err
 	}
@ -61,18 +61,18 @@ func InitializeDB(path, password string) (*sql.DB, error) {

 // DecryptDatabase creates an unencrypted copy of the database and copies it
 // over to the given directory
-func DecryptDatabase(oldPath, newPath, password string) error {
-	return sqlite.DecryptDB(oldPath, newPath, password)
+func DecryptDatabase(oldPath, newPath, password string, kdfIterationsNumber int) error {
+	return sqlite.DecryptDB(oldPath, newPath, password, kdfIterationsNumber)
 }

 // EncryptDatabase creates an encrypted copy of the database and copies it to the
 // user path
-func EncryptDatabase(oldPath, newPath, password string) error {
-	return sqlite.EncryptDB(oldPath, newPath, password)
+func EncryptDatabase(oldPath, newPath, password string, kdfIterationsNumber int) error {
+	return sqlite.EncryptDB(oldPath, newPath, password, kdfIterationsNumber)
 }

-func ChangeDatabasePassword(path, password, newPassword string) error {
-	return sqlite.ChangeEncryptionKey(path, password, newPassword)
+func ChangeDatabasePassword(path string, password string, kdfIterationsNumber int, newPassword string) error {
+	return sqlite.ChangeEncryptionKey(path, password, kdfIterationsNumber, newPassword)
 }

 // GetDBFilename takes an instance of sql.DB and returns the filename of the "main" database
--- a/appdatabase/database_test.go
+++ b/appdatabase/database_test.go
@ -4,6 +4,8 @@ import (
 	"testing"

 	"github.com/stretchr/testify/require"
+
+	"github.com/status-im/status-go/sqlite"
 )

 func Test_GetDBFilename(t *testing.T) {
@ -19,7 +21,7 @@ func Test_GetDBFilename(t *testing.T) {
 	require.True(t, len(fn) > 0)

 	// Test with in memory instance
-	mdb, err := InitializeDB(":memory:", "test")
+	mdb, err := InitializeDB(":memory:", "test", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	defer func() {
 		require.NoError(t, mdb.Close())
--- a/appdatabase/node_config_test.go
+++ b/appdatabase/node_config_test.go
@ -20,12 +20,13 @@ import (
 	"github.com/status-im/status-go/nodecfg"
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/protocol/pushnotificationserver"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestDB(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "settings-tests-")
 	require.NoError(t, err)
-	db, err := InitializeDB(tmpfile.Name(), "settings-tests")
+	db, err := InitializeDB(tmpfile.Name(), "settings-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, db.Close())
--- a/appdatabase/test_helpers.go
+++ b/appdatabase/test_helpers.go
@ -8,13 +8,15 @@ import (
 	"github.com/status-im/status-go/protocol/sqlite"
 )

+const kdfIterationsNumberForTests = 3200
+
 // SetupTestSQLDB creates a temporary sqlite database file, initialises and then returns with a teardown func
 func SetupTestSQLDB(prefix string) (*sql.DB, func() error, error) {
 	tmpfile, err := ioutil.TempFile("", prefix)
 	if err != nil {
 		return nil, nil, err
 	}
-	db, err := InitializeDB(tmpfile.Name(), prefix)
+	db, err := InitializeDB(tmpfile.Name(), prefix, kdfIterationsNumberForTests)
 	if err != nil {
 		return nil, nil, err
 	}
@ -29,7 +31,7 @@ func SetupTestSQLDB(prefix string) (*sql.DB, func() error, error) {
 }

 func SetupTestMemorySQLDB(prefix string) (*sql.DB, error) {
-	db, err := InitializeDB(sqlite.InMemoryPath, prefix)
+	db, err := InitializeDB(sqlite.InMemoryPath, prefix, kdfIterationsNumberForTests)
 	if err != nil {
 		return nil, err
 	}
--- a/appmetrics/database_test.go
+++ b/appmetrics/database_test.go
@ -9,6 +9,7 @@ import (
 	"time"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"

 	"github.com/stretchr/testify/require"
 )
@ -16,7 +17,7 @@ import (
 func setupTestDB(t *testing.T) (*Database, func()) {
 	tmpfile, err := ioutil.TempFile("", "appmetrics-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "appmetrics-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "appmetrics-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	return NewDB(db), func() {
--- a/cmd/ping-community/main.go
+++ b/cmd/ping-community/main.go
@ -23,6 +23,7 @@ import (
 	"github.com/status-im/status-go/multiaccounts"
 	"github.com/status-im/status-go/multiaccounts/accounts"
 	"github.com/status-im/status-go/multiaccounts/settings"
+	"github.com/status-im/status-go/sqlite"

 	"github.com/status-im/status-go/logutils"
 	"github.com/status-im/status-go/params"
@ -395,7 +396,8 @@ func ImportAccount(seedPhrase string, backend *api.GethStatusBackend) error {
 	}

 	account := multiaccounts.Account{
-		KeyUID: generatedAccountInfo.KeyUID,
+		KeyUID:        generatedAccountInfo.KeyUID,
+		KDFIterations: sqlite.ReducedKDFIterationsNumber,
 	}
 	settings, err := defaultSettings(generatedAccountInfo, derivedAddresses, &seedPhrase)
 	if err != nil {
--- a/cmd/populate-db/main.go
+++ b/cmd/populate-db/main.go
@ -33,6 +33,7 @@ import (
 	"github.com/status-im/status-go/protocol/protobuf"
 	"github.com/status-im/status-go/protocol/requests"
 	wakuextn "github.com/status-im/status-go/services/wakuext"
+	"github.com/status-im/status-go/sqlite"
 )

 type testTimeSource struct{}
@ -444,7 +445,8 @@ func ImportAccount(seedPhrase string, backend *api.GethStatusBackend) error {
 	}

 	account := multiaccounts.Account{
-		KeyUID: generatedAccountInfo.KeyUID,
+		KeyUID:        generatedAccountInfo.KeyUID,
+		KDFIterations: sqlite.ReducedKDFIterationsNumber,
 	}
 	settings, err := defaultSettings(generatedAccountInfo, derivedAddresses, &seedPhrase)
 	if err != nil {
--- a/cmd/statusd/main.go
+++ b/cmd/statusd/main.go
@ -31,6 +31,7 @@ import (
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/profiling"
 	"github.com/status-im/status-go/protocol"
+	"github.com/status-im/status-go/sqlite"
 )

 const (
@ -206,7 +207,7 @@ func main() {
 			return
 		}

-		db, err := appdatabase.InitializeDB(config.DataDir+"/"+installationID.String()+".db", "")
+		db, err := appdatabase.InitializeDB(config.DataDir+"/"+installationID.String()+".db", "", sqlite.ReducedKDFIterationsNumber)
 		if err != nil {
 			logger.Error("failed to initialize app db", "error", err)
 			return
--- a/multiaccounts/database.go
+++ b/multiaccounts/database.go
@ -22,6 +22,7 @@ type Account struct {
 	KeycardPairing string                 `json:"keycard-pairing"`
 	KeyUID         string                 `json:"key-uid"`
 	Images         []images.IdentityImage `json:"images"`
+	KDFIterations  int                    `json:"kdfIterations,omitempty"`
 }

 func (a *Account) ToProtobuf() *protobuf.MultiAccount {
@ -106,8 +107,16 @@ func (db *Database) Close() error {
 	return db.db.Close()
 }

+func (db *Database) GetAccountKDFIterationsNumber(keyUID string) (kdfIterationsNumber int, err error) {
+	err = db.db.QueryRow("SELECT  kdfIterations FROM accounts WHERE keyUid = ?", keyUID).Scan(&kdfIterationsNumber)
+	if err != nil {
+		return -1, err
+	}
+	return
+}
+
 func (db *Database) GetAccounts() (rst []Account, err error) {
-	rows, err := db.db.Query("SELECT  a.name, a.loginTimestamp, a.identicon, a.colorHash, a.colorId, a.keycardPairing, a.keyUid, ii.name, ii.image_payload, ii.width, ii.height, ii.file_size, ii.resize_target, ii.clock FROM accounts AS a LEFT JOIN identity_images AS ii ON ii.key_uid = a.keyUid ORDER BY loginTimestamp DESC")
+	rows, err := db.db.Query("SELECT  a.name, a.loginTimestamp, a.identicon, a.colorHash, a.colorId, a.keycardPairing, a.keyUid, a.kdfIterations, ii.name, ii.image_payload, ii.width, ii.height, ii.file_size, ii.resize_target, ii.clock FROM accounts AS a LEFT JOIN identity_images AS ii ON ii.key_uid = a.keyUid ORDER BY loginTimestamp DESC")
 	if err != nil {
 		return nil, err
 	}
@ -138,6 +147,7 @@ func (db *Database) GetAccounts() (rst []Account, err error) {
 			&accColorID,
 			&acc.KeycardPairing,
 			&acc.KeyUID,
+			&acc.KDFIterations,
 			&iiName,
 			&ii.Payload,
 			&iiWidth,
@ -275,7 +285,11 @@ func (db *Database) SaveAccount(account Account) error {
 		return err
 	}

-	_, err = db.db.Exec("INSERT OR REPLACE INTO accounts (name, identicon, colorHash, colorId, keycardPairing, keyUid) VALUES (?, ?, ?, ?, ?, ?)", account.Name, account.Identicon, colorHash, account.ColorID, account.KeycardPairing, account.KeyUID)
+	if account.KDFIterations <= 0 {
+		account.KDFIterations = sqlite.ReducedKDFIterationsNumber
+	}
+
+	_, err = db.db.Exec("INSERT OR REPLACE INTO accounts (name, identicon, colorHash, colorId, keycardPairing, keyUid, kdfIterations) VALUES (?, ?, ?, ?, ?, ?, ?)", account.Name, account.Identicon, colorHash, account.ColorID, account.KeycardPairing, account.KeyUID, account.KDFIterations)
 	if err != nil {
 		return err
 	}
@ -292,7 +306,12 @@ func (db *Database) UpdateAccount(account Account) error {
 	if err != nil {
 		return err
 	}
-	_, err = db.db.Exec("UPDATE accounts SET name = ?, identicon = ?, colorHash = ?, colorId = ?, keycardPairing = ? WHERE keyUid = ?", account.Name, account.Identicon, colorHash, account.ColorID, account.KeycardPairing, account.KeyUID)
+
+	if account.KDFIterations <= 0 {
+		account.KDFIterations = sqlite.ReducedKDFIterationsNumber
+	}
+
+	_, err = db.db.Exec("UPDATE accounts SET name = ?, identicon = ?, colorHash = ?, colorId = ?, keycardPairing = ?, kdfIterations = ? WHERE keyUid = ?", account.Name, account.Identicon, colorHash, account.ColorID, account.KeycardPairing, account.KDFIterations, account.KeyUID)
 	return err
 }

--- a/multiaccounts/database_test.go
+++ b/multiaccounts/database_test.go
@ -7,6 +7,7 @@ import (
 	"testing"

 	"github.com/status-im/status-go/images"
+	"github.com/status-im/status-go/protocol/sqlite"

 	"github.com/stretchr/testify/require"
 )
@ -25,7 +26,7 @@ func setupTestDB(t *testing.T) (*Database, func()) {
 func TestAccounts(t *testing.T) {
 	db, stop := setupTestDB(t)
 	defer stop()
-	expected := Account{Name: "string", KeyUID: "string", ColorHash: [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}}, ColorID: 10}
+	expected := Account{Name: "string", KeyUID: "string", ColorHash: [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}}, ColorID: 10, KDFIterations: sqlite.ReducedKDFIterationsNumber}
 	require.NoError(t, db.SaveAccount(expected))
 	accounts, err := db.GetAccounts()
 	require.NoError(t, err)
@ -36,7 +37,7 @@ func TestAccounts(t *testing.T) {
 func TestAccountsUpdate(t *testing.T) {
 	db, stop := setupTestDB(t)
 	defer stop()
-	expected := Account{KeyUID: "string", ColorHash: [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}}, ColorID: 10}
+	expected := Account{KeyUID: "string", ColorHash: [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}}, ColorID: 10, KDFIterations: sqlite.ReducedKDFIterationsNumber}
 	require.NoError(t, db.SaveAccount(expected))
 	expected.Name = "chars"
 	require.NoError(t, db.UpdateAccount(expected))
@ -50,7 +51,7 @@ func TestLoginUpdate(t *testing.T) {
 	db, stop := setupTestDB(t)
 	defer stop()

-	accounts := []Account{{Name: "first", KeyUID: "0x1"}, {Name: "second", KeyUID: "0x2"}}
+	accounts := []Account{{Name: "first", KeyUID: "0x1", KDFIterations: sqlite.ReducedKDFIterationsNumber}, {Name: "second", KeyUID: "0x2", KDFIterations: sqlite.ReducedKDFIterationsNumber}}
 	for _, acc := range accounts {
 		require.NoError(t, db.SaveAccount(acc))
 	}
@ -154,7 +155,7 @@ func TestDatabase_GetAccountsWithIdentityImages(t *testing.T) {
 		{Name: "string", KeyUID: keyUID2 + "2"},
 		{Name: "string", KeyUID: keyUID2 + "3"},
 	}
-	expected := `[{"name":"string","timestamp":100,"identicon":"data","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0xdeadbeef","images":[{"keyUid":"0xdeadbeef","type":"large","uri":"data:image/png;base64,iVBORw0KGgoAAAANSUg=","width":240,"height":300,"fileSize":1024,"resizeTarget":240,"clock":0},{"keyUid":"0xdeadbeef","type":"thumbnail","uri":"data:image/jpeg;base64,/9j/2wCEAFA3PEY8MlA=","width":80,"height":80,"fileSize":256,"resizeTarget":80,"clock":0}]},{"name":"string","timestamp":10,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef","images":null},{"name":"string","timestamp":0,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef2","images":null},{"name":"string","timestamp":0,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef3","images":[{"keyUid":"0x1337beef3","type":"large","uri":"data:image/png;base64,iVBORw0KGgoAAAANSUg=","width":240,"height":300,"fileSize":1024,"resizeTarget":240,"clock":0},{"keyUid":"0x1337beef3","type":"thumbnail","uri":"data:image/jpeg;base64,/9j/2wCEAFA3PEY8MlA=","width":80,"height":80,"fileSize":256,"resizeTarget":80,"clock":0}]}]`
+	expected := `[{"name":"string","timestamp":100,"identicon":"data","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0xdeadbeef","images":[{"keyUid":"0xdeadbeef","type":"large","uri":"data:image/png;base64,iVBORw0KGgoAAAANSUg=","width":240,"height":300,"fileSize":1024,"resizeTarget":240,"clock":0},{"keyUid":"0xdeadbeef","type":"thumbnail","uri":"data:image/jpeg;base64,/9j/2wCEAFA3PEY8MlA=","width":80,"height":80,"fileSize":256,"resizeTarget":80,"clock":0}],"kdfIterations":3200},{"name":"string","timestamp":10,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef","images":null,"kdfIterations":3200},{"name":"string","timestamp":0,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef2","images":null,"kdfIterations":3200},{"name":"string","timestamp":0,"identicon":"","colorHash":null,"colorId":0,"keycard-pairing":"","key-uid":"0x1337beef3","images":[{"keyUid":"0x1337beef3","type":"large","uri":"data:image/png;base64,iVBORw0KGgoAAAANSUg=","width":240,"height":300,"fileSize":1024,"resizeTarget":240,"clock":0},{"keyUid":"0x1337beef3","type":"thumbnail","uri":"data:image/jpeg;base64,/9j/2wCEAFA3PEY8MlA=","width":80,"height":80,"fileSize":256,"resizeTarget":80,"clock":0}],"kdfIterations":3200}]`

 	for _, a := range testAccs {
 		require.NoError(t, db.SaveAccount(a))
--- a/multiaccounts/migrations/bindata.go
+++ b/multiaccounts/migrations/bindata.go
@ -9,6 +9,7 @@
 // 1648646095_image_clock.down.sql (939B)
 // 1648646095_image_clock.up.sql (69B)
 // 1649317600_add_color_hash.up.sql (201B)
+// 1660238799_accounts_kdf.up.sql (115B)
 // doc.go (74B)

 package migrations
@ -29,7 +30,7 @@ import (
 func bindataRead(data []byte, name string) ([]byte, error) {
 	gz, err := gzip.NewReader(bytes.NewBuffer(data))
 	if err != nil {
-		return nil, fmt.Errorf("read %q: %v", name, err)
+		return nil, fmt.Errorf("read %q: %w", name, err)
 	}

 	var buf bytes.Buffer
@ -37,7 +38,7 @@ func bindataRead(data []byte, name string) ([]byte, error) {
 	clErr := gz.Close()

 	if err != nil {
-		return nil, fmt.Errorf("read %q: %v", name, err)
+		return nil, fmt.Errorf("read %q: %w", name, err)
 	}
 	if clErr != nil {
 		return nil, err
@ -258,6 +259,26 @@ func _1649317600_add_color_hashUpSql() (*asset, error) {
 	return a, nil
 }

+var __1660238799_accounts_kdfUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\xf4\x09\x71\x0d\x52\x08\x71\x74\xf2\x71\x55\x48\x4c\x4e\xce\x2f\xcd\x2b\x29\x56\x70\x74\x71\x51\x70\xf6\xf7\x09\xf5\xf5\x53\xc8\x4e\x49\xf3\x2c\x49\x2d\x4a\x2c\xc9\xcc\xcf\x2b\x56\xf0\xf4\x0b\x51\xf0\xf3\x0f\x51\xf0\x0b\xf5\xf1\x51\x70\x71\x75\x73\x0c\xf5\x09\x51\x30\x36\x32\x30\xb0\xe6\x0a\x0d\x70\x71\x0c\x41\x32\x23\xd8\x35\x04\x4d\xb3\x2d\x54\x25\x20\x00\x00\xff\xff\x37\x9c\xbc\xd5\x73\x00\x00\x00")
+
+func _1660238799_accounts_kdfUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1660238799_accounts_kdfUpSql,
+		"1660238799_accounts_kdf.up.sql",
+	)
+}
+
+func _1660238799_accounts_kdfUpSql() (*asset, error) {
+	bytes, err := _1660238799_accounts_kdfUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1660238799_accounts_kdf.up.sql", size: 115, mode: os.FileMode(0664), modTime: time.Unix(1661173104, 0)}
+	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdf, 0xe6, 0x7a, 0x69, 0x25, 0x42, 0x3b, 0x9c, 0x20, 0xf5, 0xcb, 0xae, 0xb0, 0xb3, 0x1b, 0x66, 0xc2, 0x5d, 0xd0, 0xc1, 0x59, 0xe8, 0xa9, 0xc5, 0x69, 0x58, 0x8f, 0xae, 0xe6, 0xd1, 0x4c, 0x53}}
+	return a, nil
+}
+
 var _docGo = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x2c\xc9\xb1\x0d\xc4\x20\x0c\x05\xd0\x9e\x29\xfe\x02\xd8\xfd\x6d\xe3\x4b\xac\x2f\x44\x82\x09\x78\x7f\xa5\x49\xfd\xa6\x1d\xdd\xe8\xd8\xcf\x55\x8a\x2a\xe3\x47\x1f\xbe\x2c\x1d\x8c\xfa\x6f\xe3\xb4\x34\xd4\xd9\x89\xbb\x71\x59\xb6\x18\x1b\x35\x20\xa2\x9f\x0a\x03\xa2\xe5\x0d\x00\x00\xff\xff\x60\xcd\x06\xbe\x4a\x00\x00\x00")

 func docGoBytes() ([]byte, error) {
@ -369,27 +390,22 @@ func AssetNames() []string {

 // _bindata is a table, holding each asset generator, mapped to its name.
 var _bindata = map[string]func() (*asset, error){
-	"0001_accounts.down.sql": _0001_accountsDownSql,
-
-	"0001_accounts.up.sql": _0001_accountsUpSql,
-
-	"1605007189_identity_images.down.sql": _1605007189_identity_imagesDownSql,
-
-	"1605007189_identity_images.up.sql": _1605007189_identity_imagesUpSql,
-
+	"0001_accounts.down.sql":                            _0001_accountsDownSql,
+	"0001_accounts.up.sql":                              _0001_accountsUpSql,
+	"1605007189_identity_images.down.sql":               _1605007189_identity_imagesDownSql,
+	"1605007189_identity_images.up.sql":                 _1605007189_identity_imagesUpSql,
 	"1606224181_drop_photo_path_from_accounts.down.sql": _1606224181_drop_photo_path_from_accountsDownSql,
-
-	"1606224181_drop_photo_path_from_accounts.up.sql": _1606224181_drop_photo_path_from_accountsUpSql,
-
-	"1648646095_image_clock.down.sql": _1648646095_image_clockDownSql,
-
-	"1648646095_image_clock.up.sql": _1648646095_image_clockUpSql,
-
-	"1649317600_add_color_hash.up.sql": _1649317600_add_color_hashUpSql,
-
-	"doc.go": docGo,
+	"1606224181_drop_photo_path_from_accounts.up.sql":   _1606224181_drop_photo_path_from_accountsUpSql,
+	"1648646095_image_clock.down.sql":                   _1648646095_image_clockDownSql,
+	"1648646095_image_clock.up.sql":                     _1648646095_image_clockUpSql,
+	"1649317600_add_color_hash.up.sql":                  _1649317600_add_color_hashUpSql,
+	"1660238799_accounts_kdf.up.sql":                    _1660238799_accounts_kdfUpSql,
+	"doc.go":                                            docGo,
 }

+// AssetDebug is true if the assets were built with the debug flag enabled.
+const AssetDebug = false
+
 // AssetDir returns the file names below a certain
 // directory embedded in the file by go-bindata.
 // For example if you run go-bindata on data/... and data contains the
@ -431,16 +447,17 @@ type bintree struct {
 }

 var _bintree = &bintree{nil, map[string]*bintree{
-	"0001_accounts.down.sql":                            &bintree{_0001_accountsDownSql, map[string]*bintree{}},
-	"0001_accounts.up.sql":                              &bintree{_0001_accountsUpSql, map[string]*bintree{}},
-	"1605007189_identity_images.down.sql":               &bintree{_1605007189_identity_imagesDownSql, map[string]*bintree{}},
-	"1605007189_identity_images.up.sql":                 &bintree{_1605007189_identity_imagesUpSql, map[string]*bintree{}},
-	"1606224181_drop_photo_path_from_accounts.down.sql": &bintree{_1606224181_drop_photo_path_from_accountsDownSql, map[string]*bintree{}},
-	"1606224181_drop_photo_path_from_accounts.up.sql":   &bintree{_1606224181_drop_photo_path_from_accountsUpSql, map[string]*bintree{}},
-	"1648646095_image_clock.down.sql":                   &bintree{_1648646095_image_clockDownSql, map[string]*bintree{}},
-	"1648646095_image_clock.up.sql":                     &bintree{_1648646095_image_clockUpSql, map[string]*bintree{}},
-	"1649317600_add_color_hash.up.sql":                  &bintree{_1649317600_add_color_hashUpSql, map[string]*bintree{}},
-	"doc.go":                                            &bintree{docGo, map[string]*bintree{}},
+	"0001_accounts.down.sql": {_0001_accountsDownSql, map[string]*bintree{}},
+	"0001_accounts.up.sql": {_0001_accountsUpSql, map[string]*bintree{}},
+	"1605007189_identity_images.down.sql": {_1605007189_identity_imagesDownSql, map[string]*bintree{}},
+	"1605007189_identity_images.up.sql": {_1605007189_identity_imagesUpSql, map[string]*bintree{}},
+	"1606224181_drop_photo_path_from_accounts.down.sql": {_1606224181_drop_photo_path_from_accountsDownSql, map[string]*bintree{}},
+	"1606224181_drop_photo_path_from_accounts.up.sql": {_1606224181_drop_photo_path_from_accountsUpSql, map[string]*bintree{}},
+	"1648646095_image_clock.down.sql": {_1648646095_image_clockDownSql, map[string]*bintree{}},
+	"1648646095_image_clock.up.sql": {_1648646095_image_clockUpSql, map[string]*bintree{}},
+	"1649317600_add_color_hash.up.sql": {_1649317600_add_color_hashUpSql, map[string]*bintree{}},
+	"1660238799_accounts_kdf.up.sql": {_1660238799_accounts_kdfUpSql, map[string]*bintree{}},
+	"doc.go": {docGo, map[string]*bintree{}},
 }}

 // RestoreAsset restores an asset under the given directory.
--- a/multiaccounts/migrations/sql/1660238799_accounts_kdf.up.sql
+++ b/multiaccounts/migrations/sql/1660238799_accounts_kdf.up.sql
@ -0,0 +1,2 @@
+ALTER TABLE accounts ADD COLUMN kdfIterations INT NOT NULL DEFAULT 3200;
+UPDATE accounts SET kdfIterations = 3200;
--- a/multiaccounts/settings/database_test.go
+++ b/multiaccounts/settings/database_test.go
@ -11,6 +11,7 @@ import (
 	"github.com/status-im/status-go/eth-node/types"
 	"github.com/status-im/status-go/multiaccounts/errors"
 	"github.com/status-im/status-go/params"
+	"github.com/status-im/status-go/sqlite"
 )

 var (
@ -68,7 +69,7 @@ func TestClosingsqlDB(t *testing.T) {
 	password := "settings-tests"

 	// Make connection with sql.DB
-	db, err := appdatabase.InitializeDB(testFileName, password)
+	db, err := appdatabase.InitializeDB(testFileName, password, sqlite.ReducedKDFIterationsNumber)

 	// handle removing the test file on any exit
 	defer func() {
@ -93,7 +94,7 @@ func TestClosingsqlDB(t *testing.T) {
 	require.NoError(t, err)

 	// Make another connection with sql.DB
-	db2, err := appdatabase.InitializeDB(testFileName, password)
+	db2, err := appdatabase.InitializeDB(testFileName, password, sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	// Init settings.Database struct using second connection
--- a/node/status_node_rpc_client_test.go
+++ b/node/status_node_rpc_client_test.go
@ -13,6 +13,7 @@ import (
 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/multiaccounts"
 	"github.com/status-im/status-go/params"
+	"github.com/status-im/status-go/sqlite"
 )

 type TestServiceAPI struct{}
@ -26,7 +27,7 @@ func setupTestDB() (*sql.DB, func() error, error) {
 	if err != nil {
 		return nil, nil, err
 	}
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "tests", sqlite.ReducedKDFIterationsNumber)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/protocol/common/message_sender_test.go
+++ b/protocol/common/message_sender_test.go
@ -60,7 +60,7 @@ func (s *MessageSenderSuite) SetupTest() {
 	identity, err := crypto.GenerateKey()
 	s.Require().NoError(err)

-	database, err := sqlite.Open(filepath.Join(s.tmpDir, "sender-test.sql"), "some-key")
+	database, err := sqlite.Open(filepath.Join(s.tmpDir, "sender-test.sql"), "some-key", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	encryptionProtocol := encryption.New(
@ -196,7 +196,7 @@ func (s *MessageSenderSuite) TestHandleDecodedMessagesDatasyncEncrypted() {
 	s.Require().NoError(err)

 	// Create sender encryption protocol.
-	senderDatabase, err := sqlite.Open(filepath.Join(s.tmpDir, "sender.db.sql"), "")
+	senderDatabase, err := sqlite.Open(filepath.Join(s.tmpDir, "sender.db.sql"), "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	senderEncryptionProtocol := encryption.New(
 		senderDatabase,
--- a/protocol/communities/manager_test.go
+++ b/protocol/communities/manager_test.go
@ -38,7 +38,7 @@ type ManagerSuite struct {
 func (s *ManagerSuite) SetupTest() {
 	dbPath, err := ioutil.TempFile("", "")
 	s.NoError(err, "creating temp file for db")
-	db, err := appdatabase.InitializeDB(dbPath.Name(), "")
+	db, err := appdatabase.InitializeDB(dbPath.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.NoError(err, "creating sqlite db instance")
 	err = sqlite.Migrate(db)
 	s.NoError(err, "protocol migrate")
--- a/protocol/communities/persistence_test.go
+++ b/protocol/communities/persistence_test.go
@ -33,7 +33,7 @@ func (s *PersistenceSuite) SetupTest() {
 	dbPath, err := ioutil.TempFile("", "")
 	s.NoError(err, "creating temp file for db")

-	db, err := appdatabase.InitializeDB(dbPath.Name(), "")
+	db, err := appdatabase.InitializeDB(dbPath.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.NoError(err, "creating sqlite db instance")

 	err = sqlite.Migrate(db)
--- a/protocol/communities_messenger_test.go
+++ b/protocol/communities_messenger_test.go
@ -30,6 +30,7 @@ import (
 	"github.com/status-im/status-go/protocol/encryption/multidevice"
 	"github.com/status-im/status-go/protocol/protobuf"
 	"github.com/status-im/status-go/protocol/requests"
+	"github.com/status-im/status-go/protocol/sqlite"
 	"github.com/status-im/status-go/protocol/tt"
 	"github.com/status-im/status-go/waku"
 )
@ -134,7 +135,7 @@ func (s *MessengerCommunitiesSuite) newMessengerWithKey(shh types.Waku, privateK

 	options := []Option{
 		WithCustomLogger(s.logger),
-		WithDatabaseConfig(":memory:", "somekey"),
+		WithDatabaseConfig(":memory:", "somekey", sqlite.ReducedKDFIterationsNumber),
 		WithMultiAccounts(madb),
 		WithAccount(iai.ToMultiAccount()),
 		WithDatasync(),
--- a/protocol/encryption/encryption_multi_device_test.go
+++ b/protocol/encryption/encryption_multi_device_test.go
@ -56,7 +56,7 @@ func setupUser(user string, s *EncryptionServiceMultiDeviceSuite, n int) error {
 		if err != nil {
 			return err
 		}
-		db, err := sqlite.Open(dbPath.Name(), "some-key")
+		db, err := sqlite.Open(dbPath.Name(), "some-key", sqlite.ReducedKDFIterationsNumber)
 		if err != nil {
 			return err
 		}
--- a/protocol/encryption/encryption_test.go
+++ b/protocol/encryption/encryption_test.go
@ -47,7 +47,7 @@ func (s *EncryptionServiceTestSuite) initDatabases(config encryptorConfig) {
 	s.bobDBPath, err = ioutil.TempFile("", "bob.db.sql")
 	s.Require().NoError(err)

-	db, err := sqlite.Open(s.aliceDBPath.Name(), "alice-key")
+	db, err := sqlite.Open(s.aliceDBPath.Name(), "alice-key", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	config.InstallationID = aliceInstallationID
 	s.alice = NewWithEncryptorConfig(
@ -57,7 +57,7 @@ func (s *EncryptionServiceTestSuite) initDatabases(config encryptorConfig) {
 		s.logger.With(zap.String("user", "alice")),
 	)

-	db, err = sqlite.Open(s.bobDBPath.Name(), "bob-key")
+	db, err = sqlite.Open(s.bobDBPath.Name(), "bob-key", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	config.InstallationID = bobInstallationID
 	s.bob = NewWithEncryptorConfig(
--- a/protocol/encryption/multidevice/persistence_test.go
+++ b/protocol/encryption/multidevice/persistence_test.go
@ -28,7 +28,7 @@ type SQLLitePersistenceTestSuite struct {
 func (s *SQLLitePersistenceTestSuite) SetupTest() {
 	os.Remove(dbPath)

-	db, err := sqlite.Open(dbPath, "test-key")
+	db, err := sqlite.Open(dbPath, "test-key", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	s.service = newSQLitePersistence(db)
--- a/protocol/encryption/persistence_keys_storage_test.go
+++ b/protocol/encryption/persistence_keys_storage_test.go
@ -36,7 +36,7 @@ func (s *SQLLitePersistenceKeysStorageTestSuite) SetupTest() {

 	key := "blahblahblah"

-	db, err := sqlite.Open(filepath.Join(dir, "db.sql"), key)
+	db, err := sqlite.Open(filepath.Join(dir, "db.sql"), key, sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	p := newSQLitePersistence(db)
--- a/protocol/encryption/persistence_test.go
+++ b/protocol/encryption/persistence_test.go
@ -29,7 +29,7 @@ func (s *SQLLitePersistenceTestSuite) SetupTest() {
 	dir, err := ioutil.TempDir("", "sqlite-persistence")
 	s.Require().NoError(err)

-	db, err := sqlite.Open(filepath.Join(dir, "db.sql"), "test-key")
+	db, err := sqlite.Open(filepath.Join(dir, "db.sql"), "test-key", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	s.service = newSQLitePersistence(db)
--- a/protocol/encryption/protocol_test.go
+++ b/protocol/encryption/protocol_test.go
@ -41,7 +41,7 @@ func (s *ProtocolServiceTestSuite) SetupTest() {
 	s.Require().NoError(err)
 	bobDBKey := "bob"

-	db, err := sqlite.Open(s.aliceDBPath.Name(), aliceDBKey)
+	db, err := sqlite.Open(s.aliceDBPath.Name(), aliceDBKey, sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.alice = New(
 		db,
@ -49,7 +49,7 @@ func (s *ProtocolServiceTestSuite) SetupTest() {
 		s.logger.With(zap.String("user", "alice")),
 	)

-	db, err = sqlite.Open(s.bobDBPath.Name(), bobDBKey)
+	db, err = sqlite.Open(s.bobDBPath.Name(), bobDBKey, sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.bob = New(
 		db,
--- a/protocol/encryption/sharedsecret/service_test.go
+++ b/protocol/encryption/sharedsecret/service_test.go
@ -32,7 +32,7 @@ func (s *SharedSecretTestSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.path = dbFile.Name()

-	db, err := sqlite.Open(s.path, "")
+	db, err := sqlite.Open(s.path, "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	s.service = New(db, s.logger)
--- a/protocol/ens/persistence_test.go
+++ b/protocol/ens/persistence_test.go
@ -13,7 +13,7 @@ func TestGetENSToBeVerified(t *testing.T) {
 	name := "test.eth"
 	updatedName := "test2.eth"

-	db, err := sqlite.Open(sqlite.InMemoryPath, "")
+	db, err := sqlite.Open(sqlite.InMemoryPath, "", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	err = sqlite.Migrate(db)
--- a/protocol/messenger.go
+++ b/protocol/messenger.go
@ -174,8 +174,9 @@ type mailserverCycle struct {
 }

 type dbConfig struct {
-	dbPath string
-	dbKey  string
+	dbPath          string
+	dbKey           string
+	dbKDFIterations int
 }

 type EnvelopeEventsInterceptor struct {
@ -260,9 +261,9 @@ func NewMessenger(
 		return nil, errors.New("database instance or database path needs to be provided")
 	}
 	if c.db == nil {
-		logger.Info("opening a database", zap.String("dbPath", c.dbConfig.dbPath))
+		logger.Info("opening a database", zap.String("dbPath", c.dbConfig.dbPath), zap.Int("KDFIterations", c.dbConfig.dbKDFIterations))
 		var err error
-		database, err = appdatabase.InitializeDB(c.dbConfig.dbPath, c.dbConfig.dbKey)
+		database, err = appdatabase.InitializeDB(c.dbConfig.dbPath, c.dbConfig.dbKey, c.dbConfig.dbKDFIterations)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to initialize database from the db config")
 		}
--- a/protocol/messenger_config.go
+++ b/protocol/messenger_config.go
@ -114,9 +114,9 @@ func WithCustomLogger(logger *zap.Logger) Option {
 	}
 }

-func WithDatabaseConfig(dbPath, dbKey string) Option {
+func WithDatabaseConfig(dbPath string, dbKey string, dbKDFIterations int) Option {
 	return func(c *config) error {
-		c.dbConfig = dbConfig{dbPath: dbPath, dbKey: dbKey}
+		c.dbConfig = dbConfig{dbPath: dbPath, dbKey: dbKey, dbKDFIterations: dbKDFIterations}
 		return nil
 	}
 }
--- a/protocol/messenger_sync_settings_test.go
+++ b/protocol/messenger_sync_settings_test.go
@ -18,6 +18,7 @@ import (
 	"github.com/status-im/status-go/multiaccounts/settings"
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/protocol/encryption/multidevice"
+	"github.com/status-im/status-go/protocol/sqlite"
 	"github.com/status-im/status-go/protocol/tt"
 	"github.com/status-im/status-go/services/stickers"
 	"github.com/status-im/status-go/waku"
@ -165,7 +166,7 @@ func (s *MessengerSyncSettingsSuite) newMessengerWithKey(shh types.Waku, private

 	options := []Option{
 		WithCustomLogger(s.logger),
-		WithDatabaseConfig(tmpFile.Name(), ""),
+		WithDatabaseConfig(tmpFile.Name(), "", sqlite.ReducedKDFIterationsNumber),
 		WithDatasync(),
 	}
 	return s.newMessengerWithOptions(shh, privateKey, options)
--- a/protocol/messenger_test.go
+++ b/protocol/messenger_test.go
@ -29,6 +29,7 @@ import (
 	"github.com/status-im/status-go/protocol/common"
 	"github.com/status-im/status-go/protocol/protobuf"
 	"github.com/status-im/status-go/protocol/requests"
+	"github.com/status-im/status-go/protocol/sqlite"
 	"github.com/status-im/status-go/protocol/tt"
 	v1protocol "github.com/status-im/status-go/protocol/v1"
 	"github.com/status-im/status-go/waku"
@ -125,7 +126,7 @@ func newMessengerWithKey(shh types.Waku, privateKey *ecdsa.PrivateKey, logger *z

 	options := []Option{
 		WithCustomLogger(logger),
-		WithDatabaseConfig(":memory:", "somekey"),
+		WithDatabaseConfig(":memory:", "somekey", sqlite.ReducedKDFIterationsNumber),
 		WithMultiAccounts(madb),
 		WithAccount(iai.ToMultiAccount()),
 		WithDatasync(),
--- a/protocol/persistence_test.go
+++ b/protocol/persistence_test.go
@ -722,7 +722,7 @@ func openTestDB() (*sql.DB, error) {
 	if err != nil {
 		return nil, err
 	}
-	return sqlite.Open(dbPath.Name(), "")
+	return sqlite.Open(dbPath.Name(), "", sqlite.ReducedKDFIterationsNumber)
 }

 func insertMinimalMessage(p *sqlitePersistence, id string) error {
--- a/protocol/pushnotificationclient/client_test.go
+++ b/protocol/pushnotificationclient/client_test.go
@ -43,7 +43,7 @@ func (s *ClientSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.tmpFile = tmpFile

-	database, err := sqlite.Open(s.tmpFile.Name(), "")
+	database, err := sqlite.Open(s.tmpFile.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.persistence = NewPersistence(database)

--- a/protocol/pushnotificationclient/persistence_test.go
+++ b/protocol/pushnotificationclient/persistence_test.go
@ -38,7 +38,7 @@ func (s *SQLitePersistenceSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.tmpFile = tmpFile

-	database, err := sqlite.Open(s.tmpFile.Name(), "")
+	database, err := sqlite.Open(s.tmpFile.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.persistence = NewPersistence(database)
 }
--- a/protocol/pushnotificationserver/persistence_test.go
+++ b/protocol/pushnotificationserver/persistence_test.go
@ -29,7 +29,7 @@ func (s *SQLitePersistenceSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.tmpFile = tmpFile

-	database, err := sqlite.Open(s.tmpFile.Name(), "")
+	database, err := sqlite.Open(s.tmpFile.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.persistence = NewSQLitePersistence(database)
 }
--- a/protocol/pushnotificationserver/server_test.go
+++ b/protocol/pushnotificationserver/server_test.go
@ -43,7 +43,7 @@ func (s *ServerSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.tmpFile = tmpFile

-	database, err := sqlite.Open(s.tmpFile.Name(), "")
+	database, err := sqlite.Open(s.tmpFile.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)
 	s.persistence = NewSQLitePersistence(database)

--- a/protocol/sqlite/db.go
+++ b/protocol/sqlite/db.go
@ -14,16 +14,11 @@ import (
 	mvdsmigrations "github.com/vacp2p/mvds/persistenceutil"
 )

-// The default number of kdf iterations in sqlcipher (from version 3.0.0)
-// https://github.com/sqlcipher/sqlcipher/blob/fda4c68bb474da7e955be07a2b807bda1bb19bd2/CHANGELOG.md#300---2013-11-05
-// https://www.zetetic.net/sqlcipher/sqlcipher-api/#kdf_iter
-const defaultKdfIterationsNumber = 64000 // nolint: deadcode,varcheck,unused
-
 // The reduced number of kdf iterations (for performance reasons) which is
 // currently used for derivation of the database key
 // https://github.com/status-im/status-go/pull/1343
 // https://notes.status.im/i8Y_l7ccTiOYq09HVgoFwA
-const reducedKdfIterationsNumber = 3200
+const ReducedKDFIterationsNumber = 3200

 const InMemoryPath = ":memory:"

@ -37,8 +32,8 @@ type MigrationConfig struct {

 // Open opens or initializes a new database for a given file path.
 // MigrationConfig is optional but if provided migrations are applied automatically.
-func Open(path, key string) (*sql.DB, error) {
-	return openAndMigrate(path, key, reducedKdfIterationsNumber)
+func Open(path, key string, kdfIterationNumber int) (*sql.DB, error) {
+	return openAndMigrate(path, key, kdfIterationNumber)
 }

 // OpenInMemory opens an in memory SQLite database.
--- a/protocol/sqlite/db_test.go
+++ b/protocol/sqlite/db_test.go
@ -17,7 +17,7 @@ func TestOpen(t *testing.T) {
 	dbPath := filepath.Join(dir, "db.sql")

 	// Open the db for the first time.
-	db, err := openAndMigrate(dbPath, "some-key", reducedKdfIterationsNumber)
+	db, err := openAndMigrate(dbPath, "some-key", ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	// Insert some data.
@ -30,7 +30,7 @@ func TestOpen(t *testing.T) {
 	// Open again with different key should fail
 	// because the file already exists and it should not
 	// be recreated.
-	_, err = openAndMigrate(dbPath, "different-key", reducedKdfIterationsNumber)
+	_, err = openAndMigrate(dbPath, "different-key", ReducedKDFIterationsNumber)
 	require.Error(t, err)
 }

@ -40,7 +40,7 @@ func TestOpen(t *testing.T) {
 // then execute again, and we should be all migrated.
 func TestCommunitiesMigrationDirty(t *testing.T) {
 	// Open the db for the first time.
-	db, err := open(InMemoryPath, "some-key", reducedKdfIterationsNumber)
+	db, err := open(InMemoryPath, "some-key", ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	// Create a communities table, so that migration will fail
@ -88,7 +88,7 @@ func TestCommunitiesMigrationDirty(t *testing.T) {
 // dirty to false and then execute again, and we should be all migrated.
 func TestCommunitiesMigrationNotDirty(t *testing.T) {
 	// Open the db for the first time.
-	db, err := open(InMemoryPath, "some-key", reducedKdfIterationsNumber)
+	db, err := open(InMemoryPath, "some-key", ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	// Create a communities table, so that migration will fail
--- a/protocol/transport/transport_test.go
+++ b/protocol/transport/transport_test.go
@ -16,7 +16,7 @@ func TestNewTransport(t *testing.T) {
 	dbPath, err := ioutil.TempFile("", "transport.sql")
 	require.NoError(t, err)
 	defer os.Remove(dbPath.Name())
-	db, err := sqlite.Open(dbPath.Name(), "some-key")
+	db, err := sqlite.Open(dbPath.Name(), "some-key", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	logger := tt.MustCreateTestLogger()
--- a/protocol/verification/persistence_test.go
+++ b/protocol/verification/persistence_test.go
@ -26,7 +26,7 @@ func (s *PersistenceSuite) SetupTest() {
 	dbPath, err := ioutil.TempFile("", "")
 	s.NoError(err, "creating temp file for db")

-	db, err := sqlite.Open(dbPath.Name(), "")
+	db, err := sqlite.Open(dbPath.Name(), "", sqlite.ReducedKDFIterationsNumber)
 	s.NoError(err, "creating sqlite db instance")

 	s.db = &Persistence{db: db}
--- a/rpc/client_test.go
+++ b/rpc/client_test.go
@ -14,6 +14,7 @@ import (

 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/params"
+	"github.com/status-im/status-go/sqlite"

 	gethrpc "github.com/ethereum/go-ethereum/rpc"
 )
@ -21,7 +22,7 @@ import (
 func setupTestNetworkDB(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "rpc-network-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "rpc-network-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "rpc-network-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, db.Close())
--- a/rpc/network/network_test.go
+++ b/rpc/network/network_test.go
@ -10,6 +10,7 @@ import (

 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/params"
+	"github.com/status-im/status-go/sqlite"
 )

 var initNetworks = []params.Network{
@ -83,7 +84,7 @@ var initNetworks = []params.Network{
 func setupTestNetworkDB(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-network-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-network-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-network-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, db.Close())
--- a/server/payload_manager_test.go
+++ b/server/payload_manager_test.go
@ -14,6 +14,7 @@ import (

 	"github.com/status-im/status-go/images"
 	"github.com/status-im/status-go/multiaccounts"
+	"github.com/status-im/status-go/protocol/sqlite"
 	"github.com/status-im/status-go/t/utils"
 )

@ -21,11 +22,12 @@ var (
 	password = "password"
 	keyUID   = "0xdeadbeef"
 	expected = multiaccounts.Account{
-		Name:      "cool account",
-		KeyUID:    keyUID,
-		ColorHash: [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}},
-		ColorID:   10,
-		Images:    images.SampleIdentityImages(),
+		Name:          "cool account",
+		KeyUID:        keyUID,
+		ColorHash:     [][]int{{4, 3}, {4, 0}, {4, 3}, {4, 0}},
+		ColorID:       10,
+		Images:        images.SampleIdentityImages(),
+		KDFIterations: sqlite.ReducedKDFIterationsNumber,
 	}
 	account1Hash = []byte{0x8f, 0xba, 0x35, 0x1, 0x2b, 0x9d, 0xad, 0xf0, 0x2d, 0x3c, 0x4d, 0x6, 0xb5, 0x22, 0x2, 0x47, 0xd4, 0x1c, 0xf4, 0x31, 0x2f, 0xb, 0x5b, 0x27, 0x5d, 0x43, 0x97, 0x58, 0x2d, 0xf0, 0xe1, 0xbe}
 	account2Hash = []byte{0x9, 0xf8, 0x5c, 0xe9, 0x92, 0x96, 0x2d, 0x88, 0x2b, 0x8e, 0x42, 0x3f, 0xa4, 0x93, 0x6c, 0xad, 0xe9, 0xc0, 0x1b, 0x8a, 0x8, 0x8c, 0x5e, 0x7a, 0x84, 0xa2, 0xf, 0x9f, 0x77, 0x58, 0x2c, 0x2c}
--- a/services/appmetrics/api_test.go
+++ b/services/appmetrics/api_test.go
@ -9,6 +9,7 @@ import (

 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/appmetrics"
+	"github.com/status-im/status-go/sqlite"

 	"github.com/stretchr/testify/require"
 )
@ -16,7 +17,7 @@ import (
 func setupTestDB(t *testing.T) (*appmetrics.Database, func()) {
 	tmpfile, err := ioutil.TempFile("", "appmetrics-service")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "appmetrics-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "appmetrics-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return appmetrics.NewDB(db), func() {
 		require.NoError(t, db.Close())
--- a/services/browsers/api_test.go
+++ b/services/browsers/api_test.go
@ -9,12 +9,13 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestDB(t *testing.T) (*Database, func()) {
 	tmpfile, err := ioutil.TempFile("", "browsers-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "browsers-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "browsers-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return NewDB(db), func() {
 		require.NoError(t, db.Close())
--- a/services/ens/api_test.go
+++ b/services/ens/api_test.go
@ -14,6 +14,7 @@ import (
 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/params"
 	statusRPC "github.com/status-im/status-go/rpc"
+	"github.com/status-im/status-go/sqlite"
 	"github.com/status-im/status-go/t/utils"
 	"github.com/status-im/status-go/transactions/fake"
 )
@ -21,7 +22,7 @@ import (
 func createDB(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "service-ens-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "service-ens-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "service-ens-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, db.Close())
--- a/services/gif/gif_test.go
+++ b/services/gif/gif_test.go
@ -11,12 +11,13 @@ import (

 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/multiaccounts/accounts"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupSQLTestDb(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "local-notifications-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "local-notifications-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "local-notifications-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, os.Remove(tmpfile.Name()))
--- a/services/local-notifications/database_test.go
+++ b/services/local-notifications/database_test.go
@ -9,12 +9,13 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupAppTestDb(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "local-notifications-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "local-notifications-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "local-notifications-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, os.Remove(tmpfile.Name()))
--- a/services/mailservers/api_test.go
+++ b/services/mailservers/api_test.go
@ -11,12 +11,13 @@ import (
 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/eth-node/types"
 	"github.com/status-im/status-go/protocol/transport"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestDB(t *testing.T) (*Database, func()) {
 	tmpfile, err := ioutil.TempFile("", "mailservers-service")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "mailservers-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "mailservers-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return NewDB(db), func() {
 		require.NoError(t, db.Close())
--- a/services/permissions/api_test.go
+++ b/services/permissions/api_test.go
@ -12,12 +12,13 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestDB(t *testing.T) (*Database, func()) {
 	tmpfile, err := ioutil.TempFile("", "perm-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "perm-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "perm-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return NewDB(db), func() {
 		require.NoError(t, db.Close())
--- a/services/wakuext/api_test.go
+++ b/services/wakuext/api_test.go
@ -26,6 +26,7 @@ import (
 	"github.com/status-im/status-go/multiaccounts"
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/services/ext"
+	"github.com/status-im/status-go/sqlite"
 	"github.com/status-im/status-go/t/helpers"
 	"github.com/status-im/status-go/waku"
 )
@ -126,7 +127,7 @@ func TestInitProtocol(t *testing.T) {
 	tmpdir, err := ioutil.TempDir("", "test-shhext-service-init-protocol")
 	require.NoError(t, err)

-	sqlDB, err := appdatabase.InitializeDB(fmt.Sprintf("%s/db.sql", tmpdir), "password")
+	sqlDB, err := appdatabase.InitializeDB(fmt.Sprintf("%s/db.sql", tmpdir), "password", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)

 	tmpfile, err := ioutil.TempFile("", "multi-accounts-tests-")
@ -188,7 +189,7 @@ func (s *ShhExtSuite) createAndAddNode() {
 	s.Require().NoError(err)
 	nodeWrapper := ext.NewTestNodeWrapper(nil, gethbridge.NewGethWakuWrapper(w))
 	service := New(config, nodeWrapper, nil, nil, db)
-	sqlDB, err := appdatabase.InitializeDB(fmt.Sprintf("%s/%d", s.dir, idx), "password")
+	sqlDB, err := appdatabase.InitializeDB(fmt.Sprintf("%s/%d", s.dir, idx), "password", sqlite.ReducedKDFIterationsNumber)
 	s.Require().NoError(err)

 	tmpfile, err := ioutil.TempFile("", "multi-accounts-tests-")
--- a/services/wallet/saved_addresses_test.go
+++ b/services/wallet/saved_addresses_test.go
@ -10,12 +10,13 @@ import (
 	"github.com/ethereum/go-ethereum/common"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestSavedAddressesDB(t *testing.T) (*SavedAddressesManager, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-saved_addresses-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-saved_addresses-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-saved_addresses-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return &SavedAddressesManager{db}, func() {
 		require.NoError(t, db.Close())
--- a/services/wallet/token_test.go
+++ b/services/wallet/token_test.go
@ -10,12 +10,13 @@ import (
 	"github.com/ethereum/go-ethereum/common"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestTokenDB(t *testing.T) (*TokenManager, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-token-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-token-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-token-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return &TokenManager{db, nil, nil}, func() {
 		require.NoError(t, db.Close())
--- a/services/wallet/transaction_test.go
+++ b/services/wallet/transaction_test.go
@ -12,12 +12,13 @@ import (

 	"github.com/status-im/status-go/appdatabase"
 	"github.com/status-im/status-go/services/wallet/bigint"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestTransactionDB(t *testing.T) (*TransactionManager, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-transactions-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return &TransactionManager{db, nil, nil, nil, nil}, func() {
 		require.NoError(t, db.Close())
--- a/services/wallet/transfer/block_test.go
+++ b/services/wallet/transfer/block_test.go
@ -10,12 +10,13 @@ import (

 	"github.com/ethereum/go-ethereum/common"
 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestTransferDB(t *testing.T) (*Block, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-transfer-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return &Block{db}, func() {
 		require.NoError(t, db.Close())
--- a/services/wallet/transfer/database_test.go
+++ b/services/wallet/transfer/database_test.go
@ -12,12 +12,13 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"

 	"github.com/status-im/status-go/appdatabase"
+	"github.com/status-im/status-go/sqlite"
 )

 func setupTestDB(t *testing.T) (*Database, *Block, func()) {
 	tmpfile, err := ioutil.TempFile("", "wallet-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "wallet-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return NewDB(db), &Block{db}, func() {
 		require.NoError(t, db.Close())
--- a/services/web3provider/api_test.go
+++ b/services/web3provider/api_test.go
@ -17,6 +17,7 @@ import (
 	"github.com/status-im/status-go/multiaccounts/settings"
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/services/permissions"
+	"github.com/status-im/status-go/sqlite"
 	"github.com/status-im/status-go/t/utils"
 	"github.com/status-im/status-go/transactions/fake"

@ -27,7 +28,7 @@ import (
 func createDB(t *testing.T) (*sql.DB, func()) {
 	tmpfile, err := ioutil.TempFile("", "provider-tests-")
 	require.NoError(t, err)
-	db, err := appdatabase.InitializeDB(tmpfile.Name(), "provider-tests")
+	db, err := appdatabase.InitializeDB(tmpfile.Name(), "provider-tests", sqlite.ReducedKDFIterationsNumber)
 	require.NoError(t, err)
 	return db, func() {
 		require.NoError(t, db.Close())
--- a/sqlite/sqlite.go
+++ b/sqlite/sqlite.go
@ -7,23 +7,26 @@ import (
 	"os"

 	_ "github.com/mutecomm/go-sqlcipher" // We require go sqlcipher that overrides default implementation
+
+	"github.com/status-im/status-go/protocol/sqlite"
 )

 const (
 	// The reduced number of kdf iterations (for performance reasons) which is
-	// currently used for derivation of the database key
+	// used as the default value
 	// https://github.com/status-im/status-go/pull/1343
 	// https://notes.status.im/i8Y_l7ccTiOYq09HVgoFwA
-	kdfIterationsNumber = 3200
+	ReducedKDFIterationsNumber = 3200
+
 	// WALMode for sqlite.
 	WALMode      = "wal"
 	inMemoryPath = ":memory:"
 )

 // DecryptDB completely removes the encryption from the db
-func DecryptDB(oldPath, newPath, key string) error {
+func DecryptDB(oldPath string, newPath string, key string, kdfIterationsNumber int) error {

-	db, err := openDB(oldPath, key)
+	db, err := openDB(oldPath, key, kdfIterationsNumber)
 	if err != nil {
 		return err
 	}
@ -42,8 +45,7 @@ func DecryptDB(oldPath, newPath, key string) error {
 }

 // EncryptDB takes a plaintext database and adds encryption
-func EncryptDB(unencryptedPath, encryptedPath, key string) error {
-
+func EncryptDB(unencryptedPath string, encryptedPath string, key string, kdfIterationsNumber int) error {
 	_ = os.Remove(encryptedPath)

 	db, err := OpenUnecryptedDB(unencryptedPath)
@ -56,6 +58,10 @@ func EncryptDB(unencryptedPath, encryptedPath, key string) error {
 		return err
 	}

+	if kdfIterationsNumber <= 0 {
+		kdfIterationsNumber = sqlite.ReducedKDFIterationsNumber
+	}
+
 	_, err = db.Exec(fmt.Sprintf("PRAGMA encrypted.kdf_iter = '%d'", kdfIterationsNumber))
 	if err != nil {
 		return err
@ -69,7 +75,7 @@ func EncryptDB(unencryptedPath, encryptedPath, key string) error {
 	return err
 }

-func openDB(path, key string) (*sql.DB, error) {
+func openDB(path string, key string, kdfIterationsNumber int) (*sql.DB, error) {
 	db, err := sql.Open("sqlite3", path)
 	if err != nil {
 		return nil, err
@ -86,6 +92,10 @@ func openDB(path, key string) (*sql.DB, error) {
 		return nil, errors.New("failed to set key pragma")
 	}

+	if kdfIterationsNumber <= 0 {
+		kdfIterationsNumber = sqlite.ReducedKDFIterationsNumber
+	}
+
 	if _, err = db.Exec(fmt.Sprintf("PRAGMA kdf_iter = '%d'", kdfIterationsNumber)); err != nil {
 		return nil, err
 	}
@ -106,8 +116,8 @@ func openDB(path, key string) (*sql.DB, error) {
 }

 // OpenDB opens not-encrypted database.
-func OpenDB(path, key string) (*sql.DB, error) {
-	return openDB(path, key)
+func OpenDB(path string, key string, kdfIterationsNumber int) (*sql.DB, error) {
+	return openDB(path, key, kdfIterationsNumber)
 }

 // OpenUnecryptedDB opens database with setting PRAGMA key.
@ -138,8 +148,12 @@ func OpenUnecryptedDB(path string) (*sql.DB, error) {
 	return db, nil
 }

-func ChangeEncryptionKey(path, key, newKey string) error {
-	db, err := openDB(path, key)
+func ChangeEncryptionKey(path string, key string, kdfIterationsNumber int, newKey string) error {
+	if kdfIterationsNumber <= 0 {
+		kdfIterationsNumber = sqlite.ReducedKDFIterationsNumber
+	}
+
+	db, err := openDB(path, key, kdfIterationsNumber)

 	if err != nil {
 		return err
 @ -1 +1 @@
 .110.3
 .111.0