Login/Register
PBKDF2 Key Derivation Taking too long
Asked Answered
swiftencryptioncryptographyaespbkdf2
S

0

1

The below swift code works to decrypt encrypted values from my encrypters on Dart, Android and Javascript.

The problem is that that the key derivation takes way too long (~15-20 seconds). This uses CryptoSwift. I realize that a release build would reduce it a lot, but not enough.

Is there a better way to generate the PBKDF2 key? PBKDF2 key derivation is suitably fast on my other platforms @ 10,000+ iterations.

import CryptoSwift

func decryptGCM (cipherTextEnc:String, masterPass:String) -> String {
    do {
        let cipherEncComps = cipherTextEnc.components(separatedBy: "-")
        //      GET ENCRYPTED VALS
        let ivString = cipherEncComps[0]
        print (ivString)
        let saltString = cipherEncComps[1]
        print (saltString)
        let cipherTextString = cipherEncComps[2]
        print (cipherTextString)
        
        //      CREATE SALT (Decode Base64 to UTF8)
        let salt = [UInt8](base64: saltString)
        
        //      CREATE IV (Decode Base64 to UTF8)
        let iv = [UInt8](base64: ivString)
        
        //      CREATE decodedCipherString (Decode Base64 to UTF8)
        let cipherData = [UInt8](base64: cipherTextString)
        
        //      CREATE KEY & DECRYPT
        let password: [UInt8] = Array(masterPass.utf8)
        /* Generate a key from a `password`. Optional if you already have a key */
        
        let key = try PKCS5.PBKDF2(
            password: password,
            salt: salt,
            iterations: 10000,
            keyLength: 32, /* AES-256 */
            variant: .sha256
        ).calculate()
        
        print ("key generated")
        let gcm = GCM(iv: iv, mode: .combined)
        let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
        let cipherTextBytes = try aes.decrypt(cipherData)
        let cipherText = String(decoding: cipherTextBytes, as: UTF8.self)
        print ("cipherTextGenerated")
        return cipherText
    } catch {
        print("CAUGHT!")
        let errorString = "error in key derivation"
        return errorString
    }
}
Salver answered 26/8, 2021 at 2:58 Comment(7)
On what system does it take 15-20 seconds?Eradicate
Don't use a PureSwift implementation, you need to go native. If it is the PBKDF2 that takes so much time you need to update the title of the question.Conlon
Noted. Changed the title and wording to be more specific. I left in the rest of the code to be complete, but if preferable I can remove all but the PBKDF2 code.Salver
iPhone8 S launched with "build and run the current scheme" from XCode.Salver
@MaartenBodewes I have tried to implement common crypto and cannot understand the data types those functions are supposed to be. I keep getting a "type of expression is ambiguous without more context" error.Salver
Uh, I'm not sure that still fits in the org. question: you can always ask a new one as I may not be the expert on that library. Note: for some reason I have a lot of unanswered comments in my SO inbox suddenly, sorry about the delay.Conlon
I ended up using your suggestion. Thanks.Salver

© 2022 - 2024 — McMap. All rights reserved.