webcrypto.dart icon indicating copy to clipboard operation
webcrypto.dart copied to clipboard

Published 20 hours ago verified publisher icon google

Move PBKDF2 derive bits off the main-thread with Isolates

Open HamdaanAliQuatil opened this issue 1 month ago • 2 comments

Part of https://github.com/google/webcrypto.dart/issues/198

This PR offloads computationally expensive PBKDF2 key derivation operations to separate isolates, preventing them from blocking the main isolate. This follows the same pattern already established for RSA key generation operations.

HamdaanAliQuatil avatar Oct 22 '25 14:10 HamdaanAliQuatil

Following advice from https://github.com/google/webcrypto.dart/issues/198#issuecomment-2927810840, I'm trying to understand what makes PBKDF2 key derivation expensive. Reading RFC 2898 section 5.2: is applying PRF iterations times the expensive part?

emersion avatar Nov 11 '25 14:11 emersion

Yes, the expensive part in PBKDF2 is the repeated application of the PRF for each iteration.

RFC 2898 recommended around 1,000 iterations, but that guidance is long obsolete. RFC 8018 mentions that the value should be as large as possible while still acceptable for the user's environment.

In practice, I've seen the iterations reach as high as 600,000 in BitWarden and 650,000 in 1Password. These are the default settings they use, with an option to increase the iterations.

HamdaanAliQuatil avatar Nov 11 '25 15:11 HamdaanAliQuatil