-
Hey everybody, I modified const armoredSymmetricEncryptedMessage = await openpgp.encrypt({ message: plaintextMessage, passwords: 'super secret!!' }); and then added the following case to the test suite: suite.add('openpgp.decrypt (symmetric)', wrapAsync(async () => {
const message = await openpgp.readMessage({ armoredMessage: armoredSymmetricEncryptedMessage });
await openpgp.decrypt({ message, passwords: 'super secret!!' });
})); Running the benchmarks yields the following results:
It seems like there is factor ~30 between symmetric and asymmetric decrypt, where asymmetric is faster. I was under the impression that symmetric decryption should be faster than using a public/private key. Am I doing something wrong? Have I misunderstood I'm happy for any pointers! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 7 replies
-
Hello 👋 Password-based encryption has a step where the key is derived from the password, which is intentionally slow, in order to make it harder for attackers to guess the password via a brute-force attack. With asymmetric encryption, this concern doesn't apply as the entropy of the key itself should already be sufficient. If you're very confident that the password you're using has sufficient entropy as well (e.g. it's a randomly generated string of sufficient length, and not something provided by a user) then you can lower |
Beta Was this translation helpful? Give feedback.
Hello 👋 Password-based encryption has a step where the key is derived from the password, which is intentionally slow, in order to make it harder for attackers to guess the password via a brute-force attack. With asymmetric encryption, this concern doesn't apply as the entropy of the key itself should already be sufficient. If you're very confident that the password you're using has sufficient entropy as well (e.g. it's a randomly generated string of sufficient length, and not something provided by a user) then you can lower
openpgp.config.s2kIterationCountByte
to lower this protection and increase the performance.