fix(crypto): SHA-256 KDF with single iteration is weak (HIGH)

[Aamod-Dev]

Description

In lib/crypto.ts at lines 6-12, the Key Derivation Function (KDF) uses SHA-256 with a single iteration:

const key = crypto.createHash('sha256').update(password).digest();

This is effectively equivalent to hashing the password once with SHA-256. For key derivation, this is considered weak because:

• PBKDF2 (with 100,000+ iterations) is the standard for deriving encryption keys from passwords
• bcrypt or scrypt offer built-in salt and work factor
• Single-iteration SHA-256 is trivially brute-forceable if the input entropy is low
• There is no salt, meaning the same password always produces the same key

Impact

HIGH — Weak key derivation reduces the effective security of the encryption. If the environment variable used as input has less than full entropy (e.g., it is a user-chosen password rather than a random key), an attacker who obtains the encrypted data can brute-force the key with minimal computational cost.

The suggested fix (PBKDF2 with high iteration count or a proper key derivation) was partially noted in PR #6147 but remains incomplete.

Location

lib/crypto.ts:6-12

Suggested Fix

Replace the SHA-256 KDF with PBKDF2:

import { pbkdf2Sync } from 'crypto';

const key = pbkdf2Sync(password, salt, 100000, 32, 'sha512');

Where salt is a random value stored alongside the ciphertext, and the iteration count (100,000) follows current best practices. Consider using crypto.randomBytes(16) for the salt on each encryption.

[Abfa41]

/claim

[github-actions]

🎉 Assigned! Welcome to the project, @Abfa41.

⏳ Reminder: You have 2 days to submit a Pull Request. After 2 days of inactivity, you will be automatically unassigned to give others a chance (as per our GSSoC anti-hoarding policy).

💡 Please read CONTRIBUTING.md if you haven't already.

Happy coding! 🚀