ankane/blind_index

1.0 Plan

ankane opened this issue 6 years ago · 0 comments

ankane commented 6 years ago

edge branch

Breaking

Remove encrypted_ prefix from database fields
Change default encoding to strict base64 (or maybe urlsafe base64)
Make Argon2id the default (4 iterations, 32 MB memory)
[maybe] Higher default costs for other algorithms

Non-breaking

Add option w/ lower costs for less sensitive data - fast: true - (3 iterations, 4 MB memory)
Master key - BLIND_INDEX_MASTER_KEY (key splitting with HKDF) - master_key_v2 branch
Syntactic sugar for rotation keys

Upgrading

Have option to add that uses old settings - legacy: true
Have instructions for how to optionally rotate