[alfongj]

Would e2ee really be guaranteed if a user sets an 8 char password? Because if so an attacker with control of the server could brute forcedly decrypt the encryption key, and in turn all DB contents for a user, no?

Apologies if this is covered somewhere in the docs, but I couldn’t find it.

[j-berman]

We use scrypt for password hashing. From the scrypt paper (which keep in mind is assuming hardware from 2002, and isn't assuming an attacker is using ASICs which have been developed since then), the estimated cost of hardware to brute force guess an 8 char password in 1 year is $4.8 million with our chosen parameters. [1]

Ultimately we strongly recommend that developers using the end-to-end encryption mode of Userbase recommend their users use a password manager, since losing their password means losing their data (and we try to make this extremely clear to any developers using Userbase via the admin panel and docs). A password manager randomly generating passwords makes this a non-issue.

But alas, we do recognize not everyone will, which is where scrypt comes in to play.

[1](pg. 14): https://www.tarsnap.com/scrypt/scrypt.pdf

[cperciva]

From the scrypt paper (which keep in mind is assuming hardware from 2002, and isn't assuming an attacker is using ASICs which have been developed since then)

Just to be clear, the scrypt paper assumes attackers use ASICs fabricated with 2002-era technology. Obviously there weren't any scrypt ASICs in 2002; but I was able to estimate what their performance and cost would have been.

[j-berman]

Should have been clearer, thank you!

And thank you for the algorithm!