glm-5.1
67ccfbf928
- Create decisions/ directory with 32 numbered ADRs (ADR-001 through ADR-032) extracted from inline DD/SD/ED/SE decision sections - Create open-questions.md with 16 OQs organized by theme, cross-referenced to ADRs, with status tracking (resolved/open) - Create README.md as architecture index with doc table, ADR table, and lifecycle status definitions (draft/reviewed/stable/deprecated) - Replace inline decision sections in all spec docs with ADR reference tables - Replace inline open questions with OQ references to centralized tracker - Update frontmatter: metagraph-module.md, overview.md, sqlite-host.md → reviewed; schema-evolution.md and encrypted-data.md remain draft - DD1-DD10 → ADR-009 through ADR-018 - D1-D8 → ADR-001 through ADR-008 - SD1-SD5 → ADR-019 through ADR-023 (SD5 folded into ADR-006/008) - ED1-ED5 → ADR-023 through ADR-027 - SE1-SE5 → ADR-028 through ADR-032
26 lines
888 B
Markdown
26 lines
888 B
Markdown
# ADR-025: Password-based encryption via PBKDF2
|
|
|
|
## Status
|
|
|
|
Accepted
|
|
|
|
## Context
|
|
|
|
Encryption can use PBKDF2 key derivation from a password string or direct AES-GCM with raw key bytes. The hub uses password-based encryption.
|
|
|
|
## Decision
|
|
|
|
Use the PBKDF2 pattern for consistency with the hub. The "password" in practice is a base64-encoded 32-byte random key from `generateEncryptionKey()`. PBKDF2 adds security per-encryption (each encryption gets a unique salt), but adds ~100ms latency per operation.
|
|
|
|
If performance becomes an issue, add an `encryptRaw()` function that skips PBKDF2 for raw key inputs.
|
|
|
|
## Consequences
|
|
|
|
- Consistent with hub's crypto implementation
|
|
- ~100ms per encrypt/decrypt due to PBKDF2 iterations
|
|
- v1 key version uses 100,000 PBKDF2 iterations
|
|
- Web Crypto API only — no external crypto dependencies
|
|
|
|
## References
|
|
|
|
- [encrypted-data.md](../encrypted-data.md) |