package: ODF: bump PBKDF2 iteration counts

Given recent elections we need to build a higher wall to keep the
government out of our documents, and we will make the government
pay for it.

These iteration counts were considered appropriate a decade ago.

http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256

We get similar numbers on SandyBridge-E desktop and Haswell i7-4600U laptop:
* with 10k iterations ~20 msec per derivation
* with 100k iterations ~195 msec per derivation
* with 150k iterations ~290 msec per derivation

We can't go too high though because in ODF every package stream gets
its own derived key with a different salt, so a document with embedded
images may need a lot of these.

Change-Id: I6894e71ed399f8c340eff97a9191c8d8419789a6

1 files changed, 2 insertions, 2 deletions

diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx
index 17a6fac66f6b..932a5af4dab6 100644
--- a/package/source/zippackage/ZipPackageStream.cxx
+++ b/package/source/zippackage/ZipPackageStream.cxx
@@ -655,7 +655,7 @@ bool ZipPackageStream::saveChild(
                 uno::Sequence < sal_Int8 > aSalt( 16 ), aVector( GetBlockSize() );
                 rtl_random_getBytes ( rRandomPool, aSalt.getArray(), 16 );
                 rtl_random_getBytes ( rRandomPool, aVector.getArray(), aVector.getLength() );
-                sal_Int32 nIterationCount = 1024;
+                sal_Int32 const nPBKDF2IterationCount = 100000;
 
                 if ( !m_bHaveOwnKey )
                 {
@@ -665,7 +665,7 @@ bool ZipPackageStream::saveChild(
 
                 setInitialisationVector ( aVector );
                 setSalt ( aSalt );
-                setIterationCount ( nIterationCount );
+                setIterationCount(nPBKDF2IterationCount);
             }
 
             // last property is digest, which is inserted later if we didn't have