#1830 Memory-hard password-based key derivation function

[Xavier Robin]

As I understand it, KeePass uses AES as a CPU-hard password-based key derivation function to secure the password database.
However there are CPUs that have AES-specific instructions that can make it much easier to break the database (see for instance Intel's AES-NI).

It seems methods like scrypt that are memory-hard (i.e. you need to store (some of) the results of the previous iterations in memory) are getting more and more popular because any dedicated hardware would need potentially huge amounts of memory to crack your password and therefore would be very expensive to build.

I think it would be useful to integrate this kind of idea integrated in KeePass.

[Dominik Reichl]

I already announced that I'm planning to implement the winner of the Password Hashing Competition ( https://password-hashing.net/ ) in
https://sourceforge.net/p/keepass/discussion/329220/thread/06386edb/

Best regards,
Dominik