PBKDF2 and why we use 310,000 iterations
Slowing down key derivation protects you from brute force. Here’s how we picked the number.
PBKDF2 repeatedly hashes your password with a salt to produce a key. The iteration count is how many times we do that. More iterations = slower for you (once per unlock or save) and much slower for an attacker trying millions of guesses.
Why 310,000
We want decryption and encryption to feel instant on a typical laptop or phone—under a few hundred milliseconds. We benchmarked and landed on 310k as a balance: noticeable but acceptable delay, and a big cost for anyone brute-forcing. NIST and OWASP guidance often cite 600k+ for PBKDF2-HMAC-SHA256; we’re in the same ballpark and can bump it if hardware gets faster.
Salt is critical
Each note has its own random salt. So an attacker can’t amortize work across notes—they have to run 310k iterations per guess per note. That makes large-scale cracking impractical for strong passwords.