Issue
The anonymization system intentionally reduced PBKDF2 iterations for "speed":
generateAnonymousIdentity in lib/anonymization.ts:35: reduced from 100,000 to 10,000 iterations- Double hashing in
lib/supabase-auth.ts:72: reduced from 50,000 to 5,000 iterations
Why this matters
The anonymization system's security model depends on the PBKDF2 hash being computationally infeasible to brute-force. If an attacker obtains the database (which contains verification_hash and salt), they can attempt to reverse the hash by trying common email patterns:
student@iitbh.ac.inprofessor@iitbh.ac.in- Common name patterns at IIT Bhilai
At 10,000 iterations, this is 10x faster to brute-force than the originally intended 100,000. Combined with the small email space (all IIT Bhilai students), a targeted attack could deanonymize users.
Fix
- Restore 100,000 iterations for
generateAnonymousIdentity
- Restore 50,000 iterations for the double-hash verification
- If speed is a concern, consider client-server split: do the slow hash server-side only
Issue
The anonymization system intentionally reduced PBKDF2 iterations for "speed":
generateAnonymousIdentityinlib/anonymization.ts:35: reduced from 100,000 to 10,000 iterationslib/supabase-auth.ts:72: reduced from 50,000 to 5,000 iterationsWhy this matters
The anonymization system's security model depends on the PBKDF2 hash being computationally infeasible to brute-force. If an attacker obtains the database (which contains
verification_hashandsalt), they can attempt to reverse the hash by trying common email patterns:student@iitbh.ac.inprofessor@iitbh.ac.inAt 10,000 iterations, this is 10x faster to brute-force than the originally intended 100,000. Combined with the small email space (all IIT Bhilai students), a targeted attack could deanonymize users.
Fix
generateAnonymousIdentity