tweak definition of iteration count

panda/src/express/config_express.cxx

@@ -99,7 +99,8 @@ config_express.GetInt("encryption-key-length", 0);
 // a key when encrypting.  Its purpose is to make it computationally
 // more expensive for an attacker to search the key space
 // exhaustively.  This should be a multiple of 1,000 and should not
-// exceed about 65 million.  This value is used only to control
+// exceed about 65 million; the value 0 indicates just one application
+// of the hashing algorithm.  This value is used only to control
 // encryption; the correct count will automatically be selected on
 // decryption.
 const int encryption_iteration_count =

panda/src/express/encryptStreamBuf.cxx

@@ -131,7 +131,7 @@ open_read(istream *source, bool owns_source, const string &password) {
   result =
     PKCS5_PBKDF2_HMAC_SHA1((const char *)password.data(), password.length(),
                            (unsigned char *)iv.data(), iv.length(), 
-                           count * iteration_count_factor, 
+                           count * iteration_count_factor + 1, 
                            key_length, key);
   nassertv(result > 0);
 
@@ -232,7 +232,7 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
   unsigned char *key = (unsigned char *)alloca(key_length);
   result =
     PKCS5_PBKDF2_HMAC_SHA1((const char *)password.data(), password.length(),
-                           iv, iv_length, count * iteration_count_factor,
+                           iv, iv_length, count * iteration_count_factor + 1,
                            key_length, key);
   nassertv(result > 0);