11 mesiacov pred · cde0ce6676
--- a/ISHelp/isetup.xml
+++ b/ISHelp/isetup.xml
@@ -5447,10 +5447,10 @@ DiskSliceSize=1457664
 
				 <keyword value="pbkdf2" />

			
 
				 <setupvalid><tt>pbkdf2</tt><br/>

			
 
				 <tt>pbkdf2/1</tt> through <tt>pbkdf2/2147483647</tt></setupvalid>

			
 
				-<setupdefault><tt>pbkdf2/100000</tt></setupdefault>

			
 
				+<setupdefault><tt>pbkdf2/200000</tt></setupdefault>

			
 
				 <body>

			
 
				 <p>This specifies the key derivation function to use to derive the encryption key from the value of <link topic="setup_password">Password</link>, and optionally its parameters.</p>

			
 
				-<p><tt>pbkdf2</tt> is the PBKDF2-HMAC-SHA256 function with a 128-bit random salt, and optionally allows to increase its number of iterations for extra security. If the number of iterations isn't specified, it defaults to 100000.</p>

			
 
				+<p><tt>pbkdf2</tt> is the PBKDF2-HMAC-SHA256 function with a 128-bit random salt, and optionally allows to increase its number of iterations for extra security. If the number of iterations isn't specified, it defaults to 200000.</p>

			
 
				 <p><b>See also:</b><br/>

			
 
				 <link topic="setup_encryption">Encryption</link>

			
 
				 </p>

			
--- a/Projects/Src/Compiler.SetupCompiler.pas
+++ b/Projects/Src/Compiler.SetupCompiler.pas
@@ -2796,7 +2796,7 @@ begin
 
				       end;

			
 
				     ssEncryptionKeyDerivation: begin

			
 
				         if Value = 'pbkdf2' then

			
 
				-          SetupHeader.EncryptionKDFIterations := 100000

			
 
				+          SetupHeader.EncryptionKDFIterations := 200000

			
 
				         else if Copy(Value, 1, 7) = 'pbkdf2/' then begin

			
 
				           I := StrToIntDef(Copy(Value, 8, Maxint), -1);

			
 
				           if I < 1 then

			
@@ -7417,7 +7417,7 @@ begin
 
				     NotRecognizedMessagesWarning := True;

			
 
				     UsedUserAreasWarning := True;

			
 
				     SetupHeader.WizardStyle := wsClassic;

			
 
				-    SetupHeader.EncryptionKDFIterations := 100000;

			
 
				+    SetupHeader.EncryptionKDFIterations := 200000;

			
 
				 

			
 
				     { Read [Setup] section }

			
 
				     EnumIniSection(EnumSetupProc, 'Setup', 0, True, True, '', False, False);

			
--- a/whatsnew.htm
+++ b/whatsnew.htm
@@ -83,7 +83,7 @@ For conditions of distribution and use, see <a href="files/is/license.txt">LICEN
 
				 <ul>

			
 
				   <li>Updated the LZMA SDK used by Inno Setup to the latest version, increasing the speed of LZMA and LZMA2 compression and decompression (respectively by 21% and 11% in a test with default settings) without changing the compression ratio. Compression memory requirements have increased by about 4%.</li>

			
 
				   <li>Updated the key derivation function and encryption algorithm used by Inno Setup to PBKDF2-HMAC-SHA256 and XChaCha20 respectively, increasing security. This code is built-in: the separate ISCrypt.dll "encryption module" is no longer used and will be automatically deleted when you update.</li>

			
 
				-  <li>Added <tt>[Setup]</tt> section directive <tt>EncryptionKeyDerivation</tt> to change the number of PBKDF2-HMAC-SHA256 iterations to use from the default of 100000 to another value.</li>

			
 
				+  <li>Added <tt>[Setup]</tt> section directive <tt>EncryptionKeyDerivation</tt> to change the number of PBKDF2-HMAC-SHA256 iterations to use from the default of 200000 to another value.</li>

			
 
				   <li>Replaced all remaining use of MD5 and SHA-1 hashes with SHA-256 hashes, without removing the MD5 and SHA-1 Pascal Scripting and ISPP support functions.</li>

			
 
				   <li>Merged the Inno Setup Preprocessor documentation into the main documentation instead of being separate.</li>

			
 
				   <li>Added a dark mode version of the documentation, automatically used by the Compiler IDE if a dark theme is chosen.</li>