Seeking SLOW encrypt/decrypt method or library

Question

I'm trying to protect data that a user submits on a series of notecards. The encryption/decryption will (hopefully) occur in-browser, so the user controls as much of the securing process as possible.

I found an AES library (https://github.com/mdp/gibberish-aes) which is awesome. Unfortunately, I'm relying on users to create the encryption key, so I would like a MUCH slower algorithm. There are many hashing libraries (like PHPPass for PHP), but I need something bi-directional.

I'm open to other ideas, as well. I just need to find a solution.

Answer 1

You're mixing up the encryption algorithm with key derivation. You don't want your encryption algorithm to be slow, as AES isn't at risk for brute forcing with proper keys.

Presumably since you say "users create the encryption key", you mean it's a scheme using passwords for keys? PBKDF2 is the recommended approach, and is approved by NIST in SP800-132

Since you have this tagged Javascript, it looks like crypto-js supports PBKDF2

When you get a password/passphrase from the user, you'll want to generate a salt and derive the actual AES key from PBKDF2. It doesn't need to be bi-directional, in that the same inputs (password, salt, and number of rounds) will always generate the same key.

Note that not even this is a properly designed cryptosystem. You shouldn't use AES without CBC or CTR mode, and you still need to MAC your data (or use GCM, which will take care of both).