From 645a6d6ddf67a3bac9f1a4301ea3b2dfeed11949 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Mon, 29 Jun 2026 16:50:20 +0000 Subject: [PATCH] fix: V-002 security vulnerability Automated security fix generated by OrbisAI Security --- accounts/scwallet/securechannel.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accounts/scwallet/securechannel.go b/accounts/scwallet/securechannel.go index 1e0230dc45..d8c971e216 100644 --- a/accounts/scwallet/securechannel.go +++ b/accounts/scwallet/securechannel.go @@ -81,7 +81,7 @@ func NewSecureChannelSession(card *pcsc.Card, keyData []byte) (*SecureChannelSes // Pair establishes a new pairing with the smartcard. func (s *SecureChannelSession) Pair(pairingPassword []byte) error { - secretHash := pbkdf2.Key(norm.NFKD.Bytes(pairingPassword), norm.NFKD.Bytes([]byte(pairingSalt)), 50000, 32, sha256.New) + secretHash := pbkdf2.Key(norm.NFKD.Bytes(pairingPassword), norm.NFKD.Bytes([]byte(pairingSalt)), 600000, 32, sha256.New) challenge := make([]byte, 32) if _, err := rand.Read(challenge); err != nil {