TL;DR : with 2 brute-forcing units : 25 million years ;-)
DB Encryption :
- AES/Rijndael (256-bit key, FIPS 197)
- ChaCha20 (256-bit key, FIPS 7539)
AES/Rijndael vs ChaCha20
==> ChaCha20 is faster than AES on general-purpose CPUs ("modern" CPUs have "AES-specific" instructions (?))
Key Transformation :
The key K derived from the user's composite master key is transformed using a key derivation function with a random salt. This prevents a precomputation of keys and adds a work factor that the user can make as large as desired to increase the computational effort of a dictionary or guessing attack.
key derivation functions :
- AES-KDF : based on iterating AES. The more iterations, the harder are dictionary and guessing attacks, but also database loading/saving takes more time (linearly).
- Argon2 : The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function).