There is no value in a high work order here. An HMAC-SHA256 is used in a single run in most other protocols. If there is a need for a work order, it should be used on the key.

Completion of previous commit

Author: technion

lib/phpSec/Crypt/Crypto.php

@@ -111,7 +111,7 @@ public function encrypt($data, $key) {
     $encrypted['iv']    = base64_encode($iv);                                  /* Initialization vector, just a bunch of randomness. */
     $encrypted['cdata'] = base64_encode(mcrypt_generic($td, $serializedData)); /* The encrypted data. */
     $encrypted['mac']   = base64_encode(                                       /* The message authentication code. Used to make sure the */
-                            $this->pbkdf2($encrypted['cdata'], $key, 1000, 32)  /* message is valid when decrypted. */
+                            $this->pbkdf2($encrypted['cdata'], $key, 1, 32)  /* message is valid when decrypted. */
                           );
     return json_encode($encrypted);
   }
@@ -149,7 +149,7 @@ public function decrypt($data, $key) {
     $block = mcrypt_enc_get_block_size($td);
 
     /* Check MAC. */
-    if(base64_decode($data['mac']) != $this->pbkdf2($data['cdata'], $key, 1000, 32)) {
+    if(base64_decode($data['mac']) != $this->pbkdf2($data['cdata'], $key, 1, 32)) {
       throw new \phpSec\Exception\GeneralSecurityException('Message authentication code invalid');
       return false;
     }