How to generate secret with sufficient iterations on device with little CPU power

Solution 1:

However, we have a problem that for storing the user's login password on disk generating a secret

I hope you mean hashing (non-reversible mangle) the password

with something like 50.000 iterations to be reasonably safe
50.000 iterations have to be executed again which takes minutes on the Pi

I'm not sure where/how did you get to the 50k number, but in this case it's important to understand the context/reason. The iterations are intended, if the database is leaked, as a way to slow down options for dictionary or brute-force attacks to find passwords, which tends to be weak (short, simple, reused, known).

Effectively you don't need any iteration if you could ensure the user passwords are secure (long, random) enough.

Indeed on the IoT devices this iteration is tricky, as you cannot compete with hashing farms and tolerable delay (100-300ms) on default servers comes to prohibiting times on low-end devices.

My question is whether anyone has an idea how ... given a CPU with little processing power.

I see two options

• Make the number of iteration reasonable. Yes, it lowers the security margin for brute/dictionary attacks, but you can make up to the level using the strong user passwords
• If the password is intended for authentication to a web application, you could delegate the authentication to a 3rd party service (Azure AD, AWS Cognito, IBM AppId, OAuth0, Okta, ... ), there are plenty of free or not-so-free services.