Users be warned. SHA 256 instead of PBKDF2

Question

Users be warned. SHA 256 instead of PBKDF2

JohnOberhauser opened this issue 6 years ago · 2 comments

The key derivation function in the library is SHA 256. SHA 256 is fast, so deriving the key will be easier than if this library used PBKDF2. This means the encrypted data is extra vulnerable if you have a weak password.

Answer 1 · 2019-04-20T00:27:36.000Z

whoops, meant to type this somewhere else... Too many windows open 🤷‍♂️

Answer 2 · 2019-04-20T03:16:32.000Z

Just to be clear, this library DOES use a proper password-based key derivation function. Thanks for correcting the report :)