Encryption needs to be implemented to help protect user data.
The way the password encryption is designed to work is this. The password sent to the server is hashed using sha512 before it is sent to prevent the server from seeing it. The actual password can then be combined with the encryption salt provided by the server. This prevents the server from peeking at the data, protecting the user. A separate random key is not used to make sure multiple devices with the same user will be able to access the data.
The SQL Thing storage doesn't use a server, however to maintain compatibility it still hashes the password before using pbkdf2_hmac so the password hash will be the same.
Most of the backend database-side is there for this. The encryption salt and encrypted flags are already present. The only reason it wasn't used initially was I had issues installing the cryptographic libraries with Pipenv.
Encryption needs to be implemented to help protect user data.
The way the password encryption is designed to work is this. The password sent to the server is hashed using sha512 before it is sent to prevent the server from seeing it. The actual password can then be combined with the encryption salt provided by the server. This prevents the server from peeking at the data, protecting the user. A separate random key is not used to make sure multiple devices with the same user will be able to access the data.
The SQL Thing storage doesn't use a server, however to maintain compatibility it still hashes the password before using pbkdf2_hmac so the password hash will be the same.
Most of the backend database-side is there for this. The encryption salt and encrypted flags are already present. The only reason it wasn't used initially was I had issues installing the cryptographic libraries with Pipenv.
Edit: Details about encryption security