Closed tian3rd closed 1 year ago
sha512
first 32 chars instead for guaranteed security Hashed key is generated with sha256
for quick verification and is stored in the encrypted file, but the real key is hidden and not stored anywhere, so only when the user's passphrase matches the sh256
key in the encrypted file, then we proceed to decrypt the file:
AES
(256 bits / 32 bytes) with the first 32 chars of sha512
Just found out that in the encryption/decryption process, the methods use the hashed key as the real key, and this key is actually stored in the encrypted
.enc.ttl
file in plaintext. This is not right. The right way to do it is to use the original key, but needs to find a way to convert different length to a fixed 32-long in order to useAES
.Convert any key to a unique 32 length key