Closed burntout closed 10 years ago
Changed to use AES-CBC with HMAC-SHA1, rather than plain Blowfish ECB for authenticated encryption and associated data ( encrypt then mac )
Server never records the encryption keys now, the url contains the decryption keys, unless a user passphrase is used.
User passphrases are passed through PBKDF2 for improved entropy.
Duress key provides lorem ipsum text.
Changed to use AES-CBC with HMAC-SHA1, rather than plain Blowfish ECB for authenticated encryption and associated data ( encrypt then mac )
Server never records the encryption keys now, the url contains the decryption keys, unless a user passphrase is used.
User passphrases are passed through PBKDF2 for improved entropy.
Duress key provides lorem ipsum text.