Open jackwherry opened 5 years ago
Solution: use a good password.
Alternatively you can use a Key Derivation Function like PBKDF2 or Scrypt.
This will derive a 'strong' password from the weal password, with the required length in bits
My use of Argon2id in this context should fulfill the same requirements, yes? I think the other person’s concern related to the ease of brute-forcing because the password is used for more than just authentication. Of course, I’m no expert at all, so I’m game for any and all suggestions.
You can see how it works here: https://github.com/jack-the-coder/cryptux/blob/7bf9cca03ad06633819900b5fbb9f06733866372/client/client.go#L29
Using password for authentication and public key crypto for messages is significantly more secure.