Stop using salt when deriving key from password

nakabonne / pbgopy

Copy and paste between devices

MIT License

807 stars 30 forks source link

Stop using salt when deriving key from password #28

Closed nakabonne closed 3 years ago

nakabonne commented 3 years ago

It's eventually impossible to prevent a dictionary attack even if pbgopy server provides salt every time. It's a waste. I decided to use nil as a salt.