Master password is stored as SHA256 hash (!!!)

[NicolaiSoeborg]

Title says it all.

This is a major security vulnerability.

It seems the author isn't adware of current security standards (i.e. rand() is also used to generate passwords).

Something as important as a password manager shouldn't suffer from such a basic mistake.

[oormicreations]

Its SHA256 salted. Anyhow, please suggest a better way to store the master password.

Issue with rand is noted. The password can be reproduced if exact time of button click is known, but that is highly unlikely.

[fcortes]

Argon2 could be a better alternative for the master password hash function as it was designed precisely for that purpose.

C++11 random functions should be used instead of plain rand(). It is also worth noting that this is a very bad (even potentially dangerous) way to generate a random string and should be updated with high priority. The problem is that the distribution of rand() % N is not necessarily uniform in [0..N-1] as rand() may have a range of size not multiple of N.

Check this video for more information about the use of rand() and better alternatives within the C++ STL.