rkorzeniec
commented
3 years ago I agree, free to open PR, otherwise I will work on it as soon as the time allows. Thanks for spotting this, much appreciated
Open Rtwena opened 3 years ago
rkorzeniec
commented
3 years ago I agree, free to open PR, otherwise I will work on it as soon as the time allows. Thanks for spotting this, much appreciated
I believe the salt should be different per record (and stored on the record).
The reason for this is so that if two records have the same password and using the same salt, then the encrypted value will be the same.
An attacker could check for records that are using the same password and perform a dictionary attack, as it is likely they are using an insecure password.
For this reason, it would be good to allow the salt to be different per record.