|
|
|
|
|
|
by dchest
3900 days ago
|
|
|
If I read it correctly, it stores a bcrypt hash of passphrase in the file for verification, but then goes ahead and uses a salted SHA256 of the passphrase as the encryption key, compromising the whole idea of having computationally hard password hashing. If I'm right, it can easily win the WTF Crypto Award of the month. |
|
|