[xrcltr]

There are a tremendous number of other ways this could be implemented.

Authenticated encryption? GCM? XTS? Salt the CFB? Guard against interblock attacks?

The crypto needs to be completely reworked. This is an asymmetric kek around symmetric encryption, which is done in many other projects.

Half-backed crypto such as this is worse than no crypto at all, as it lulls people into believing they are using a valid cryptographic system. But, the project implements (poorly) a subset of what is needed and pushes the rest into application code - but app writers don't know this and wouldn't know what to implement even if they know of the shortcomings.

Cryptographers see this all the time. People think they invented a new concept but only implemented a well-known design but did it incompletely and with well-known flaws in the crypto. Then, people defend the system, when it would be far easier to use better primitives.