[pomfpomfpomf3]

So they're using AES in CTR mode for encryption. They encrypt both key (website + login) and value (password) using the same key (wallet private key) and counter (1). [1] Which means you can just bruteforce popular domain names, xor encryptedPass ^ encryptedKey ^ domainName, and get first bytes of the password (depending on domain name length), just by going through some recent TXs at [2].

[1] https://github.com/BlockProject/b-lock/blob/8a19e0b404a8afee...

[2] https://explorer.nebulas.io/#/address/n1qmQeLTUU6fPJMs1uwTad...

[loup-vaillant]

That's exactly the kind of things I was afraid of when they stated that they said "using the AES-256 encryption algorithm."

Well, hopefully this will get better under proper scrutiny.

[GordonS]

> using the same key (wallet private key)

This is a bad idea. They should really be using a DEK.