Also,
> The master password is not stored. An SHA256 salted hash is stored instead.
Have they heard of scrypt or argon2? And they're not using a KDF(!!!!!!) With sha256.
Dear Authors,if you ever read this,please look at: https://cryptopp.com/wiki/Key_Derivation_Function
And
https://cryptopp.com/wiki/RandomNumberGenerator