[jy-p]

agreed, doing aes-256-cbc with a MAC is not exactly the first thing that comes to mind when it's a clear case for using a pbkdf.

you can probably drive a nail with a screwdriver handle if you try hard enough.

[tptacek]

Not following how PBKDFx and CBC-MAC are comparable primitives.

[mkjones]

I think he's confusing the key-derivation function this article talks about for your "master key" with the MAC-in-JS this particular thread is discussing.

[jy-p]

i wasn't suggesting that they were comparable, rather that in mega's system a pbkdf makes more sense where they chose to use cbc-mac.

without going back and looking at the mega js, i recall it working as follows

password --> CBC-MAC --> master key --> decrypt RSA private key with derived master key

if you're deriving a key from a password, seems to make sense to use a password-based key derivation function.