Hacker News new | ask | show | jobs
by mappum 4478 days ago
Sha256 is not a suitable key derivation function. Attackers could then crack the keys pretty easily (now the keys are only as secure as the passphrases). Use something like pbkdf2/bcrypt/scrypt.
1 comments
jude- 4478 days ago
How so? SHA256, pbkdf2, bcrypt, and scrypt are all deterministic--in all cases, I can get your key if I know your secret (passphrase and salt).

Admittedly, though, using SHA256(passphrase) without a salt to derive a key makes dictionary attacks easier than the others.

link