|
|
|
|
|
|
by nknighthb
4268 days ago
|
|
|
And then reflect on the fact that you're still using a joke of a "KDF". SHA256 1001 times? Really? (And it doesn't even so much as have provision for upping the number of iterations!) Like TFA says, don't roll your own crypto. GnuPG exists for a reason. |
|
|
http://iacr.org/archive/fse2007/45930168/45930168.pdf
And of course there's ciphertext malleability attacks as it's not using authenticated encryption