Re: [dev] securiy guidance

From: Markus Teich <>
Date: Thu, 08 Mar 2018 14:57:29 +0900 wrote:
> I have to yet read up if it is safe to use
> with a single key, i.e. encrypting n passwords with the same secret
> key.

Make sure to use salting in this case. Otherwise using the same password
for multiple sites/keys would be visible.

You also want to hide the keys themselves to protect your password
storage from profiling attacks. For example encrypt a dictionary that
maps the real key to some randomized filename where the encrypted
password is stored). I've done something like this with horrible shell
scripting and using gpg for encryption:

Received on Thu Mar 08 2018 - 06:57:29 CET

This archive was generated by hypermail 2.3.0 : Thu Mar 08 2018 - 07:00:22 CET