this post was submitted on 21 Aug 2023
83 points (98.8% liked)
Unixporn
15364 readers
37 users here now
Unixporn
Submit screenshots of all your *NIX desktops, themes, and nifty configurations, or submit anything else that will make themers happy. Maybe a server running on an Amiga, or a Thinkpad signed by Bjarne Stroustrup? Show the world how pretty your computer can be!
Rules
- Post On-Topic
- No Defaults
- Busy Screenshots
- Use High-Quality Images
- Include a Details Comment
- No NSFW
- No Racism or use of racist terms
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It looks like the key-derivation function used here is just a single iteration of sha256 followed by truncating.
I'm not a security expert, but I'm pretty sure that's insecure.
Consider using PBKDF2 or Argon2.
Gosh, I've really messed up. Fixing immediately, thank you for bring this to my attention -- and I apologize to all y'all.
Again, I'm not a security expert, so maybe your original version was fine for this use case.
But since dedicated password-based key derivation functions exist, you should probably stick to one of those instead of rolling your own.
Thanks for fixing this quickly!