Hacker News new | past | comments | ask | show | jobs | submit login

What I find concerning is PKDBF was used, even https://en.wikipedia.org/wiki/PBKDF2 quotes PKDBF1 and PKDBF2,and that is recommended to use PKDBF2. Is there any evidence to show that they indeed rolled their own encryption rather than use a de-facto standard AES algorithm? Or is there something that is missing.



PKDBF is just the password derivation function to better protect the vault against dictionary attacks. The vaults are still encrypted with AES-256.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: