You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just found out that in the encryption/decryption process, the methods use the hashed key as the real key, and this key is actually stored in the encrypted .enc.ttl file in plaintext. This is not right. The right way to do it is to use the original key, but needs to find a way to convert different length to a fixed 32-long in order to use AES.
Convert any key to a unique 32 length key
Use this secret key to encrypt and decrypt
The text was updated successfully, but these errors were encountered:
Rather than converting to 32 length key, use sha512 first 32 chars instead for guaranteed security
Hashed key is generated with sha256 for quick verification and is stored in the encrypted file, but the real key is hidden and not stored anywhere, so only when the user's passphrase matches the sh256 key in the encrypted file, then we proceed to decrypt the file:
first generate the real key for AES (256 bits / 32 bytes) with the first 32 chars of sha512
Just found out that in the encryption/decryption process, the methods use the hashed key as the real key, and this key is actually stored in the encrypted
.enc.ttl
file in plaintext. This is not right. The right way to do it is to use the original key, but needs to find a way to convert different length to a fixed 32-long in order to useAES
.Convert any key to a unique 32 length keyThe text was updated successfully, but these errors were encountered: