pet...@riseup.net wrote:
I have to yet read up if it is safe to use
with a single key, i.e. encrypting n passwords with the same secret
key.
Make sure to use salting in this case. Otherwise using the same password
for multiple sites/keys would be visible.
You also want to hide the keys themselves to protect your password
storage from profiling attacks. For example encrypt a dictionary that
maps the real key to some randomized filename where the encrypted
password is stored). I've done something like this with horrible shell
scripting and using gpg for encryption: https://github.com/schachmat/pkv
--Markus