https://bugs.kde.org/show_bug.cgi?id=444252
Mingye Wang <arthur200...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arthur200...@gmail.com
--- Comment #2 from Mingye Wang <arthur200...@gmail.com> ---
It should be emphasized that Blowfish has not yet been broken at all, and that
the way Kwallet uses SHA1 (amateur KDF, essentially) is not attacked either —
for now. It is true that SHA1 has been "broken", but Kwallet since 4.13 has
been using proper PBKDF2_SHA512. This is not to say moving up to a more
commonly used / "modern" pair like AES-scrypt or chacha20-argon2 is useless —
more eyes on an algo is always a good thing; rather, any benefit from such a
move need to be balanced against additional complexity in data structure and
versioning information.
--
You are receiving this mail because:
You are watching all bug changes.
