https://bugs.kde.org/show_bug.cgi?id=444252
Mingye Wang <arthur200...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arthur200...@gmail.com --- Comment #2 from Mingye Wang <arthur200...@gmail.com> --- It should be emphasized that Blowfish has not yet been broken at all, and that the way Kwallet uses SHA1 (amateur KDF, essentially) is not attacked either — for now. It is true that SHA1 has been "broken", but Kwallet since 4.13 has been using proper PBKDF2_SHA512. This is not to say moving up to a more commonly used / "modern" pair like AES-scrypt or chacha20-argon2 is useless — more eyes on an algo is always a good thing; rather, any benefit from such a move need to be balanced against additional complexity in data structure and versioning information. -- You are receiving this mail because: You are watching all bug changes.