Ross, Felix, David, thanks for the feedback. At least the key derivation function isn't as bad as I feared. It might not be standardized but it isn't obviously bad.
An update to warn about a password that contains non-cp1252 characters feels appropriate to me. (Refusing to use non-cp1252 characters less so, but I don't feel strongly about this.) If one of you does prepare a patch to address this, please do coordinate with the Debian maintainer -- if Debian is the closest there is to upstream, it'd be best to get the patch as high as possible. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1214844 Title: Non-CP1252 characters in passwords are insecure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keepassx/+bug/1214844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs