since the bugtracker team apparently doesnt like discussions regarding how to adress some bugs I open this discussion now.
my point stands as already outlined. argon2 as KDF and AES-GCM or something similar for the crypto. but it's ridiculous that no one really cared about this for NINE YEARS. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security