The key derivation function works like this: The password is hashed with sha256, encrypted x-times with a random key, then the result is concatenated with 16 random bytes and hashed again.
finalKey = sha256(seed || key(sha256(password), iterations, transformSeed)) key(password, 1) = aes256cbc(password, transformSeed, [0, ..., 0]) key(password, iterations) = aes256cbc(key(password, iterations - 1), transformSeed, [0, ..., 0]) with aes256cbc(data, key, iv) iterations is 50000 by default. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1214844 Title: Non-CP1252 characters in passwords are insecure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keepassx/+bug/1214844/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
