Use PBKDF2 to derive encryption key for passwords.

[claws.git] / doc / src / password_encryption.txt

diff --git a/doc/src/password_encryption.txt b/doc/src/password_encryption.txt
index 4709f557da4946768b2d62f0aa6ccbfeb6a9adc5..50873dc35466ba8e423b82f00c1a168f6954a74f 100644 (file)
--- a/doc/src/password_encryption.txt
+++ b/doc/src/password_encryption.txt
@@ -2,14 +2,9 @@ Unless --with-password-encryption=old is active, account passwords are
 stored encrypted using AES-256-CBC, using following scheme:
 ----------------------------------------------------------------------
 
-Encryption/decryption key is either PASSCRYPT_KEY, or user-selected master passphrase.
-
-We take the digest of the key using SHA-512, which gives us a 64 bytes
-long hash.
-
-The first half of the hash is XORed with the second (1st byte with
-33rd, 2nd with 34th, etc.). This is gives us 32 bytes, which is
-the exact length required for AES-256-CBC.
+Encryption/decryption key is derived from either PASSCRYPT_KEY, or
+user-selected master passphrase, using PBKDF2, using salt from
+'master_passphrase_salt'.
 
 IV for the cipher is filled with random bytes.