Dwayne, I'd like your opinion on a slightly different approach than the one you recommended. Your suggestions to use unique salts and IV are much appreciated, and a definite improvement to the approach.
Would it be suitable to encrypt each password separately, but have a separate encrypted payload as a reference to validate the user's password when opening the file? This would necessarily mean that several ciphertexts share the same key and one of them has a known plaintext. I seem to recall from my crypto studies that such a situation is potentially less secure, but not necessarily insecure, depending on the algorithm. I'd like your opinion on the approach.
Dwayne, I'd like your opinion on a slightly different approach than the one you recommended. Your suggestions to use unique salts and IV are much appreciated, and a definite improvement to the approach.
You suggested also encrypting the entire file. Instead of encrypting the entire file, which has substantial compatibility limitations (see https:/ /bitbucket. org/kang/ python- keyring- lib/issue/ 64/new- cryptedfilekeyr ing-doesnt- follow# comment- 1530192). I'd like to retain more granularity in the password file.
Would it be suitable to encrypt each password separately, but have a separate encrypted payload as a reference to validate the user's password when opening the file? This would necessarily mean that several ciphertexts share the same key and one of them has a known plaintext. I seem to recall from my crypto studies that such a situation is potentially less secure, but not necessarily insecure, depending on the algorithm. I'd like your opinion on the approach.