Comment 11 for bug 1004845

Dwayne, I'd like your opinion on a slightly different approach than the one you recommended. Your suggestions to use unique salts and IV are much appreciated, and a definite improvement to the approach.

You suggested also encrypting the entire file. Instead of encrypting the entire file, which has substantial compatibility limitations (see https://bitbucket.org/kang/python-keyring-lib/issue/64/new-cryptedfilekeyring-doesnt-follow#comment-1530192). I'd like to retain more granularity in the password file.

Would it be suitable to encrypt each password separately, but have a separate encrypted payload as a reference to validate the user's password when opening the file? This would necessarily mean that several ciphertexts share the same key and one of them has a known plaintext. I seem to recall from my crypto studies that such a situation is potentially less secure, but not necessarily insecure, depending on the algorithm. I'd like your opinion on the approach.