Passwørd Safe File Format
Copyright © 2018 Andy Goryachev
All rights reserved.
This document describes the Passwørd Safe file format version 2.00.00 and above.
Scrypt parameters have been empirically selected to produce a balanced price/performance ratio,
resulting in 16MB RAM and approximately 3 second processing requirements on a 2.7 GHz CPU.
- The source code is only available for qualified reviewers upon request. Yes, perhaps I should open source it.
- Same nonce is used for EAX encryption and generation of encryption key via scrypt. This may or may not be ok.
- Key may be leaked through the nonce since the source code is not available (it isn't, trust me).
- JAR is not signed, and is being distributed via unsecure connection.