1. 6

  2. 4

    To generate a secure key, we need a cryptographically secure random number generator. In my implementation, I used the PBKDF2 hashing algorithm, commonly used for hashing passwords. Here, we use the Markdown content as the seed ‘password’.

    Wouldn’t it be better to call Crypto.getRandomValues, which is an actual secure RNG?

    1. 4

      Also this makes it susceptible to attack where somebody can verify note’s content if they suspect that some note has a specific content, as you can reliably generate a key and check whether it decrypts.