Security issue: using HMAC on the passphrase directly is brute-forcable

[mcpherrinm]

I only briefly looked at the code after seeing it on lobste.rs, but it appears that this uses HMAC with a passphrase as the key directly.

If you can get a user to register for 1 website, an attacker can then brute-force HMAC key, and compute the password for all other websites.

Having a human-memorizable passphrase used directly as an hmac key is not secure. If you want to continue on this approach, you must use some kind of password-based key derivation function, such as scrypt.

[sepisoad]

thanks for your advice, I will definitely take it into account