How long "digits-only recovery code" is secure enough?
I’m implementing encryption in one of my webextension which will encrypt locally stored data.
I have a single master CryptoKey (AES-GCM) that encrypts everything.
And this master key is then encrypted (using crypto.subtle.wrapKey) with:
u… Continue reading How long "digits-only recovery code" is secure enough?