Wrong use of cryptographic salt #7
Description
Describe the bug
PwdHash2 incorrectly uses the domain name as salt for the PBKDF2 construction. This means that an attacker knows the salt, allowing her to precompute data structures like rainbow tables for that particular domain.
https://github.com/GWuk/PwdHash2/blob/master/js/hashed-password.js#L44:
forge.pkcs5.pbkdf2(password + salt, realm, iterations, (2 * size / 3) + 16, forge.sha256.create())
The first parameter is the password, the second is the salt. Source: https://github.com/digitalbazaar/forge#pkcs5
Expected behavior
Use the salt as salt. Concatenate master password and realm and use it as password.
As this breaks every password generated using the flawed scheme, it is a good idea to improve the concatenation of master password and realm. The problem with simply concatenating them is that "appletree" + "house.org" == "apple" + "treehouse.org". I'd suggest to use the nul byte (\x00) as delimiter, because it cannot be part of the realm and should be really hard to enter as part of the password.