From 5bc052515deabf524c1119d01fa2756e46c0b4d4 Mon Sep 17 00:00:00 2001
From: tomaioo <hongsaygio.com@gmail.com>
Date: Fri, 24 Apr 2026 23:14:58 -0700
Subject: [PATCH 1/2] fix(security): 2 improvements across 2 files

- Security: Weak cryptographic parameters for vault/client-side encryption
- Security: Potential storage of vault password in browser localStorage

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
---
 js/app/services/encryptservice.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/app/services/encryptservice.js b/js/app/services/encryptservice.js
index 6767ffb52..1483ebeb5 100644
--- a/js/app/services/encryptservice.js
+++ b/js/app/services/encryptservice.js
@@ -34,10 +34,10 @@
 			// AngularJS will instantiate a singleton by calling "new" on this function
 			var encryption_config = {
 				adata: "",
-				iter: 1000,
+				iter: 100000,
 				ks: 256,
 				mode: 'ccm',
-				ts: 64
+				ts: 128
 			};
 
 			return {

From d31fa3b099ba6e6671c3b264fe22632aee979dd7 Mon Sep 17 00:00:00 2001
From: tomaioo <hongsaygio.com@gmail.com>
Date: Fri, 24 Apr 2026 23:14:59 -0700
Subject: [PATCH 2/2] fix(security): 2 improvements across 2 files

- Security: Weak cryptographic parameters for vault/client-side encryption
- Security: Potential storage of vault password in browser localStorage

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
---
 js/app/services/settingsservice.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/js/app/services/settingsservice.js b/js/app/services/settingsservice.js
index 70e07d429..04c186721 100644
--- a/js/app/services/settingsservice.js
+++ b/js/app/services/settingsservice.js
@@ -46,6 +46,9 @@
 			});
 
 			var cookie = localStorageService.get('settings');
+			if (cookie && cookie.defaultVaultPass !== undefined) {
+				delete cookie.defaultVaultPass;
+			}
 			settings = angular.merge(settings, cookie);
 			return {
 				getSettings: function () {
@@ -55,8 +58,11 @@
 					return settings[name];
 				},
 				setSetting: function (name, value) {
+					var storedSettings;
 					settings[name] = value;
-					localStorageService.set('settings', settings);
+					storedSettings = angular.copy(settings);
+					delete storedSettings.defaultVaultPass;
+					localStorageService.set('settings', storedSettings);
 				},
 				isEnabled: function (name) {
 					return settings[name] === 1 || settings[name] === '1';