Comment by seansh

Actually I'm using pbkdf2 with 100000 iterations of sha256 for the encryption, but not for hashing the pass. That will certainly add a few orders of magnitude to the infeasibility of cracking the password hash when the server itself is not to be trusted. I'll implement that and thanks for bringing it to my attention.

But I don't think a strong password can be cracked that quickly. Let's say you use a 12 character long lowercase, uppercase, digits and some specials chars. That should give you at least 60^12 possibilities. At 1BH/s, that would take 70k years. Is my calculation wrong?