Comment by stephenr
20 days ago
I was going to make a comment about the irony of a system that seemingly forces users to use generated passwords that also claims "we don't know your password" but then I saw that it's apparently AI coded.
Yeah good luck with that. Authentication code needs AI generated code like a cow needs burger sauce and brioche buns.
Bastion’s cryptography isn’t AI-generated. The system follows well-established cryptographic primitives and protocols: PBKDF2-HMAC-SHA512 for deterministic password derivation, Argon2id for local key stretching, AES-256-GCM for encryption, and Shamir Secret Sharing over a prime field for secret splits. All design decisions are documented, and the code is open-source for verification."