Noooo!! Not the precious scan key. 😭 Check mate, silent payment supporters

Don't take tbouma seriously. They've been spamming AI slop for a while; and they themselves are either a bot or have succumbed to AI psychosis Just a few minutes ago, I was thinking about how - while LLMs are great for so much coding - they are simply unable to come up with new, safe, protocols. You've pointed out a good example of that (I have an idea to fix this particular problem, but I don't want to help them 😀)

Derivation of sub keys is often overlooked. And people have tendency to even overlook password kdfs. Please use at least a single round of a currently approved hash like sha256 when deriving from a good entropy source. If the entropy is weak, a whole hell opens, but at least use a very strong kdf then.