Use better and more recent KDFs

[MarkusZoppelt]

I highly suggest you replace PBKDF2 with Argon2id and SHA1 with SHA256.

PBKDF2 is easier to brute-force and can be accelerated with GPUs.

SHA-1 is broken and basically deprecated at this point.

[mprimi]

I would love to use state-of-the-art KDF, but Argon2 is not part of the W3C APIs that browsers support unfortunately.

So in this case I choose to go with "best encryption I can do in any browser without dependencies" rather than "best encryption available today". It's a conscious tradeoff.

I have no excuses for SHA-1, I should see about upgrading.

Thank you bringing this up!