From f42673568145811347b1ac2ba9e1e0adf0991dd0 Mon Sep 17 00:00:00 2001
From: Christopher Wellons <wellons@nullprogram.com>
Date: Mon, 6 Mar 2017 09:51:37 -0500
Subject: [PATCH] In key derivation, mix passphrase second.

This prevents the shortcut of pre-initializing the hash with the
passphrase. PBKDF2 doesn't have this feature.
---
 README.md     | 6 +++---
 src/enchive.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 4d00439..a6dea7d 100644
--- a/README.md
+++ b/README.md
@@ -44,9 +44,9 @@ and output.
 ### Key management
 
 One of the core features of Enchive is the ability to derive an
-asymmetric key pair from a passphrase (PBKDF2). This means you can
-store your archive key in your brain! To access this feature, use the
-`--derive` (`-d`) option with the `keygen` command.
+asymmetric key pair from a passphrase (PBKDF2-like). This means you
+can store your archive key in your brain! To access this feature, use
+the `--derive` (`-d`) option with the `keygen` command.
 
     $ enchive keygen --derive
 
diff --git a/src/enchive.c b/src/enchive.c
index 0936211..b4bde8c 100644
--- a/src/enchive.c
+++ b/src/enchive.c
@@ -341,8 +341,8 @@ key_derive(const char *passphrase,
     sha256_final(ctx, buf);
     for (i = 0; i < iterations; i++) {
         sha256_init(ctx);
-        sha256_update(ctx, (u8 *)passphrase, len);
         sha256_update(ctx, buf, sizeof(buf));
+        sha256_update(ctx, (u8 *)passphrase, len);
         sha256_final(ctx, buf);
     }
 }