Securely distributing passwords and salts that will be derived by client programs

I am creating a client-server architecture running on top of the KCP protocol in Go. The package for KCP that I’m using is KCP-Go ( The package supports packet-level encryption and FEC. To use the packet-level encryption feature, I need to generate an AES key. Following the latest OWASP recommendations for securely storing passwords and keys, this is what I’ve done thus far:

  • I have generated a 64-byte password and salt.
  • I pass that to PBKDF2, using (600000 * num_cpus) rounds, and requesting a 32-byte key.

Now I am wondering how to exactly securely distribute this key. At this time, I start up another TCP server and allow clients to connect. When they do, I send them the password, salt, number of iterations, and checksum hashes for those three to ensure they’re not tampered with, and allow the client to perform key derivation. My question is: Is this method of distribution actually secure, or should I find some other way (i.e. using public keys)? If there is a more secure method to allow clients and the server to communicate, what should I do instead? I should note that when clients and servers send messages to one another a hash of the message is included along with the message to allow clients to verify the messages validity (I’m using SHAKE256). The hash funciton used during key derivation is BLAKE2B (though I have thought about using Argon2).

wp-config leaked, how to change salts

define(‘SECURE_AUTH_KEY’, define(‘AUTH_KEY’,

This is what my wp-config.php file contains And I saw from access logs It was accessed about 20 times from other ips.

What to do? Can they compromise my wp data?

Are there any restrictions for bath salts (magnesium flakes) in hand luggage flying within Europe?

In some sources it is written that you can carry bath salts:

  • Carrying powder-type stuff in carry on – problems?
  • Banned on board: Christmas gifts you can’t take on a flight:

Bath bombs are also allowed, but call them ‘bath salts’ in the airport, to avoid any misunderstandings at security!

But there are opposite articles:

  • Transport Canada to ban large containers of bath salts and baby powder in carry-on luggage
  • ryanair hand luggage restrictions – NON-LIQUID toiletries:

Returning from Nantes to Edinburgh yesterday on Ryanair, my 200g canister of sea salts for a foot bath was confiscated. I knew there was a 100 ml limit on liquids, obviously, but I can’t find any information on the Ryanair site which mentions any restrictions on non-liquid toiletries.

The guy said I should have decanted the salts into two 100 ml bottles. I offered to decant them into two plastic bags, but he said it was the size of the container that counted, not the contents.

Do you have any experience with bath salts / magnesium flakes in hand luggage flying within Europe? If it is allowed, what’s the limit for hand luggage?