>Hina protects your images posted online or sent to others by encrypting them with a password...
Like just a single word? Why wouldn't that be trivially brute forceable? Since you don't care exactly where the content comes from, why not just use some sort of public key system? There wouldn't be much chance of a MITM in this particular instance and it would simplify things for the user.
Under the hood, we used Argon2i algorithm to derive the secret key from an arbitrary-long password string. We used the term "password" because that's what ordinary people will understand (like, zip uses the same term for their secret keys). In practice, people should choose password that's long enough to prevent brute forcing, just like picking a password for your online accounts.
It's a good idea to use a public key system. But it really confuses new users who has never used PKI before. Nevertheless, we have a key exchange feature built into the app that allows 2 parties to negotiate a shared secret using X25519, for advanced users.
Like just a single word? Why wouldn't that be trivially brute forceable? Since you don't care exactly where the content comes from, why not just use some sort of public key system? There wouldn't be much chance of a MITM in this particular instance and it would simplify things for the user.