Hi Stefan,
> So wether this is good practice not, I think it totally depends on the type of app.
I probably didn't explain my point very well. What I mean to say is that
it's tricky to do the crypto right if you want to derive a key from a
passphrase whose hash (bcrypt) you're also storing. This does not depend
on the type of app, it's just a fact of crypto.
And one has to consider that, if there is a false sense of security that
might exist if you think "oh, well this data is encrypted, it's all
good" if there is a weakness in the correlation between the key and the
bcrypted password.
(Mind you, I'm not telling you there's a clear attack, I'm just saying
"danger, you're in a very grey area.")
I do understand the point you're making though, and so to understand it
more thoroughly, I have one question for you: how do you handle a
password change?
> I think this is a pretty common case for many web apps.
I'm not sure it's quite that common, but of course it's nice to
encourage more secure practices.
Another question: are you decrypting in the browser or on the server?
-Ben