# Security Policy

## Reporting a Vulnerability

We take security seriously.

If you discover a security vulnerability within Mojic (e.g., in the `CipherEngine` logic or the PRNG implementation), please send an e-mail to **amitdutta4255@gmail.com** or **mail@amit.is-a.dev**. All security vulnerabilities will be promptly addressed.

**Please do not open public issues for security vulnerabilities.**

### Scope
* **Supported:** Issues regarding key derivation, salt collisions, HMAC integrity failures, or stream buffer overflows.
* **Not Supported:** Brute-forcing weak passwords (users are responsible for password strength).