Regarding the Educoder platform mentioned before, the platform is very problematic. It doesn't have any CSP policies, you can input markdown to it, and I discovered this when it rendered images directly from my CDN

Enc keys are deterministic(Argon2, username and password), Sign with private key and store public sign key in keystore UUID is deterministc (Argon2, username and password) Since encryption protects the confidentiality, the attacker doesn't know the