SECURITY WARNING
----------------

The passphrase, used to encrypted and decrypt the API key saved in the file 
{appdir}/key.txt, should not be hard coded in the pwd.pas unit. The program 
should start by asking for the passphrase and then use it to recover and
decrypt the salt+API key from the file or to encrypt and save to the file.

Define the directive MORE_SECURE in the pwd.pas unit to query the user
for the passphrase at the start of the application. At the same time,
the SALT constant also in the same unit should be changed. 

I make no representation about the validity of these security measures. 
This is my first venture in the field.

Michel Deslierres 2018/09/10




