Weakness of Fourmilab javascrypt

256-bit key is generated from a passphrase by taking the even-position letters, hashing to create a 128-bit result, taking the odd-position letters, hashing to create a 128-bit result, and concatenating the hashes. Two passphrases which are the same on (say) the even positions will agree on the first 128 of the 256 bits of key, and then on the average 64 of the latter 128 for a total of 192/256 bits, which is horrible. The right way to do it is to use a real 256-bit hash function (SHA-512) ideally iterated a few hundred times to foil brute-force password cracking.