diff --git a/UseGroupPasswordThroughAKDF.md b/UseGroupPasswordThroughAKDF.md
new file mode 100644
index 0000000..3536231
--- /dev/null
+++ b/UseGroupPasswordThroughAKDF.md
@@ -0,0 +1,4 @@
+Is this still an open vulnerability?
+
+Use the group password only through a KDF  by sudden6
+<https://github.com/JFreegman/toxcore/pull/27>