the long explanation is here: link to StackExchange

TL;DR SHA-256 was not meant as key derivation function and has some bad properties (e.g. it is too fast).

Thanks for your comment, I agree, however the point of this library was Android version of https://github.com/Gurpartap/aescrypt

I'll update the readme within something like... For better and just as simple API check out [java-aes-crypto(https://github.com/tozny/java-aes-crypto)