How is the encryption key derived from the secret? Are you using an appropriate key derivation function like pbkdf2, bcrypt, or scrypt, or are you (mis)using a common cryptographic hash? If you are using a password hash, which one, and how many iterations? More generally, is your encryption code documented somewhere?