There was some recent discussion about KDF for password managers. Bitwarden increased rounds from 100k to 600k for new accounts. But keep in mind, in order to get the encrypted store you either need to authenticate online or steal it from a device that previously authenticated. An attacker needs to bruteforce the master password quickly as the stored password are useless if they are changed. There's layers of security and a limited window of opportunity.
Here, the encrypted document is encouraged to be hosted publicly. There isn't any authentication before the encrypted document is downloaded. If the document remains sensitive long term, then we need to protect it from attack using computers that will exist >10 years from now.
Since this tool doesn't have layered security, and the contents likely remain sensitive long term the single security layer should be stronger.
We can hand wave this and say that the user should pick a strong password or only store minimally sensitive documents but most won't and there's nothing here to inform or encourage them to do so. (Even single character passwords are allowed...)
https://github.com/robinmoisson/staticrypt/blob/5dac008ba644...