Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/cipher: Examples use an ASCII key #21012

Closed
kevinburke opened this issue Jul 14, 2017 · 2 comments
Closed

crypto/cipher: Examples use an ASCII key #21012

kevinburke opened this issue Jul 14, 2017 · 2 comments

Comments

@kevinburke
Copy link
Contributor

The examples in the crypto/cipher package use ASCII for the encryption key, which limits the range of keys and makes them easier to crack. We should hash a password and use the hash as a key, or just use 16/32 bytes of random data.

(via @FiloSottile who suggested this to me last night).

@kevinburke kevinburke self-assigned this Jul 14, 2017
@bradfitz bradfitz added this to the Go1.10 milestone Jul 14, 2017
@kevinburke
Copy link
Contributor Author

The frequent exhortations to add authentication in these examples are also making me nervous. Authenticating + attaching to the message isn't trivial. Wondering if we should steer people to other primitives instead.

@gopherbot
Copy link

CL https://golang.org/cl/48596 mentions this issue.

@golang golang locked and limited conversation to collaborators Nov 16, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants