You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The examples in the crypto/cipher package use ASCII for the encryption key, which limits the range of keys and makes them easier to crack. We should hash a password and use the hash as a key, or just use 16/32 bytes of random data.
(via @FiloSottile who suggested this to me last night).
The text was updated successfully, but these errors were encountered:
The frequent exhortations to add authentication in these examples are also making me nervous. Authenticating + attaching to the message isn't trivial. Wondering if we should steer people to other primitives instead.
The examples in the crypto/cipher package use ASCII for the encryption key, which limits the range of keys and makes them easier to crack. We should hash a password and use the hash as a key, or just use 16/32 bytes of random data.
(via @FiloSottile who suggested this to me last night).
The text was updated successfully, but these errors were encountered: