You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tests are currently limited to 4096-byte messages. This is one of several reasons that callers should (1) split all data into packets sent through the network; (2) put a small global limit on packet length; and (3) separately encrypt and authenticate each packet.
We may want to provide the same advice to callers of this package, and advise them that "small" means "4096 bytes or fewer."
But that's not what it means. Wording like this would give the impression that secretbox doesn't work at all for messages of 8k or 16k size which is obviously wrong. Putting numbers there without any explanation how to arrive at these seems like a bad idea.
DJB's mail to boring-crypto gives the rationale for "small" messages. Link to that, if you must. Also note agl's comments in #17673 and the previous CL addressing this.
While package comments shouldn't be novels, this throwaway word was not
sufficient (and wasn't mirrored in the `box` package).
This change attempts to include more reasoning without using too many
words.
Fixesgolang/go#17673,golang/go#21139
Change-Id: I7fa11e2cd5b8e2010420cc14d784f9b0c65db6d2
Reviewed-on: https://go-review.googlesource.com/35910
Reviewed-by: Russ Cox <rsc@golang.org>
The documentation for secretbox states:
However, it is unclear to a casual reader how small "small" is.
"Validation and Verification" says:
With a link to more explanation here: https://groups.google.com/forum/#!original/boring-crypto/BpUmNMXKMYQ/EEwAIeQdjacJ
We may want to provide the same advice to callers of this package, and advise them that "small" means "4096 bytes or fewer."
The text was updated successfully, but these errors were encountered: