search

drand / tlock

Timelock Encryption made practical. The Go `tlock` library and the `tle` cmd line tool home to encrypt towards the future.
Apache License 2.0
510 stars 24 forks source link

Unexport dangerous functions #11

Closed AnomalRoil closed 2 years ago

AnomalRoil commented 2 years ago

Having a null nonce is a very dangerous thing when you're re-using the key, so I would much prefer these to be unexported internal functions. And to comment about having a null nonce being fine beause we're generating a new random key for each encryption.

https://github.com/drand/tlock/blob/1208bcd28b6bdd57c3a4637d80626d0152e05aad/encrypters/aead/aead.go#L16-L38

ardan-bkennedy commented 2 years ago

These can't be unexported since they implement the tlock Encrypter interface. It will be better to implement these in a more practical way. I will add the comment suggested for now until we can talk more about a better implementation.

AnomalRoil commented 2 years ago

Could we have these as /internal packages then?

ardan-bkennedy commented 2 years ago

If we move the encoding and encryption to the app level, this solves the problem.

AnomalRoil commented 2 years ago

Actually this is now solved in #16 too