Open fingon opened 3 days ago
For clarity, you're referring to the "Cipher Selection" portion of the README?
This is definitely stale, it dates back over 11 years to when transcrypt was first released. The world has moved on since then, though macOS compatibility somehow remains a pain. It's unfortunate that installing an up-to-date OpenSSL version with Homebrew would break use of that cipher.
No-one has expressed interest in – or problems with – using GCM mode in the years since I've been the maintainer of this project. I'm tempted to remove that section of the README altogether, although perhaps rewriting it to simply acknowledge that transcrypt does not avoid the malleability problem would be better. What do you think?
On 14 - Sonoma (= 2023 version):
fwiw homebrew installation of current openssl doesn't support aes-gcm; system LibreSSL one does though:
Having said that, I think having a default which just 'works most likely' is probably better than having the results authenticated (with caveats about where it works).