meld-cp
commented
3 years ago Thank you for logging this. Unfortunately, I don't have a good answer to your question. I will look into making this plugin more secure, and in the mean time I have updated the warning section in the readme. This is the best I can do for now but please let me know if you have any suggestions. This is the beauty of open source.
https://github.com/meld-cp/obsidian-encrypt/blob/df595f671f95be4af793529d95ea690851491da7/src/CryptoHelper.ts#L4
As far as I know, fixing the IV like this is a very bad idea. Can you elaborate why this was chosen? I really am not an expert by any means, but forum posts as this https://crypto.stackexchange.com/questions/26790/how-bad-it-is-using-the-same-iv-twice-with-aes-gcm paint a pretty solid picture for me.