Currently, it uses the user-defined password as a key. A key in AES and others is supposed to be indistinguishable from random. A password is obviously not that. That's why key derivation functions like PBKDF2 exist. That allows us to derive a key from a password.
Currently, it uses the user-defined password as a key. A key in AES and others is supposed to be indistinguishable from random. A password is obviously not that. That's why key derivation functions like PBKDF2 exist. That allows us to derive a key from a password.
https://godoc.org/golang.org/x/crypto/pbkdf2
Alternatively, bcrypt.GenerateFromPassword would be good.