keyslapperdev
commented
3 years ago Getting this fixed should be relatively straight forward using the crypto/rand package. I wouldn't mind making the PR for this.
Closed nakabonne closed 3 years ago
keyslapperdev
commented
3 years ago Getting this fixed should be relatively straight forward using the crypto/rand package. I wouldn't mind making the PR for this.
nakabonne
commented
3 years ago Resolved by https://github.com/nakabonne/pbgopy/pull/11
Currently, it's using an empty nonce for GCM. Anyone can break the encryption trivially if the IV/nonce is reused. We'd better generate an IV at random and then prepend it to the ciphertext.
https://github.com/nakabonne/pbgopy/blob/9e86a266f03feaa369b22e6933687c1a1e704e1e/commands/copy.go#L91-L96