Yep, you are right. If the crypto/label API didn't force a
fixed-length blob (which may be hard to do), it would certainly be
leaking some information.
I was thinking more like timing side channels (if you can force the encryption at will and it isn't fixed time).
The possible security models where you can send data but it's encrypted are not very appealing. For a single application it may be fine (lastpass, or chrome syncing with passphrase), but it's really hard to see how that can be a standard api and remain secure.
The possible security models where you can send data but it's encrypted are not very appealing. For a single application it may be fine (lastpass, or chrome syncing with passphrase), but it's really hard to see how that can be a standard api and remain secure.