|
|
|
|
|
|
by some_furry
1972 days ago
|
|
|
This isn't safe to use: https://github.com/tomquirk/zuccnet/blob/42e351e36b3b5dbaef0... 1. Try encrypting a message larger than 256 characters. Even if you somehow succeed, it will fail to decrypt. (My understanding of JS crypto is that it will throw an error if you try.) 2. It lacks forward secrecy. A much better design would be to encrypt with an ephemeral (one-time) 256-bit AES key (using CBC+HMAC), then encrypt the key with RSA. (AES-GCM is probably easier, but if you're worried about message commitment, that's not recommended.) (On sweis's comment about Secret Conversations: I don't trust closed source implementations--and neither do a lot of us on HN, so that's a non-starter. Tell the Facebook team to open source it, with reproducible builds, if you want it to be trusted.) Recommended reading for the author: https://soatok.blog/2020/11/14/going-bark-a-furrys-guide-to-... |
|
|