mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-28 16:37:24 +02:00
1.8 KiB
1.8 KiB
Generating random seeds
In order of preference:
head -c32 /dev/urandom | base64
openssl rand -base64 32 | head -c 32 | base64
Encrypting data
TL;DR -- Nonce reuse is a problem. AEAD isn't a clear choice right now.
- AES-GCM-SIV seems to have ideal properties
- random nonces
- ~30% slower encryption
- not maintained by a BigCo
- Fast
- XSalsa20 wutg Poly1305 MAC provides encryption and authentication together
- A newer standard and may not be considered acceptable in environments that require high levels of review. -/+ maintained as an /x/ package
- doesn't use the underlying cipher.AEAD api.
GCM with random nonces
- Fastest
- Go standard library, supported by google $
- Easy to get wrong
- IV reuse is a known weakness so keys must be rotated before birthday attack. NIST SP 800-38D recommends using the same key with random 96-bit nonces (the default nonce length) no more than 2^32 times
Further reading on tradeoffs: