idan/sshwifty-udp-telnet-http
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add warning description about the AES-GCM cipher.

Browse Source
This commit is contained in:
NI
2019-08-07 19:17:56 +08:00
parent 3ab3a8c7cf
commit ebd6a7ad66
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
application/controller/socket.go
View File

@@ -306,6 +306,15 @@ func (s socket) Get(
wsWriter := websocketWriter{Conn: c} wsWriter := websocketWriter{Conn: c}
// Initialize ciphers // Initialize ciphers
//
// WARNING: The AES-GCM cipher is here for authenticating user login. Yeah
// it is overkill and probably not correct. But I eventually decide
// to keep it as long as it authenticates (Hopefully in a safe and
// secured way).
//
// DO NOT rely on this if you want to secured communitcation, in
// that case, you need to use HTTPS.
//
readNonce := [socketGCMStandardNonceSize]byte{} readNonce := [socketGCMStandardNonceSize]byte{}
_, nonceReadErr := io.ReadFull(&wsReader, readNonce[:]) _, nonceReadErr := io.ReadFull(&wsReader, readNonce[:])