27 Nov
2011
27 Nov
'11
8:23 p.m.
On 11/27/2011 04:27 AM, Michael Snoyman wrote:
Hi all,
tl;dr: randomIV is now much faster, API is the same, upgrade ASAP to avoid painful slowdowns.
Version 0.7 of clientsession brought with it a much enhanced encryption and hashing algorithm, courtesy of Felipe Lessa. Beginning with this version, you now need to provide an Initialization Vector (IV) for encrypting cookies, and these IVs need to be randomly generated. To start off with, we simply used the getIVIO[1] function to generate these values. Hi Michael,
It's looking good. BTW, it looks quite similar to what cprng-aes do, which is expected since they are both implementing a AES CTR RNG, but i wonder if it would make sense to merge things together. -- Vincent