hash: document that the encoded state may contain input in plaintext

The cryptographic checksums operate in blocks of 64 or 128 bytes,
which means that the last 128 bytes or so of the input may be encoded
in its original (plaintext) form as part of the state.
Document this so users do not falsely assume that the encoded state
carries no reversible information about the input.

Change-Id: I823dbb87867bf0a77aa20f6ed7a615dbedab3715
Reviewed-on: https://go-review.googlesource.com/77372
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/hash/hash.go b/src/hash/hash.go
index da2007877a47e39e51ce38862c38b5434497abd0..62cf6a45184794d7a796153051d3ce9a602b09b9 100644 (file)
--- a/src/hash/hash.go
+++ b/src/hash/hash.go
@@ -14,6 +14,8 @@ import "io"
 // encoding.BinaryUnmarshaler interfaces. Marshaling a hash implementation
 // allows its internal state to be saved and used for additional processing
 // later, without having to re-write the data previously written to the hash.
+// The hash state may contain portions of the input in its original form,
+// which users are expected to handle for any possible security implications.
 //
 // Compatibility: Any future changes to hash or crypto packages will endeavor
 // to maintain compatibility with state encoded using previous versions.