From 4aea3e7135a1945dc183e3c0d9180cbed2ed6ba7 Mon Sep 17 00:00:00 2001 From: Joe Tsai Date: Mon, 13 Nov 2017 13:48:49 -0800 Subject: [PATCH] hash: document that the encoded state may contain input in plaintext The cryptographic checksums operate in blocks of 64 or 128 bytes, which means that the last 128 bytes or so of the input may be encoded in its original (plaintext) form as part of the state. Document this so users do not falsely assume that the encoded state carries no reversible information about the input. Change-Id: I823dbb87867bf0a77aa20f6ed7a615dbedab3715 Reviewed-on: https://go-review.googlesource.com/77372 Reviewed-by: Brad Fitzpatrick --- src/hash/hash.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/hash/hash.go b/src/hash/hash.go index da2007877a..62cf6a4518 100644 --- a/src/hash/hash.go +++ b/src/hash/hash.go @@ -14,6 +14,8 @@ import "io" // encoding.BinaryUnmarshaler interfaces. Marshaling a hash implementation // allows its internal state to be saved and used for additional processing // later, without having to re-write the data previously written to the hash. +// The hash state may contain portions of the input in its original form, +// which users are expected to handle for any possible security implications. // // Compatibility: Any future changes to hash or crypto packages will endeavor // to maintain compatibility with state encoded using previous versions. -- 2.48.1