Skip to content

Commit

Permalink
doc: addresses #339 concerns regarding an insecure demontration
Browse files Browse the repository at this point in the history
  • Loading branch information
@alextekartik
alextekartik committed Jan 31, 2024
1 parent 8394266 commit 5b02bf2
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion sembast_test/lib/encrypt_codec.dart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,16 @@ Uint8List _randBytes(int length) {
List<int>.generate(length, (i) => _random.nextInt(256)));
}

/// FOR DEMONSTRATION PURPOSES ONLY -- THIS IMPLEMENTATION IS INSECURE!
/// FOR DEMONSTRATION PURPOSES ONLY -- do not use in production as-is!
///
/// This is a demonstration on how to bring encryption to sembast, but it is an
/// insecure implementation. The encryption is unauthenticated,
/// the password conversion to bytes is underpowered (password hashes like
/// bcyrpt, scrypt, argon2id, and pbkdf2 are some examples of correct algorithms),
/// and the random bytes generator doesn't use a cryptographically secure source
/// of randomness.
///
/// See https://github.com/tekartik/sembast.dart/pull/339 for more information
///
/// Generate an encryption password based on a user input password
///
Expand Down

0 comments on commit 5b02bf2

Please sign in to comment.