From df3fdc26a01a20c3568b824f4f15f9b56a2f3db3 Mon Sep 17 00:00:00 2001 From: Wim Date: Sat, 2 Mar 2019 13:04:28 +0100 Subject: Use whatsapp forks (#750) --- vendor/golang.org/x/crypto/blowfish/cipher.go | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'vendor/golang.org/x/crypto/blowfish') diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go index 2641dadd..213bf204 100644 --- a/vendor/golang.org/x/crypto/blowfish/cipher.go +++ b/vendor/golang.org/x/crypto/blowfish/cipher.go @@ -3,6 +3,14 @@ // license that can be found in the LICENSE file. // Package blowfish implements Bruce Schneier's Blowfish encryption algorithm. +// +// Blowfish is a legacy cipher and its short block size makes it vulnerable to +// birthday bound attacks (see https://sweet32.info). It should only be used +// where compatibility with legacy systems, not security, is the goal. +// +// Deprecated: any new system should use AES (from crypto/aes, if necessary in +// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from +// golang.org/x/crypto/chacha20poly1305). package blowfish // import "golang.org/x/crypto/blowfish" // The code is a port of Bruce Schneier's C implementation. -- cgit v1.2.3