Is your feature request related to a problem? Please describe.
The current algorithms available to securecookie are susceptible to nonce-reuse issues under certain conditions. I know this is very much on the radar 1,2 of the maintainers, but the effort seems tied to a v2 which I'm not sure of the status of.
Describe the solution you'd like
I'd like for sessions to use a non misuse-resistant algorithm. Options include:
XChaCha20-Poly1305 seems like the best current option. It currently exists in /x/crypto, implements the aead interface, is relatively fast (no AES-NI 😭 ), and is ubiquitous.
Describe alternatives you've considered
Reinvent the wheel and reimplement/fork my own sessions package. Which, you know. Meh.
Of course, I'd be happy to help but didn't want to step on toes if this is part of a larger effort.
Is your feature request related to a problem? Please describe.
The current algorithms available to securecookie are susceptible to nonce-reuse issues under certain conditions. I know this is very much on the radar 1,2 of the maintainers, but the effort seems tied to a v2 which I'm not sure of the status of.
Describe the solution you'd like
I'd like for sessions to use a non misuse-resistant algorithm. Options include:
XChaCha20-Poly1305 seems like the best current option. It currently exists in
/x/crypto, implements the aead interface, is relatively fast (no AES-NI 😭 ), and is ubiquitous.Describe alternatives you've considered
Reinvent the wheel and reimplement/fork my own sessions package. Which, you know. Meh.
Of course, I'd be happy to help but didn't want to step on toes if this is part of a larger effort.