7heMech

> chacha12 can be used and is very fast,we should worry about key derivation I guess we can salt them, and I don't think we'll have to worry about that.

Okay, so this is what I think: Key Derivation: - When a user enables image encryption, prompt them to input a strong password or passphrase. - Using a robust key...

> @7heMech great feedback. I was thinking in a similar way, but instead of a new password, I think using the `bot token` itself would suffice. It'll also be stronger...

> In addition, chacha20 is faster than AES, unless the device has hardware acceleration, but in general chacha20 is faster(or even chacha12 but no) Fair I enough, I took a...

I've done 0 kotlin development, but maybe I can make a utility class which encrypts and decrypts data + maybe store and get key. So we figured out to use:...

> @jorge2000x @7heMech, your concerns regarding the `bot token` being known to Telegram are valid, but I think even if Telegram happens to collect data from images, we can safely...

@jorge2000x yes, but the token is easily resettable, what if the user accidentally deletes, also I'm talking about salt here, we should do proper derived key from passphrase + id/token...

> I think we can also use the `unique id` i.e. `chat id` as the salt along with a passphrase. Yeah, that's the best move, dunno how I didn't think...