chmike
Crypto Go :we are a research group to help developers build secure applications.
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following. Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows: Location: securecookie.go:166; Broken rule: Constant key in AES; We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.
Hello and thank you very much for what you do and your contribution to the quality of securecookie.
I would be glad to change my code, but your message is not clear. What change would be required to pass your test ?
Also, I would be happy to contact you, but you don't provide any contact reference. I thus can't contact you.
I will not install and run your cryptoGo application on my computer. Sorry about that.
Hello,
Thank you for your feedback. we are just a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language.
We found your great public repository from Github, and hope that the design basis of CryptoGo can help your development work.
The detection principle of CryptoGo are as follows: First, we categorized all the cryptographic algorithms with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications.
The classification results are shown in the following table.
Second, CryptoGo defined 12 rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors.
The rules are shown in the following table.
We wish the above security suggests could truly help you to build secure applications. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply.
Thanks again.
Sincerely,
CryptoGo Team.
------------------ 原始邮件 ------------------ 发件人: "chmike/securecookie" @.>; 发送时间: 2022年8月29日(星期一) 下午3:43 @.>; @.@.>; 主题: Re: [chmike/securecookie] Crypto Go :we are a research group to help developers build secure applications. (Issue #22)
Hello and thank you very much for what you do and your contribution to the quality of securecookie.
I would be glad to change my code, but your message is not clear. What change would be required to pass your test ?
Also, I would be happy to contact you, but you don't provide any contact reference. I thus can't contact you.
I will not install and run your cryptoGo application on my computer. Sorry about that.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
Unfortunately, your response is barely readable. I can't take it seriously. I'll leave you another chance. If you don't make a clear and readable statement of the problem you want to report, I will have to delete your issue. Sorry about that.