Ilia Mirkin

Although maybe in this instance the warning is right? The nonce/iv probably should come from a random source? In this particular case, as it happens, there's a good bit of...

> It should only be random at generation time, and even that could conceivably happen earlier than the first use. For example, even the database engine might generate the random...

Nobody calls Seal + Open in the same function, other than weird examples... and all the cases being flagged here are ones where only one operation is ever done in...

For all uses, I think it's reasonable to check if the SSA value is not an "immediate" or "const" (not sure which nomenclature is used in Go's SSA). i.e. `[]byte{1,2,3}`...

Not flagged (note that I'm skimping on error checking, so perhaps it'll be flagged for that...): ```go func Decrypt(data []byte, key [32]byte) ([]byte, error) { block, _ := aes.NewCipher(key[:32]) gcm,...

@ccojocar Perhaps makes sense to split this into two separate warnings -- one about using a provably non-random IV (i.e. directly initialized with fixed values), and another one about using...