g

cry/enc.go

@@ -110,7 +110,8 @@ func (e Enc) Encrypt(plainTextMsg string) (encryptedMsg []byte) {
 	)
 
 	// Encrypt the message and append the ciphertext to the nonce.
-	encrypted := e.aead.Seal(nonce, nonce, msgToEncrypt, nil)
+	// version as additionalData ensures that encryption/decryption will fail if using different versions of `ong/cry`
+	encrypted := e.aead.Seal(nonce, nonce, msgToEncrypt, []byte{version})
 
 	// Append the salt & nonce to encrypted msg.
 	// |salt|nonce|encryptedMsg|
@@ -151,7 +152,7 @@ func (e Enc) Decrypt(encryptedMsg []byte) (decryptedMsg []byte, err error) {
 	}
 
 	// Decrypt the message and check it wasn't tampered with.
-	return aead.Open(nil, nonce, ciphertext, nil)
+	return aead.Open(nil, nonce, ciphertext, []byte{version})
 }
 
 // EncryptEncode is like [Enc.Encrypt] except that it returns a string that is encoded using [base64.RawURLEncoding]

cry/hash.go

@@ -15,7 +15,7 @@ import (
 //   (a) https://github.com/elithrar/simple-scrypt whose license(MIT) can be found here: https://github.com/elithrar/simple-scrypt/blob/v1.3.0/LICENSE
 
 const (
-	// this should be increased every time the parameters passed to [argon2.IDKey] are changed.
+	// this should be incremented every time the parameters passed to [argon2.IDKey] are changed.
 	version   = 2
 	separator = "$"
 
@@ -40,7 +40,7 @@ func Hash(password string) string {
 	// Add version, salt to the derived key.
 	// The salt and the derived key are hex encoded.
 	// NB: We could include the other params(_time, memory, threads) in this serialization.
-	//     But we don't for simplicity & also because those params are hardcoded for each cry version.
+	//     But we don't for simplicity & also because those params are hardcoded for each `ong/cry` version.
 	return fmt.Sprintf(
 		`%d%s%x%s%x`,
 		version,