From 70880803529cb6ac5e13d0a6598eb922d00d1da4 Mon Sep 17 00:00:00 2001
From: komuw <komuw05@gmail.com>
Date: Sat, 14 Sep 2024 20:45:42 +0300
Subject: [PATCH] cry: add important comment on using counters as nonce

---
 cry/enc.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cry/enc.go b/cry/enc.go
index 1c3bce62..3597810b 100644
--- a/cry/enc.go
+++ b/cry/enc.go
@@ -128,6 +128,8 @@ func (e Enc) Encrypt(plainTextMsg string) (encryptedMsg []byte) {
 		// "you can send the nonce in the clear before each message; so long as it's unique. it can even be a counter." - agl
 		// see: https://crypto.stackexchange.com/a/5818
 		//
+		// there are problems if you use a counter as nonce - https://blog.trailofbits.com/2024/09/13/friends-dont-let-friends-reuse-nonces/
+		//
 		// "salt does not need to be secret."
 		// see: https://crypto.stackexchange.com/a/99502
 		e.salt,