adds explicit SECURITY.md

seanwatters · Jan 31, 2024 · e03f23d · e03f23d
1 parent 3b81abd
commit e03f23d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security
+
+*THIS CODE HAS NOT BEEN AUDITED OR REVIEWED. USE AT YOUR OWN RISK.*
+
+**WARNING:** the AES256 content key encryption implementation may currently be vulnerable to side-channel
+timing attacks due to my lack of expertise as it relates to how much (if anything) the timing of the block
+allocations reveals about the underlying bytes being allocated. There is *a* way to do this
+correctly, it will just need to be reviewed.