From c0ea3b773d17563f1f51c80ab1a433379a06878d Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Mon, 5 May 2025 23:28:58 +0800
Subject: [PATCH] feat: use nonce, salt 16 bytes

---
 src/hmacutil.rs | 2 +-
 src/pbeutil.rs  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hmacutil.rs b/src/hmacutil.rs
index 4a79503..eb3eb04 100644
--- a/src/hmacutil.rs
+++ b/src/hmacutil.rs
@@ -20,7 +20,7 @@ pub fn hmac_encrypt_from_string(plaintext: &str) -> XResult<String> {
 }
 
 pub fn hmac_encrypt(plaintext: &[u8]) -> XResult<String> {
-    let hmac_nonce: [u8; 8] = random();
+    let hmac_nonce: [u8; 16] = random();
     let aes_gcm_nonce: [u8; 16] = random();
 
     let hmac_key = compute_yubikey_hmac(&hmac_nonce)?;
diff --git a/src/pbeutil.rs b/src/pbeutil.rs
index 38b938f..8dce37b 100644
--- a/src/pbeutil.rs
+++ b/src/pbeutil.rs
@@ -40,7 +40,7 @@ pub fn simple_pbe_decrypt_with_prompt(ciphertext: &str) -> XResult<Vec<u8>> {
 // }
 
 pub fn simple_pbe_encrypt(password: &str, iteration: u32, plaintext: &[u8]) -> XResult<String> {
-    let pbe_salt: [u8; 32] = random();
+    let pbe_salt: [u8; 16] = random();
     let key = simple_pbe_kdf(password, &pbe_salt, iteration)?;
     let aes_gcm_nonce: [u8; 16] = random();