Encrypt OTP code
9876691 opened this issue · 0 comments
9876691 commented
So that if database is visible to an attacker they can't use the OTP codes.
Use the same AES-GCM as actix web. https://crates.io/crates/aes-gcm
This is how rocket do it.
https://github.com/SergioBenitez/cookie-rs/blob/master/src/secure/private.rs#L42