Not any more than this HN comment [1] and its replies, one of which is mine. It's using golang's own extensions for secretbox [2], a NaCl-secretbox-compatible implementation, and it's adhering to the uniqueness of nonces as far as I can tell [3].
In other words, to my non-crypto-expert eyes, there is no glaring misuse of the "golang.org/x/crypto/nacl/secretbox" API that jumps out at me; I haven't looked at that package to see if it's okay.
In other words, to my non-crypto-expert eyes, there is no glaring misuse of the "golang.org/x/crypto/nacl/secretbox" API that jumps out at me; I haven't looked at that package to see if it's okay.
[1] https://news.ycombinator.com/item?id=12398303#12398727 [2] https://godoc.org/golang.org/x/crypto/nacl/secretbox [3] https://github.com/ncw/rclone/blob/master/crypt/cipher.go