Filippo Valsorda’s post on restic’s cryptography pointed out that the Poly1305 key mask used in restic “is pointless, dangerous, and took 45+ minutes to audit.” Filippo said he’ll submit a PR to remove it, but it seems like that never happened. Maybe someone should remove the mask?