Thanks for your feedback! I considered switching to CBC, but didn't find a strong enough reason, since the AES-GCM is safe for encrypting 2^32 times with a randomly generated IV using the CSPRNG provided by the Web Crypto API.
Edit: but yes, I removed the "must" and added further details. Thanks again :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is still wrong:
IV in AES-GCM must be unique but does not need to be random.
IV in AES-CBC must be random.
Thanks for your feedback! I considered switching to CBC, but didn't find a strong enough reason, since the AES-GCM is safe for encrypting 2^32 times with a randomly generated IV using the CSPRNG provided by the Web Crypto API.
Edit: but yes, I removed the "must" and added further details. Thanks again :)