Open Dhole opened 4 years ago
adria0
commented
4 years ago It seems that sodiumoxide is not going to add this functionality that has been requested for near 5 years, see https://github.com/sodiumoxide/sodiumoxide/issues/85, https://github.com/sodiumoxide/sodiumoxide/issues/165, https://github.com/sodiumoxide/sodiumoxide/pull/343 and https://github.com/sodiumoxide/sodiumoxide/pull/361.
I prefer writing our own kuska-crypto crate #7 option instead forking it
Dhole
commented
4 years ago I prefer writing our own kuska-crypto crate #7 option instead forking it
Sounds good to me! We can keep this issue open until we make the kuska-crypto crate.
adria0
commented
4 years ago What about forking the last version of sodioumoxide repo in this org, adding the changes you made and using it? The current forked version you used have a ugly security advisory:
ID: RUSTSEC-2019-0026
Crate: sodiumoxide
Version: 0.2.4
Date: 2019-10-11
URL: https://rustsec.org/advisories/RUSTSEC-2019-0026
Title: generichash::Digest::eq always return true
Solution: upgrade to >= 0.2.5
Dependency tree:
sodiumoxide 0.2.4
llebout
commented
4 years ago @adria0 they're annoying, we're asking for typesafe libsodium bindings, not arguments on whether libsodium apis are cryptographically safe or not. smh.
sodiumoxidez was the fork I made of sodiumoxide that adds the functions to convert from ed25519 to curve25519 which in the original sodiumoxide, but it's implemented in libsodium. Maybe instead of using a fork we should solve this via the kuska-crypto crate? Or maybe we could keep sodiumoxidez and move it here?