LoupVaillant / Monocypher

An easy to use, easy to deploy crypto library
https://monocypher.org
Other
614 stars 80 forks source link

doc: Mention hashing the public keys #232

Closed samuel-lucas6 closed 2 years ago

samuel-lucas6 commented 2 years ago

Closes #230. May need some rewording.

samuel-lucas6 commented 2 years ago

Sorry, not used this before. Thanks @fscoto :)

LoupVaillant commented 2 years ago

@fscoto, yes, we can consider deprecating crypto_key_exchange(). As a high-level construction it’s not good enough, and proper key exchange schemes like X3DH, Noise, even Monokex, end up using crypto_x25519() instead. Also, considering that Monocypher is first and foremost a low level cryptographic library (something I realised years after I released it), I’m not sure this function is even worth replacing. _(The only exception is AEAD, but those are hard to get right, and crypto_lock() is good enough for many actual file formats & network protocols.)_

Deprecation should probably be done in a separate PR. Here’s what I think it involves:

@samuel-lucas6 thanks for your contribution. Looks good to me, I’m squashing & merging (no need to record your false start).

samuel-lucas6 commented 2 years ago

This unfortunately doesn't seem to be formatted properly on the website:

temp

The 'deprecated' page should also probably be capitalised like 'Advanced' and 'Optional':

temp2

LoupVaillant commented 2 years ago

@samuel-lucas6 good catch, thanks. Both issues should be fixed now.

samuel-lucas6 commented 2 years ago

@samuel-lucas6 good catch, thanks. Both issues should be fixed now.

I'm afraid the 'Security Considerations' fix doesn't seem to have worked. I've also noticed the ChaCha20, IETF ChaCha20, and HChaCha20 pages in 'Advanced' and 'Deprecated' haven't got the second 'c' capitalised, which was changed in the text on these pages.

LoupVaillant commented 2 years ago

I'm afraid the 'Security Considerations' fix doesn't seem to have worked.

Refresh with Ctrl+F5, or hold the control key when clicking on the "refresh" button. I have noticed that you often need such deep refreshes to make the fix visible (it’s a CSS fix, not an HTML one).

I've also noticed the ChaCha20, IETF ChaCha20, and HChaCha20 pages in 'Advanced' and 'Deprecated' haven't got the second 'c' capitalised

Oops, I forgot to update the side bar… Fixed now.

samuel-lucas6 commented 2 years ago

Refresh with Ctrl+F5, or hold the control key when clicking on the "refresh" button. I have noticed that you often need such deep refreshes to make the fix visible (it’s a CSS fix, not an HTML one).

Tried that on three browsers, and it sadly didn't work.

One more thing (sorry) is that the 'Home' page link to 'Public Key Cryptography' no longer works.

LoupVaillant commented 2 years ago

the 'Home' page link to 'Public Key Cryptography' no longer works.

Oh, yes, shuffling the pages around broke the link. Correcting now, thanks.

Tried that on three browsers, and it sadly didn't work.

OK, now I'm very, very surprised. Here's what I'm seeing right now:

Screenshot from 2022-02-16 00-13-44

Aren't seeing this result? If not, can you take a look at https://monocypher.org/css/style.css and confirm the presence of the following code?

div.Bd {
    margin: -1.5rem 0 0 1.5rem;
}

Quite hack-ish, but I think that's what most closely imitates the layout on the man page itself (newline, indent, no vertical spacing). I could change the font to fixed size, but hesitated to do so because this is not valid C code.

samuel-lucas6 commented 2 years ago

Aren't seeing this result? If not, can you take a look at https://monocypher.org/css/style.css and confirm the presence of the following code?

Ok that is what I'm seeing, and the CSS is present. I was expecting the last bit to be on one line.