Open tarcieri opened 3 years ago
I'd suggest at least the following are safe to recommend:
aes-gcm
aes-gcm-siv
aes-siv
chacha20poly1305
eax
I don't think there are any algorithms implemented in this repo we should actively recommend people avoid, however some specific thoughts on why not to recommend certain algorithms:
ccm
: obsoleted by eax
I don't think we should actively recommend against CCM as it is popular in the embedded space. However I think there were a number of bad decisions made in the design of CCM which are addressed by EAX. Some of those include:
xsalsa20poly1305
: obsoleted by chacha20poly1305
Note that I plan to introduce generic GCM and SIV crates, making the aes
variants thin wrappers around them.
The aes-gcm
and aes-siv
crates are already generic around a block cipher, as it were.
The idea is to publish them under gcm
and siv
names respectively, to make them consistent with other crates.
Sure, we can do that, although I'd probably suggest trying to tackle https://github.com/RustCrypto/traits/issues/444 first as for at least the aes-gcm
case it requires implementing some specific interactions between e.g. the aes
and ghash
crates.
Following up from https://github.com/RustCrypto/meta/issues/10, this is an issue for discussion potentially adding "recommended" badges to certain algorithms in this repo: