Closed untitaker closed 7 years ago
Rust-Crypto isn't abandoned, but it has been badly ignored and for that I apologize.
That being said, Rust-Crypto is still very experimental and has not had anything resembling the amount of security review of something like sodiumoxide. If security is important to you, there are good reasons you might want to consider using that library anyway.
rust-crypto is definetly abandoned: https://www.reddit.com/r/rust/comments/5xaecf/is_rustcrypto_abandoned/
I know, and I thought about dropping it as a dependency. It's mostly doable, with the exception of bcrypt -- I still don't know of a good pure-Rust replacement. Perhaps I could move the rust-crypto version in-tree.
I'll leave this closed, but I'm going to open a tracking issue for migration from rust-crypto to independent crates.
https://www.reddit.com/r/rust/comments/46s75m/rustcrypto_apparently_abandonned_alternatives/
sodiumoxide seems to be the only option, but it already exposes a secure API