Consider libsodium / sodium_compat for modern public-key crypto

laminas / laminas-crypt

Strong cryptography tools and password hashing

https://docs.laminas.dev/laminas-crypt/

BSD 3-Clause "New" or "Revised" License

39 stars 24 forks source link

Consider libsodium / sodium_compat for modern public-key crypto #4

Closed weierophinney closed 3 years ago

weierophinney commented 4 years ago

https://github.com/paragonie/sodium_compat#cryptography-primitives-provided

Zend\Crypt users interested in modern ECC may want to see sodium_compat adopted in the near future. In particular, public-key encryption via ParagonIE_Sodium_Compat::crypto_box_seal() and digital signatures via ParagonIE_Sodium_Compat::crypto_sign_detached().

I would, however, wait until sodium_compat has been audited first: https://github.com/paragonie/sodium_compat/issues/8

Originally posted by @paragonie-scott at https://github.com/zendframework/zend-crypt/issues/43

weierophinney commented 4 years ago

v1.0.1 is out, the notes from v1.0.0 are a must read before weighing whether or not to use it.

Originally posted by @paragonie-scott at https://github.com/zendframework/zend-crypt/issues/43#issuecomment-307533002

paragonie-security commented 4 years ago

We'd like to add that a lot of changes (including better support for 32-bit platforms) have landed since v1.0.0. The latest version is v1.12.2, which has been adopted by WordPress without major issue.

weierophinney commented 3 years ago

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee. If you have a security issue, please follow our security reporting guidelines. If you wish to take on the role of maintainer, please nominate yourself