I recently went through the exercise of putting together a crate for session-based user authentication and in doing that decided to use ring for HMAC. (I did this without thinking too much about it, since I've previously used ring in other projects.)
However, axum-extra (used for axum-sessions) uses the cookie crate which in turn uses the hmac crate. Previously, it looks like cookie used ring but it's unclear why the decision was made to move away from ring.
I should point out that this is not my area of expertise. I've chosen ring previously based on the apparent consensus that it's one of the premiere cryptographic crates with the primary difference between ring and the RustCrypto family being that parts of ring are not implemented in Rust (e.g. ring derives from BoringSSL).
I recently went through the exercise of putting together a crate for session-based user authentication and in doing that decided to use
ringfor HMAC. (I did this without thinking too much about it, since I've previously usedringin other projects.)However,
axum-extra(used foraxum-sessions) uses thecookiecrate which in turn uses thehmaccrate. Previously, it looks likecookieusedringbut it's unclear why the decision was made to move away fromring.I should point out that this is not my area of expertise. I've chosen
ringpreviously based on the apparent consensus that it's one of the premiere cryptographic crates with the primary difference betweenringand the RustCrypto family being that parts ofringare not implemented in Rust (e.g.ringderives from BoringSSL).