search

paragonie / constant_time_encoding

Constant-Time Character Encoding in PHP Projects
https://paragonie.com/blog/2016/06/constant-time-encoding-boring-cryptography-rfc-4648-and-you
Other
816 stars 35 forks source link

Why not using libsodium for Constant-time Base64? #39

Open ghost opened 2 years ago

ghost commented 2 years ago

I'm curious if there is any specific reason that you haven't used libsodium for constant-time Base64 generation...

sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);
SharkMachine commented 2 years ago

Using libsodium gives quite a good improvement on performance, it's around 6 times faster. Libsodium methods are constant-time, so there is no reason to discard them.

paragonie-security commented 2 years ago

Correct. This is a pure-PHP implementation, but libsodium's is faster and you should prefer that over ours.

Note: We might want to update our code to just use libsodium's if it's available. This will require some compatibility testing, of course.

i3or1s commented 1 month ago

Any updates on this subject?