rlittlefield
commented
5 years ago My pypaseto project is functional and last I checked was both parsing and creating tokens that work with the PHP reference spec.
It hasn’t been updated for a while, but it was only made last year, so I’m not sure where it says 6 years.
That said, the only reason I give a warning on using it is that it hasn’t been audited by a security pro. It should be functional enough to use, but I make no claims that there have been enough eyes on it to be free f potential security flaws.
faerics
purificant
paragonie-security
Being interested in using PASETO as Python developer, I googled and found this implementation in Python: https://github.com/purificant/python-paseto by @purificant
Its latest commit is a month ago, while the implementation stated at the site (https://github.com/rlittlefield/pypaseto by @rlittlefield) is inactive for over 6 months.
I'm opening this issue to ensure the new implementation worth adding to the site.
In addition, let me ask about the meaning of a green tick in a table of implementations. I'm completely dumb in cryptography and for me the green tick is equal to Ready for use. Howewer, both of python implementations state that it could be risky to use it. So, does the green tick means The author said they support this version of PASETO or any checking is done?
Thanks in advance for a reply!