Hello DLang,

I wanted to announce that I have completed the bulk of the work on my Cryptography library for D, SecureD. I was inspired to do this project by Stan Drapkin and his Inferno.NET project, however, the two projects NOT compatible.

GitHub: https://github.com/LightBender/SecureD
DUB: https://code.dlang.org/packages/secured

Design Philosophy

Developer-Friendly Misuse-Resistant API:
One of the largest problems with most cryptography libraries available today is that their API's practically encourage broken implementations.

Safe by design:
Use only safe algorithms with safe modes. Make conservative choices in the implementation

Do no re-implement cryptography algorithms:
Use industry standard libraries instead. SecureD is based on OpenSSL.

Minimal Code:
Keep the code to a minimum. This ensures high-maintainability and eases understanding of the code.

All API's are unittested using D's built in unittests. Any developer can verify the implementation with a simple 'dub test' command. This ensures that the library will perform as advertised.


HASH:                           SHA2-384
HMAC:                           SHA2-384
KDF:                            PBKDF2 (HMAC/SHA2-384)
AEAD Symmetric:                 AES-256-CTR-HMAC384
Asymmetric:                     ECC-P384 (Key Derivation + Sign/Verify with 
RNG:                            System RNG on POSIX and Windows
OTHER:                          Constant Time Equality

Why these Algorithms?

SHA2-384 is as fast as SHA2-512 but it's truncated design serves as an effective defense against length extensions attacks.

AES-256-CTR is an alternative for GCM that offers greater security for cold-stored data when paired with a strong HMAC. GCM use a 96-bit authentication tag where the HMAC tag is a full 384 bits.

Let me know what you think!

Adam Wilson
IRC: LightBender

Reply via email to