Also, to clarify: My suggestion with `Crypto.encrypt/2` or `Crypto.sign/2` is that if that naming isn't future-proof enough, more specific names like `Crypto.auth_encrypt_cbc/2` could be used.
On Sunday, May 13, 2018 at 7:09:44 PM UTC-4, Griffin Byatt wrote: > > I know the “wrap the Erlang module” proposals are not particularly > popular, and the general consensus is, “make it into a library if you want > it”. However, I think in this case it would be a useful addition to the > Elixir language. Here is my reasoning: > > The Erlang crypto module is not particularly user-friendly, and the > supported ciphers are foot-guns with potentially severe failure modes. > There are a number of libraries that attempt to address this issue, but > they are largely insufficient for general use — i.e offering ECB mode, > unauthenticated CBC, static secrets/IVs, non-constant-time comparisons, > etc. Considering the importance of the subject (and the ease of misuse), I > think a *somewhat* opinionated wrapper could save a lot of heartache. > > Here are some initial ideas: > > * `Crypto.equals(string1, string2)` for constant-time comparisons. > * `Crypto.encrypt(message, secret)` for a default authenticated encryption > - this could also be future-proofed to allow for better ciphers with > something like `Crypto.auth_encrypt_cbc(message, secret)`. > * `Crypto.decrypt(ciphertext, secret)` for decryption. > * `Crypto.sign(message, secret)` for a default symmetric signature. Same > as encryption - for example, `Crypto.sign_sha256` or something like that. > * `Crypto.verify(signed, secret)` for verification. > > Basically, only offer semi-opinionated wrapper functions that will be > closer to default-secure. Like, if you want md5, or ECB, you can go to the > Erlang module, but this way more people will start with the secure choices. > > Would love to hear thoughts on this. Thanks! > > -- You received this message because you are subscribed to the Google Groups "elixir-lang-core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/6b89f863-a787-4f21-a77a-986af144103f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
