On Tue, Sep 30, 2014 at 7:05 AM, Florian Zeitz <flo...@babelmonkeys.de> wrote:
> Is there any particular reason you chose this three projects? > Because I consider it somewhat bad idea to implement cryptographic primitives building on this sort of foundation. > I was rather surprised rust-crypto <https://github.com/DaGenix/rust-crypto> > isn't on your list. rust-crypto is exactly the kind of library that needs these cryptographic primitives. Since it doesn't have them, it's most likely providing implementations that aren't sidechannel resistant, and it doesn't protect data in memory. Perhaps I should test the former empirically empirically with djb's cpucycles library. This is, of course, why I bring up the need for these things now: retrofitting them later will be difficult. > Also > common.rs links to the two projects it was written for: crypto.rs > <https://github.com/seb-m/crypto.rs> and Curve41417.rs > <https://github.com/seb-m/curve41417.rs>, which seem rather interesting > to me. Yes, although they are, again lacking constant time primitives to build on. -- Tony Arcieri
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
