I'm not a crypto expert. (Hugh?)
Most of the crates seem like they are either rust connectors to other
systems (like OpenSSL) or use https://github.com/briansmith/ring (which
follows BoringSSL, which is Google's fork of OpenSSL). On the other hand,
the links suggests that ring is currently failing tests, so ???
What Rust brings to the table, besides safety and speed, is a type system
that could give you a lot more confidence about the correctness of an
algorithm (though I haven't looked at these crates to see if they are
exploiting this potential).
On 3 February 2018 at 23:26, Jamon Camisso via talk <firstname.lastname@example.org> wrote:
> On 2018-02-03 10:28 AM, David Mason via talk wrote:
> > I'd also comment on Rust being an interesting competitor to Go.
> > Rust has better performance, complete statically determined safety
> > (enforced by the type system), no garbage collection, minimal runtime,
> > an active group targeting WebAssembly (i.e. very high performance browser
> > programs). It's what you should be programming in if you think you need
> > Go has a simpler type system and good-enough performance for many
> > applications. It might be what you should be programming in if you need a
> > higher-performance Python (but with a lot fewer libraries).
> > They both interop with C and C++; I think Rust has a richer set of
> > libraries (crates they call them).
> https://github.com/rust-unofficial/awesome-rust#cryptography is what
> scared me off Rust when I was looking at it for a personal project to do
> with TLS certificates a year or so ago. Specifically, the multitude of
> crates for something that's so easy to get wrong made me wary.
> Has the situation changed much in Rust crypto land?
> Cheers, Jamon
> Talk Mailing List
Talk Mailing List