“You must move your framework to libsodium instead of using the OS crypto because it’s better” “How?” “It just is because everyone else uses it” “Everyone?” “yea”
-
-
Replying to @blowdart @notameadow and
I can give you concrete reasons why it's better than the OS crypto. Which OS are you using?
1 reply 0 retweets 1 like -
Replying to @CiPHPerCoder @blowdart and
For Windows, the Crypto API defaults to RSA with PKCS1v1.5 padding for public key encryption. Libsodium gives you Curve25519 + AEAD. You want AEAD.https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken …
2 replies 0 retweets 1 like -
Replying to @CiPHPerCoder @blowdart and
The security foot-guns built into RSA encryption with PKCS#1 v1.5 padding (the Windows default) are well-documented too: https://robotattack.org/
2 replies 0 retweets 0 likes -
Replying to @CiPHPerCoder @notameadow and
You think we should change defaults on taking a new library? Let me introduce you to compat. Also no, another dependency is never good.
1 reply 0 retweets 0 likes -
Replying to @blowdart @notameadow and
I have made zero arguments about what you should or should not do in any project, I'm explaining why libsodium is better than the OS crypto in more specific terms than "it just is".
1 reply 0 retweets 0 likes -
Replying to @CiPHPerCoder @blowdart and
I would argue that dependency arguments are more nuanced than "always vs. never". I'll accept "generally not good", but that doesn't mean "never good".
1 reply 0 retweets 0 likes -
Replying to @CiPHPerCoder @blowdart and
If an external dependency is undesirable, maybe implementing a compatible API but totally in-house is called for? :P
1 reply 0 retweets 0 likes -
Replying to @CiPHPerCoder @blowdart and
It's slower....pic.twitter.com/2Sy9vwkOuz
1 reply 0 retweets 0 likes -
Huh? I would think Microsoft, of all companies, would have the resources available to write an optimized implementation of the language they created and maintain. If not, they could always ask
@jedisct1 to do consulting work for them or something?2 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.