The <a href="https://saltpack.org/" rel="nofollow">https://saltpack.org/</a> web-site links to a insightful post about authenticated encryption with associated data (AEAD) and the shortcomings addressed by saltpack: <a href="https://www.imperialviolet.org/2015/05/16/aeads.html" rel="nofollow">https://www.imperialviolet.org/2015/05/16/aeads.html</a>
Vaguely related for people who want simple secure encryption tools is Age: <a href="https://github.com/FiloSottile/age" rel="nofollow">https://github.com/FiloSottile/age</a>
Not my areas to comment on the technical details, but have things improved since the first time this was on HN [1]?<p>Seems like some of the choices they made were getting bashed, though I'm not sure the reasons were more than personal preferences.<p>[1] <a href="https://news.ycombinator.com/item?id=14067003" rel="nofollow">https://news.ycombinator.com/item?id=14067003</a><p>Edit:typo
Finally, some attempt to rebuild the transparent, copypastable, text-based crypto message format. Binary messaging is not a replacement.<p>Cannot comment on the crypto part yet, but the general idea is excellent, we need this.
Can anyone security minded comment on how this tool compares to the Scuttlebutt Secure Handshake[1]?<p>Notably I've been looking at various modern "safe and easy" crypto tools and found Scuttlebutts handshake interesting. Yet, the entire protocol was a bit difficult to use, and left me with the impression that I'd have to write a lot myself in my preferred language (Rust) to get a batteries included experience. And, for good reason, I'm always hesitant to write anything about crypto hah.<p>... though, now that I'm looking for a Rust salt pack lib, it doesn't seem to exist in Rust either. Humm.<p>[1]: <a href="https://ssbc.github.io/scuttlebutt-protocol-guide/#handshake" rel="nofollow">https://ssbc.github.io/scuttlebutt-protocol-guide/#handshake</a>
More interesting details can be found here: <a href="https://saltpack.org/encryption-format-v2" rel="nofollow">https://saltpack.org/encryption-format-v2</a>
This is excellent! We need more work like this that is standardized and stable.<p>From the protocol end, I heard good things about noise [1] but I haven't seen acual apps make use of it(Edit: It literaly says "Noise is currently used by WhatsApp, WireGuard, Lightning, and I2P." On their page). I highly encourage the author of saltpack to keep a reference list of projects that make use of saltpack.<p>[1] <a href="http://noiseprotocol.org/" rel="nofollow">http://noiseprotocol.org/</a>