科技回声

8 条评论

inglor将近 8 年前

I love the README, it's very modest and I enjoy reading things like "if a function is longer than, say, 5 lines, I didn't write it myself." and "While you probably shouldn't trust random security code from the Internet, I'm reasonably confident that this code is secure. I did not implement any of the hard math (poly1305, XSalsa20, curve25519) myself - I call into golang.org/x/crypto for all of those functions. I also ported over every test I could find from the C/C++ code, and associated RFC's, and ensured that these libraries passed those tests."I will wait for other companies to use it first - but it looks like a very level-headed implementation that won't be hard for the author to maintain - and a very useful tool.

wvh将近 8 年前

Thanks! I've been wondering why the golang crypto repo contains only half an implementation for so long. I guess people are not generally eager to take responsibility for crypto implementations, especially semi-official ones...It would be nice if the golang devs would pick an Argon2 implementation too (Blake2 hash is already there); it always feels prudent not to use any crypto libraries lest they receive some sort of semi-official blessing from the either language's own creators or renowned cryptographers.

staticassertion将近 8 年前

Did a quick ctrl + F in the readme to look for how they handle timing attacks in Go. As this is a pure Go implementation, I'm curious - how are these attacks mitigated, or is that left to consumers of the library?

评论 #14823117 未加载

geoah将近 8 年前

Amazing work, thank you! Let's see if saltpack[1] will move to this at some point! :D1. <a href="https://github.com/keybase/saltpack" rel="nofollow">https://github.com/keybase/saltpack</a>

Asooka将近 8 年前

I'm confused - does this have anything to do with Google's NaCL plug-in architecture for Chrome? Or is it only a set of crypto routines that have an unfortunate name collision with the former?

评论 #14824761 未加载

评论 #14823911 未加载

justinsaccount将近 8 年前

Also interesting, this is the first package I've seen in the wild that uses Bazel.

评论 #14823640 未加载

donpark将近 8 年前

Excellent. I am using my own pure-go lib, hacked up just to avoid hassle of binding to native code, but it supports only features I need.Thanks Kevin.

0xdeadbeefbabe将近 8 年前

Oh good. I was just about to use <a href="https://github.com/GoKillers/libsodium-go" rel="nofollow">https://github.com/GoKillers/libsodium-go</a>, but I'd rather not have to depend on CGO.

8 条评论

inglor将近 8 年前

wvh将近 8 年前

staticassertion将近 8 年前

评论 #14823117 未加载

geoah将近 8 年前

Amazing work, thank you! Let's see if saltpack[1] will move to this at some point! :D1. <a href="https://github.com/keybase/saltpack" rel="nofollow">https://github.com/keybase/saltpack</a>

Asooka将近 8 年前

I'm confused - does this have anything to do with Google's NaCL plug-in architecture for Chrome? Or is it only a set of crypto routines that have an unfortunate name collision with the former?

评论 #14824761 未加载

评论 #14823911 未加载

justinsaccount将近 8 年前

Also interesting, this is the first package I've seen in the wild that uses Bazel.

评论 #14823640 未加载

donpark将近 8 年前

Excellent. I am using my own pure-go lib, hacked up just to avoid hassle of binding to native code, but it supports only features I need.Thanks Kevin.

0xdeadbeefbabe将近 8 年前

Oh good. I was just about to use <a href="https://github.com/GoKillers/libsodium-go" rel="nofollow">https://github.com/GoKillers/libsodium-go</a>, but I'd rather not have to depend on CGO.

Pure Go implementation of the NaCL set of APIs

8 条评论

Pure Go implementation of the NaCL set of APIs

8 条评论