chore: uuhhhhhh crypto lol #805
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
Is this compatible with secretbox? |
I haven't found any incompatibilities yet. For secretbox, according to the libsodium docs
Which |
|
Nice benefit: since macos and libsodium were not good friends, full builds are down from 3m 18s to 1m 47s :D |
|
Ohhhh wow very nice 👏 I'll give this a test tomorrow. Maybe see if we can get some of the community to try it as well? I imagine if it decrypts our history fine then it'll work for everyone, but... |
|
Did a full re-sync, it decrypts everything fine 😌 |
conradludgate
force-pushed
the
crypto-rust
branch
from
8a3edbe
to
05a386b
Compare
conradludgate
force-pushed
the
crypto-rust
branch
from
05a386b
to
8ab1370
Compare
| @@ -33,3 +33,4 @@ chronoutil = "0.2.3" | |||
| tower = "0.4" | |||
| tower-http = { version = "0.3", features = ["trace"] } | |||
| reqwest = { workspace = true } | |||
| argon2 = "0.5.0" | |||
There was a problem hiding this comment.
did you also test the server stuff?
|
Just deleted my history and re-synced on this branch, it all worked ✨ |
I have tested to make sure that old hashed/encrypted blobs still work under the new libraries. All the tests pass but I want to be extra thorough so let's hold for now...
We originally intended to use https://github.com/RustCrypto/nacl-compat/tree/master/crypto_box for the secretbox replacement, but the have their own keygen on top (they use a public+private key pair to generate nonce and to generate a symmetric key. We already have the symmetric key so that abstraction on top does not work). The underlying impl is the one we are using here. nacl-compat has been audited, which would imply that
xsalsa20poly1305also has been audited successfully.argon2crate is maintained by the sameRustCryptogroup. This has no claim to be audited. I will review the code myself, but it has quite a lot of downloads on crates.io and no reported vulnerabilities in it's lifetime.