-
-
Notifications
You must be signed in to change notification settings - Fork 506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: uuhhhhhh crypto lol #805
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Is this compatible with secretbox? |
I haven't found any incompatibilities yet. For secretbox, according to the libsodium docs
Which |
Nice benefit: since macos and libsodium were not good friends, full builds are down from 3m 18s to 1m 47s :D |
Ohhhh wow very nice 👏 I'll give this a test tomorrow. Maybe see if we can get some of the community to try it as well? I imagine if it decrypts our history fine then it'll work for everyone, but... |
Did a full re-sync, it decrypts everything fine 😌 |
8a3edbe
to
05a386b
Compare
05a386b
to
8ab1370
Compare
@@ -33,3 +33,4 @@ chronoutil = "0.2.3" | |||
tower = "0.4" | |||
tower-http = { version = "0.3", features = ["trace"] } | |||
reqwest = { workspace = true } | |||
argon2 = "0.5.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did you also test the server stuff?
Just deleted my history and re-synced on this branch, it all worked ✨ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! what's the worst that could happen?
I have tested to make sure that old hashed/encrypted blobs still work under the new libraries. All the tests pass but I want to be extra thorough so let's hold for now...
We originally intended to use https://github.com/RustCrypto/nacl-compat/tree/master/crypto_box for the secretbox replacement, but the have their own keygen on top (they use a public+private key pair to generate nonce and to generate a symmetric key. We already have the symmetric key so that abstraction on top does not work). The underlying impl is the one we are using here. nacl-compat has been audited, which would imply that
xsalsa20poly1305
also has been audited successfully.argon2
crate is maintained by the sameRustCrypto
group. This has no claim to be audited. I will review the code myself, but it has quite a lot of downloads on crates.io and no reported vulnerabilities in it's lifetime.