Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove cryptonite dependency #418

Closed
edilmedeiros opened this issue Feb 14, 2024 · 3 comments
Closed

Remove cryptonite dependency #418

edilmedeiros opened this issue Feb 14, 2024 · 3 comments

Comments

@edilmedeiros
Copy link

I just learned that Cryptonite's repo was archived last year.

This is a potential security issue for the library.

I briefly inspected the source code and saw that Cryptonite is being used for hashing, HMAC, and key derivation.
libsecp256k1 implements some hashing and HMAC functions, but not all the necessary functionality for this lib.

Yet, I believe there's no cryptographic library in Haskell on par with Cryptonite.
@the-headless-ghost
Copy link

I think botan bindings will eventually replace Cryptonite. https://haskell-cryptography.org/blog/botan-first-milestone/

@edilmedeiros
Copy link
Author

I see that 1f67df1 changes the dependency to crypton.

@jprupp
Copy link
Member

jprupp commented Aug 28, 2024

crypton is a fork of cyrptonite. I still prefer that we move to botan. The botan bindings are maturing, and there’s a possibility that the developers decide to expose an API similar to that of cyrptonite, in order to make the transition of packages like this one straightforward. I will close this ticket for now, as the cryptonite dependency has been removed.

@jprupp jprupp closed this as completed Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jprupp @the-headless-ghost @edilmedeiros