Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why not using libsodium for Constant-time Base64? #39

Open
ghost opened this issue Feb 25, 2022 · 2 comments
Open

Why not using libsodium for Constant-time Base64? #39

ghost opened this issue Feb 25, 2022 · 2 comments

Comments

@ghost
Copy link

ghost commented Feb 25, 2022

I'm curious if there is any specific reason that you haven't used libsodium for constant-time Base64 generation...

sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);
@ghost ghost changed the title Why not libsodium for Constant-time Base64? Why not using libsodium for Constant-time Base64? Feb 25, 2022
@SharkMachine
Copy link
Contributor

Using libsodium gives quite a good improvement on performance, it's around 6 times faster. Libsodium methods are constant-time, so there is no reason to discard them.

@paragonie-security
Copy link
Contributor

Correct. This is a pure-PHP implementation, but libsodium's is faster and you should prefer that over ours.

Note: We might want to update our code to just use libsodium's if it's available. This will require some compatibility testing, of course.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SharkMachine @paragonie-security