0.1.0 |
|
---|
#18 in #falcon
16KB
120 lines
secret_sealing
A simple toolkit that provides wrappers and re-exports for modern cryptographic algorithms.
This crate tries to provide modern ciphers and hash algorithms wrapped in convenient functions. However, some of the algorithms involved are bleeding-edge (such as SIKEP751), and because of this, the underlying libraries might have security flaws. Further, this crate, as well as some of its constituents, have not been audited for correctness or security. In particular, private keys are not specifically stored in secure memory, which may pose a security risk if your threat model includes someone reading arbitrary memory from your machine (such as by a cold boot attack). Therefore, this crate is more of a grounds for personal experimentation than anything production-ready. Use this crate at your own risk.
Algorithms
The following modules use bleeding-edge algorithms intended to be secure against attacks by quantum computers. They are thus more resistant to cracking theoretically, but the algorithms or implementations may contain bugs.
key_exchange
- Provides methods for exchanging a shared secret over an untrusted connection. Uses SikeP751 via theoqs
crate.signing
- Provides methods for creating digital signatures. Uses Falcon1024 via theoqs
crate.
On the other hand, the following modules and functions use more well-known algorithms with more trustworthy implementations:
non_password
- Provides general cryptographic hashing. Uses BLAKE3 via theblake3
crate.password
- Provides cryptographic password hashing. Uses Argon2 via theargon2
crate.crate::encrypt
andcrate::decrypt
- Provide general encryption of data. These use ChaCha20Poly1305 via thechacha20poly1305
crate.
Dependencies
~26MB
~578K SLoC