Pure Rust implementation of libsodium/utils about secrets HOT 8 OPEN

There's a bit of benefit here in that we don't have to provide any libsodium bindings, but I'm a bit on the fence as to whether or not that warrants switching to a dependency that I have audit every time there's an update. I'll give it some consideration.

from secrets.

I'm definitely interested, but it's not something I'd want to pull the trigger on without some consideration. I can't imagine it doesn't include unsafe code (e.g., to call things like mprotect), so I'd have to weigh the pros/cons of switching to a library that's newer, less battle-tested, and maintained by someone whose track record in security-sensitive systems I'm unaware of.

from secrets.

Yes it uses unsafe. In fact they are just unsafe functions without any extra abstraction. The good part is that the code is not that big, so you can evaluate it.

from secrets.

There is one more option now in region.rs. No more unsafe (as any manual twiddling of virtual memory APIs will be), but also more active and more readable: https://github.com/darfink/region-rs

from secrets.

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

from secrets.

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

Err, I meant unsafe in general, not specifically the Rust keyword. "No additional unsafe" might have been better phrasing.

from secrets.

memsec can be a good consideration as right now secrets does not have a #![no_std] implementation which is quite sad as I am looking at interoperating with my sosecrets-rs crate.

from secrets.

from secrets.