Monocypher VS github

Compare Monocypher vs github and see what are their differences.

Monocypher

An easy to use, easy to deploy crypto library (by LoupVaillant)

github

Just a place to track issues and feature requests that I have for github (by isaacs)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Monocypher github
51 30
570 2,146
- -
7.0 3.0
about 2 months ago almost 3 years ago
C
GNU General Public License v3.0 or later -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Monocypher

Posts with mentions or reviews of Monocypher. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-20.
  • In Defense of Simple Architectures
    4 projects | news.ycombinator.com | 20 Feb 2024
    I rarely got to know the actual deployment scale of anything I've done. Let's make a list:

    Ground software for an observation satellite. My internship was about implementing a dead simple neural "network" (2 hidden layers, no feedback), everything was specified from up top, we didn't even get to touch the learning algorithms. Impact? I guess a big flat zero, since all the differentiators was in the learning parameters.

    Peer-to-peer social network before Facebook. Never made a cent.

    Geographic Information System for the military. I was for obvious reasons not allowed to know enough to estimate the impact of my work. And even then all decisions was made by the customer, and once the user (a different entity) saw the Rube Goldberg contraption we dully made for them they predictably balked, and we did what we could from there. Which was, not that much. I did some useful stuff for sure, but mostly I participated in a system that was arguably worse than the one that preceded it.

    A visualiser for civil radar data. Data in, little planes in the screen out. And other nice stuff. I designed a simple C++ API that allowed the client to write business code faster than we would have ourselves (if only because of communication overhead), saving weeks of work. That contribution was utterly ignored for personal reasons, and I was eventually out. I have no idea what my actual impact was, because I don't know how far the project even went, and how widely it was eventually deployed.

    The maintenance of ground software for small civil observation drones. I did some cool stuff, but then was asked to transfer ownership of this software to a recently bought team (that did stuff similar to the company I worked for). I could have known how many drones were actually deployed, but to be honest my thing just saved a few minutes of flight, while most of the cost is to get the drone and its operator on site. That company was never really profitable, I hope the good people I met there are doing well.

    Scripting language for a programmable logic controller test environment. For the military, so I don't think I was allowed to even know the size of the team we'd deliver the software to. I got good feedback from them (they were happy about what I did), and I'm pretty sure my static typing made things easier for them than if I had just picked Lua or something, but how easier, and how much money it will save in the long run I have no freaking clue.

    Stuff in a missile company I cannot disclose. I believe my impact was almost nil, I couldn't stand their abysmal tech environment.

    Prototype ADAS system. It was never deployed. Actual impact was therefore basically nil. Cool stuff to work on though, the CAN bus is a think of beauty. One of the rare instances where I could actually learn from example, instead of seeing yet again one of the gazillion obvious ways how not to do stuff.

    Ground software for some IoT device. Impact fundamentally uncertain, we had yet to sell it to anyone.

    Incident reporting software, based upon a more generic distributed base. I made the encryption layer (between users & company server), with a security based on PAKE (thus avoiding a PKI, which simplified the work of the sysadmin, at a slight loss of security). Impact fundamentally uncertain, we had yet to sell it to anyone.

    Charging stations for electric vehicles. I did the TPM provisioning, and mentioned a low-key security issue along the way. I participated in a questionable micro-service that was meant to help user interfaces (yeah, their IoT stuff had a micro-service architecture). Impact: whatever I did didn't save them: one year after I left, they're now going under.

    Preliminary study on the possible use of AMD-SEV to prevent users from peeking at our secret sauce (DRM). I don't think I was allowed to know the list of clients, and it's not even the only alternative. I don't think I could ever have assessed the long term impact of my work there.

    Flight recorder for trains (not a flight recorder then, but you get the idea). I just did little tasks here and there, didn't get the chance to have a good bird's eye view of the thing or its environment. Deployment base was knowable, but the business impact of my work was likely minimal, beyond "finish this step so we can show the client we're on track for the next short term milestone". The whole thing is a heap of technical debt, common components are impossible to update (user projects aren't locked to a given revision, they all pull from trunk), the build system is a home made monstrosity that doesn't help more than the standard monstrosities (I hate build systems)… and I was just axed from a round of layoffs.

    Cryptographic library I did on my free time: https://monocypher.org/ Nice little thing with a significant user base in the embedded ecosystem (not even my primary target). I controlled everything from start to finish, and I have no idea how many users I have, let alone how much time and money I saved them. In part because it is so simple, with such an outstanding documentation (which I mostly didn't write), that most users don't even have to bug me.

    ---

    To sum this up, my resume looks fairly horrible with respect to what I know of my actual business impact. Most of it, I think, was entirely outside my control. And I don't think I'm exceptional in this.

  • Non-code contributions are the secret to open source success
    10 projects | news.ycombinator.com | 13 Feb 2024
    As the dictator author/maintainer of a tiny library¹ (45 functions total), I can confirm the manual wouldn't be half as good without external contributions. And I daresay this manual is a major contributor to the usability of the whole project.

    As a new user of libcurl, I was recently able to quickly implement FTP upload and adapt it to our specific use case thanks to their tutorials and API documentation. I was even made aware of the lack of thread safety in old versions thanks to that same documentation, so I could warn my team that we should update.

    Documentation is bloody important. Almost as important as the code and the test suite themselves.

    [1]: https://monocypher.org

  • Learn Modern C++
    6 projects | news.ycombinator.com | 26 Dec 2023
    Are you assuming I didn't already do that? For your information I've written an entire cryptographic library in C https://monocypher.org and routinely chose C over C++. My claim that C is broken beyond repair doesn't come from ignorance or hype, it comes from over 15 years of first hand experience.

    And of course, GC and RC aren't fixes, they can't apply in the performance constrained settings C and C++ typically are used for (tiny embedded chips, video games, video encoding…).

    Also there's no way I'll even look at a new language without some form of generics. They're just too damn useful. Sure we could try the Go approach and special case generics for a few core data structures, but I believe a general purpose language needs a way to add custom ones. Heck, even Go fixed its mistakes and added generics after all.

  • Libsodium: A modern, portable, easy to use crypto library
    9 projects | news.ycombinator.com | 14 Sep 2023
  • Six times faster than C
    2 projects | /r/programming | 7 Jul 2023
    Compilers don’t find all the optimisations. Last time I saw this was when someone noticed that my code was 5% slower than the reference implementation. This patch fixed it.
  • I've implemented some encryption/decryption in C, how is it?
    1 project | /r/C_Programming | 4 Jul 2023
    Every time I'm faced with OpenSSL, I think, "This is even more of a dumpster fire than I remember." My expectations are low, and it never fails to come in even lower than that. It's ugly and difficult to use. A good crypto API won't require all this resource management because it can all be done with small, fixed-sized buffers. In the future consider Monocypher or libsodium.
  • How much secure is my UDP based network protocol?
    3 projects | /r/crypto | 5 May 2023
    If encryption performance is not that important (especially on the client side, which I expect won't use too much bandwidth), but you value minimising dependencies, consider using Monocypher instead of libsodium. Monocypher is a single-file library that has absolutely zero dependency (not even libc). The price to pay for that is (i) right now it's slower than libsodium, and (ii) it doesn't provide an RNG, you'll have to call your OS's RNG manually.
  • The Free Software Foundation is dying
    2 projects | /r/programming | 12 Apr 2023
    I'm not yelling at you for your choice. See here for how hypocritical it would be of me.
  • Is there any introduction/tutorial to Elligator and other random-looking ECC encodings?
    1 project | /r/atom_protocol | 23 Mar 2023
    This website does a pretty good job of going over what the creator of Monocypher found to implement Elligator. There’s also this Python code which has comments detailing the steps.
  • Uncle Bob and Casey Muratori Discuss Clean Code
    6 projects | /r/programming | 9 Mar 2023
    I believe my coding style is best shown by example. Some people have called it impressive. Some others have called it the worst they've ever seen. This may or may not come from the domain: cryptographic code tends to be pathologically straightline. At the very least it tend to produce longer functions than other domains.

github

Posts with mentions or reviews of github. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-03.
  • How I Fixed GitHub's Repo Traffic Insights 🛠️ 📊
    3 projects | dev.to | 3 Dec 2023
    While looking for solutions, I realized that many developers face similar challenges. This issue is widely discussed, particularly in a GitHub thread: Track traffic to GitHub repo longer than 14 days #399.
  • Organizing Multiple Git Identities
    6 projects | news.ycombinator.com | 16 Oct 2023
    Probably the older email address is still the primary one for the GitHub account.

    GitHub took it upon themselves to change email addresses and author names when merging via the UI buttons like "Squash and Merge" in 2018 and then again in 2019. See <https://github.com/isaacs/github/issues/1368> for the tedious details.

    Essentially the post-2019 behaviour seems to be that where possible with "Squash and Merge" they will set noreply@github as the committer so that they can sign the merged commit themselves, and set author name & email to what they have recorded for the GH account involved (and the signature is then a record that GH have verified that account's involvement).

    Personally I think it is shocking that they ignore the name and email address that the actual author of the commit has selected. This is both a violation of the author's intentions -- for example, you may set work and personal email addresses in different repositories as discussed here, but GitHub will rewrite them all to the same thing when other people press "Squash and Merge" on your pull requests -- and potentially a doxxing security risk.

    I have considered re-reporting this to GitHub via the newer community discussions or via support again, but given the extent to which they've ignored all such reports over the last five years it is hard to find the motivation to do so.

  • GitHub prevents crawling of repository's Wiki pages – no Google search
    1 project | news.ycombinator.com | 1 Sep 2023
  • How do Commercial Open Source Startups manage GitHub insights &gt; 14 days? Is everyone using a workaround? How are "unique" cloners and viewers kept track off?
    3 projects | /r/opensource | 25 May 2023
    However, there is a massive issue. Github by default truncates insights to t-14 days (where t = today). This is super annoying as there is a discontinuity in data. There is also an archived issue on Github regarding this. The issue has a whopping 119 comments and has been around for over 8 years now. Basically, from the discussions there - Data you don't persist today will be gone 14 days from now. And looks like Github hasn't done anything about it.
  • Reimplementing the Coreutils in a modern language (Rust)
    7 projects | news.ycombinator.com | 13 Feb 2023
    > Hi, people have made money using my code and I also don’t care

    looks like everyone's missing the point.

    > I understand this is upsetting to you

    Again, maybe I am on another level of comprehension, so I don't understanda why it is so hard for someone to get it, but I am not upset by that, at all.

    I simply know that those who think "it will be fine" are delusional and don't know what they are talking about!

    So I just will paste some link to relevant news here, maybe it will make things clearer.

    It includes the opinion of Antirez, father of one of the most successful OSS ever: Redis. Maybe his words will open your eyes and tear the veil of Maya.

    (spoiler ahead alert!)

    Basically you work for free and people don't even thank you and the maintainer ends up being doxed or blamed or pushed aside and in the long term the only solution to keep sanity is to resign

    https://www.jeffgeerling.com/blog/2022/burden-open-source-ma...

    https://www.theregister.com/2022/01/13/opensource_apacheplc4...

    https://nolanlawson.com/2017/03/05/what-it-feels-like-to-be-...

    https://old.reddit.com/r/linux/comments/z14tt2/reason_why_op...

    https://github.com/isaacs/github/issues/167

    http://web.archive.org/web/20221217180915/http://antirez.com...

  • Git archive checksums may change
    10 projects | news.ycombinator.com | 30 Jan 2023
    I don't know what the fuss is all about. It was publicly known that Github was breaking automatic git archives consistency for many years. Here is a bug on a project to stop relying on fake github archives (as opposed to stable git-archive(1)):

    https://bugzilla.tianocore.org/show_bug.cgi?id=3099

    At some point it was impossible to go a few weeks (or even days) without a github archive change (depending on which part of the "CDN" you hit), I guess they must have stabilized it at some point. Here is an old issue before GitHub had a community issue tracker:

    https://github.com/isaacs/github/issues/1483

  • Keeping a Project Bisectable
    3 projects | news.ycombinator.com | 4 Aug 2022
    Hello, I see you stepped on my favourite personal soapbox! :)

    https://github.com/isaacs/github/issues/1017

    I really, really like semi-linear branching/merging. I.e. always rebase-merging, but with a merge commit.

    Reasons, in comparison to Github's "rebase merge" which doesn't produce a merge commit:

    1. It makes it clear which commits were part of one PR

    2. It makes it clear who did the merge

    3. It's okay to not have every commit build. but the one being merged will.

    4. Still pretty bisectable. You'll narrow things down at least to the PR that caused an issue, and from there it's usually quite simple.

    5. Looks very tidy in gitk & Co

  • Documenting My Work Again: hypothes.is
    3 projects | /r/Crostini | 8 Jul 2022
    Not to say that the feature isn't coming to FOSS git services.. Just that even proprietary organizations have had issues with taking a while to implement them.
  • Keyless Git signing with Sigstore!
    2 projects | /r/kubernetes | 23 Jun 2022
    Oh this is cool actually! Nice! One of the grievances I have with github commit signing is this issue https://github.com/isaacs/github/issues/1099
  • Attempting to transfer a repository upon resigning from a company (warning I'm a noob)
    1 project | /r/github | 17 Jun 2022
    In addition, you probably want to read this discussion. https://github.com/isaacs/github/issues/1138

What are some alternatives?

When comparing Monocypher and github you can also consider the following projects:

libhydrogen - A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

Custom-Scenes - Please go to https://github.com/Notexe/h3-custom-scenes instead. Hitman 3 custom scene experimentation using ResourceTool + QuickEntity + simple-mod-framework + RPKG Tool

ASP.NET Core - ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.

Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS

vscode-gitlens - Supercharge Git inside VS Code and unlock untapped knowledge within each repository — Visualize code authorship at a glance via Git blame annotations and CodeLens, seamlessly navigate and explore Git repositories, gain valuable insights via rich visualizations and powerful comparison commands, and so much more

git2html - github clone of http://hssl.cs.jhu.edu/~neal/git2html/

feedback - Public feedback discussions for: GitHub for Mobile, GitHub Discussions, GitHub Codespaces, GitHub Sponsors, GitHub Issues and more! [Moved to: https://github.com/github-community/community]

create-branch-from-issue - Creating branch from issue on Github, tampermonkey script

libnest2d - 2D irregular bin packaging and nesting library written in modern C++

mollyim-android - Enhanced and security-focused fork of Signal.

mlatu - A declarative concatenative programming language

litestream - Streaming replication for SQLite.