paseto-spec
branca
paseto-spec | branca | |
---|---|---|
4 | 2 | |
146 | 171 | |
6.8% | - | |
0.0 | 0.0 | |
5 months ago | almost 4 years ago | |
Go | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
paseto-spec
-
Age and Authenticated Encryption
Another signcryption scheme as described in the article is also implemented by the libsodium author as an extension:
https://github.com/jedisct1/libsodium-signcryption
It's unclear from the article if this is the same algorithm age uses.
Signcryption schemes are also a good candidate algorithm for replacing JWTs and PASETO as they suffer from no algorithm confusion, and don't need what PASETO calls "Algorithm Lucidity" and serve both plaintext authentication, authenticated encryption, sender receiver verification, and shared key generation that can be used for unlimited encrypted streaming, for example with libsodium's crypto_secretstream API.
https://doc.libsodium.org/secret-key_cryptography/secretstre...
https://github.com/paseto-standard/paseto-spec/blob/master/d...
- Paseto is everything you love about JWT without any of the design deficits
-
PASETO Reference Implementation Release Notes (new protocol versions)
The rationale for V3/V4 may be of particular interest for this forum.
-
PASETO v2.0.0 released! (Lengthy release notes)
Whether you're curious or skeptical, we believe in transparency, so the detailed rationale for these exact changes in V3/V4 is available here.
branca
- Paseto is everything you love about JWT without any of the design deficits
-
SAML is insecure by design
Better alternatives would be PASETO or Branca.
What are some alternatives?
Halite - High-level cryptography interface powered by libsodium
paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
php-jwt - PHP package for JWT
sjwt - Simple JWT Golang
spec - Spec and acceptance tests for the Fernet format.
paseto - Platform-Agnostic Security Tokens
go-guardian - Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
libsodium-signcryption - Signcryption using libsodium.
scs - HTTP Session Management for Go
scope - Easily Manage OAuth2 Scopes In Go
jeff - 🍍Jeff provides the simplest way to manage web sessions in Go.