Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
jwt-go
Discontinued ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
-
More recently, I wrote a blog post about end-to-end encryption, and mentioned integrating with some sort of decentralized authority-free identity system like Gossamer.
The main hinderance is math/big.Int, which is not constant time, leaking into APIs making them hard to implement in constant time. For P384 and P521 it's a matter of doing the work and taking the extra complexity, which is a lot; I am optimistic about importing fiat-crypto for those. RSA is probably fine with blinding. Constant time software AES is slooooooooooow and hard to implement, so... maybe? crypto/tls is very aggressive in switching to ChaCha20Poly1305 if either side doesn't have hardware AES, for what it's worth.
Roberto Clapis is working on a set of packages (including https://github.com/google/safehtml which you can already use and is great) to provide strongly-secure-by-default alternatives to stdlib packages for web development such as html/template, database/sql, and net/http.