Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Most of the time, the only side channel you care about is timings. Lately Hertzbleed did enough noise that Monocypher has a dedicated issue, but I think even that is best left for CPU designers to stress over for now… And on modern CPUs the causes of this side channels are limited to:
As you now know, I have implemented a whole cryptographic library with a similar API to Libsodium’s. In addition I’ve worked on authenticated key exchange (similar to Noise), as well as PAKE (symmetric and augmented). And I’ve realised that the whole NaCl family of libraries, including NaCl, Libsodium, TweetNaCl, and Monocypher, are all too low-level for regular people to use safely.
I failed to notice the relevant Wycheproof test vectors because they weren’t listed on the front page (they still aren’t).
Related posts
- Ask HN: What are your favorite tiny, single purpose tools?
- Forge: Native implementation of TLS in JavaScript for web apps
- Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem
- Minisign A dead simple tool to sign files and verify signatures
- Guidance on Implementing Cryptography as a Developer