-
(I first wrote this as an issue on the libhydrogen repo, but felt bad because it clearly isn't an "issue", so I'm here on the discussion forum of libsodium instead) Hi Frank, Thanks for your efforts on libsodium and your other projects over the years 🙏 . In the context of providing high-level crypto operations for standard line of business web applications which need:
...libhydrogen can provide all of these† and indeed over the years you've mentioned you use libhydrogen more than libsodium, and from your positive comments about it leads me to believe that perhaps libhydrogen is a better foundation for apps in the context above to start with. Those, comments combined with the facts that (1) libhydrogen doesnt accept nonces as input and (2) it has a nice small API that we can expose directly to developers, make libhydrogen a very attractive target for building in at the foundation. However, there are several things that make us think twice:
Do you recommend libhydrogen for the above use cases? If yes, would you consider tagging a version every now and then? Or is there a "libsodium the good parts" doc/comment somewhere that identifies a subset of the API that is safe and can be exposed to devs directly (though #392 makes me think that might not be in scope for libsodium)? † the "only" thing libhydrogen doesn't provide which is occasionally useful is libsodium's secretstream for en/decrypting datasets that cannot fit into memory. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
libhydrogen is great for its portability, simplicity and compactness. It's also a good option on constrained environments. It doesn't have You're right about version numbers. There's been two major versions (v0 and v1), but no minor versions tagged along the way. Even though there haven't been breaking changes, this is something I'll try to do. As it's a single C file, libhydrogen is usually directly copied into apps, rather than shipped as a library, though. If performance is a concern, and it seems to be the case according to your list of use cases, libhydrogen may not be a good fit. Especially if you're not targeting constrained environments, libsodiium will be way faster. |
Beta Was this translation helpful? Give feedback.
libhydrogen is great for its portability, simplicity and compactness. It's also a good option on constrained environments.
It doesn't have
secretstream
, buthydro_secretbox
accepts a counter that can simply be incremented after each chunk. This is exactly what encpipe does.You're right about version numbers. There's been two major versions (v0 and v1), but no minor versions tagged along the way. Even though there haven't been breaking changes, this is something I'll try to do.
As it's a single C file, libhydrogen is usually directly copied into apps, rather than shipped as a library, though.
If performance is a concern, and it seems to be the case according to your list of use cases, lib…