Joachim Vandersmissen

Yes, I saw your issue, but I haven't had time yet to implement it. I'd prefer not to simply copy the code from that site as it might be copyright...

With cipher v0.4 being released, this is a bit more ready for review, but of course the crate name issue remains.

> I can ask the owners of the current `speck` crate if they'd be willing to give it to us. It's worked before! Perhaps that could be worth a shot,...

I added some configuration for a `minimal-versions` action.

I have the same issue, but with the `num-traits` crate. Are we supposed to manually add `num-traits` as a dependency to our crate?

> I think the better solution for those that don't actually care about the traits is to add corresponding inherent methods, even though that's more tedious to implement methods in...

I assume the BLAKE2s hash is to prevent timing side-channel attacks. I feel like a simple constant-time compare would be easier and faster though.

As an addendum to my first question, SP 800-57 part 1, revision 5, Table 3 also contains the maximum security strengths for hash-based functions when used for random number generation....

@celic any update on this now that FIPS 186-5 has been released?

> EVP_DigestSignInit/Update/Final have been available for a long time (since 1.0.0). Wouldn't they be acceptable? Not sure when the one-shot `EVP_DigestSign` was added but it appears to be before 3.0....