salty-coffee
salty-coffee copied to clipboard
Feature request: Use native libraries when available
If libsodium is installed then we should make use of it in preference to the pure-Java implementations. The native library is likely to have better constant-time guarantees and be more performant.
How difficult is it to get a cryptographic professional to look over this source code of the NaCI implementation? Just curious. Need to use a library for this and this one looked promising.
I think that probably you'd have to pay to have a professional cryptographic audit. There are several companies and individuals that perform these kinds of services. (I may stump up the cash myself at some point, but I'm not in a position to commit to that at this point in time).
Alright I see. Probably not cheap. Thanks for information!