constant_time_encoding Why not using libsodium for Constant-time Base64?

Why not using libsodium for Constant-time Base64?

Open ghost opened this issue 2 years ago • 2 comments

I'm curious if there is any specific reason that you haven't used libsodium for constant-time Base64 generation...

sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);

Feb 25 '22 18:02 ghost

Using libsodium gives quite a good improvement on performance, it's around 6 times faster. Libsodium methods are constant-time, so there is no reason to discard them.

Mar 11 '22 17:03 SharkMachine

Correct. This is a pure-PHP implementation, but libsodium's is faster and you should prefer that over ours.

Note: We might want to update our code to just use libsodium's if it's available. This will require some compatibility testing, of course.

Mar 22 '22 14:03 paragonie-security

constant_time_encoding constant_time_encoding copied to clipboard

Why not using libsodium for Constant-time Base64?

constant_time_encoding
constant_time_encoding copied to clipboard