constant_time_encoding
constant_time_encoding copied to clipboard
Why not using libsodium for Constant-time Base64?
I'm curious if there is any specific reason that you haven't used libsodium
for constant-time Base64 generation...
sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);
Using libsodium gives quite a good improvement on performance, it's around 6 times faster. Libsodium methods are constant-time, so there is no reason to discard them.
Correct. This is a pure-PHP implementation, but libsodium's is faster and you should prefer that over ours.
Note: We might want to update our code to just use libsodium's if it's available. This will require some compatibility testing, of course.