Tony Arcieri

> And what if they question instead asked "Is MD5 broken or insecure for all applications"? The question is: is MD5 a secure hash function? The answer is: no, because...

I'll just leave this here: https://www.kb.cert.org/vuls/id/836068 > **Do not use the MD5 algorithm** > > Software developers, Certification Authorities, website owners, and users should avoid using > the MD5 algorithm...

@horrorho cryptographic best practice is clear: don't use MD5. If you disagree, please point to one cryptographer or organization specializing in cryptography who holds the same opinion. Bruce Schneier talking...

Note: this crate is unmaintained #467

Since they're pure Rust, and not leveraging a tool like Nadeko for assembly generation, they're potentially vulnerable to data-dependent timings, since LLVM will still insert branches into code that appears...

Inline assembly is fine, but architecture specific, so you would wind up with "trustworthy" ASM-backed implementations for specific architectures, and pure Rust "experimental" implementations elsewhere. I think this is an...

Ohai, circling back on this after quite some time... Perhaps a table in the README describing the implementation state of various ciphers? I'd be happy to help contribute that. Here's...

Note: Unless we hear otherwise, we are going to officially start tracking this crate as unmaintained in the RustSec Advisory Database: https://github.com/RustSec/advisory-db/pull/181

The @RustSec project has filed [`RUSTSEC-2016-0005`](https://rustsec.org/advisories/RUSTSEC-2016-0005.html) as an advisory that `rust-crypto` is unmaintained. The advisory suggests several alternatives.

I could go either way on this one. Reel is trying to provide a lightweight, below-Rack level abstraction, but if you really think it makes sense to add it to...