[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Library granularity
- From: Phil Leblanc <philanc@...>
- Date: Sat, 26 Nov 2016 16:01:50 -0500
On Sat, Nov 26, 2016 at 3:12 PM, Marc Balmer <marc@msys.ch> wrote:
>> Would you prefer to look for and use one library including all these
>> functions?
>>
>> Or have three libraries with, say, compression, crypto and binary encoding?
>>
>> Or have several tiny libraries (eg. base58, LZF, rc4, md5, etc.)?
>>
>> The tiny libraries might look like the more logical choice: It allows
>> users to use exactly what they want, and it would allow to dispense
>> for some very widespread options (md5, base64).
>>
>> On the other hand, more granularity implies more effort, and it looks
>> a bit (to me!) like these myriads of microscopic modules for node.js
>> :-)
>>
>> What do you think?
>
> I would indeed go for smaller granularity. And moreover, I would go for
> secure cryptographic algorithms when writing new code. All of them, rc4,
> sha1, and, md5 are considered insecure.
Thanks for your feed-back.
Regarding security, I am 100% with you! :-) I use rc4 only for
lightweight obfuscation, and md5/sha1 for error detection. For real
crypto, my preferred tool is my luatweetnacl [2], a self-contained
NaCl library including salsa20 authenticated stream encryption,
curve25519 DH key exchange and sha512 hash.
[2] https://github.com/philanc/luatweetnacl
Regarding granularity, would you go with 3 libs or with several tiny libs?
Phil
