mirror of
https://github.com/odin-lang/Odin.git
synced 2026-04-20 07:19:32 -04:00
842cfee0f3
This change was made in order to allow things produced with Odin and using Odin's core library, to not require the LICENSE to also be distributed alongside the binary form.
32 lines
1.2 KiB
Markdown
32 lines
1.2 KiB
Markdown
# crypto
|
|
|
|
A cryptography library for the Odin language.
|
|
|
|
## Supported
|
|
|
|
This package offers various algorithms implemented in Odin, along with
|
|
useful helpers such as access to the system entropy source, and a
|
|
constant-time byte comparison.
|
|
|
|
## Implementation considerations
|
|
|
|
- The crypto packages are not thread-safe.
|
|
- Best-effort is make to mitigate timing side-channels on reasonable
|
|
architectures. Architectures that are known to be unreasonable include
|
|
but are not limited to i386, i486, and WebAssembly.
|
|
- Implementations assume a 64-bit architecture (64-bit integer arithmetic
|
|
is fast, and includes add-with-carry, sub-with-borrow, and full-result
|
|
multiply).
|
|
- Hardware sidechannels are explicitly out of scope for this package.
|
|
Notable examples include but are not limited to:
|
|
- Power/RF side-channels etc.
|
|
- Fault injection attacks etc.
|
|
- Hardware vulnerabilities ("apply mitigations or buy a new CPU").
|
|
- The packages attempt to santize sensitive data, however this is, and
|
|
will remain a "best-effort" implementation decision. As Thomas Pornin
|
|
puts it "In general, such memory cleansing is a fool's quest."
|
|
- All of these packages have not received independent third party review.
|
|
|
|
## License
|
|
|
|
This library is made available under the zlib license. |