Feind hört mit!
tinfoil is a collection of cryptographic building blocks, designed
to provide a unified interface to secure and vetted modules which
reflect Ambiata best practices.
All changes must be signed off by Erik and Sharif before being merged.
All core cryptographic functionality required by an Ambiata project
belongs in tinfoil. This includes:
- Credential hashing and verification.
- Key derivation functions.
- Key and credential generation.
- Nonce generation.
- HMACs and signed requests.
- Ciphers and cipher modes.
- Bindings and wrappers around low-level libraries (
scrypt,libsodium, et cetera).
- Simple and secure by default - the obvious solution to a problem should also be the correct one.
- Robust to timing attacks - exposed functions must retain their timing characteristics regardless of the context in which they are called, and this should be verified with benchmarks.
- Paranoid - performance is a distant second to correctness.
-
This package should never use
System.Random, even if you're sure it doesn't matter in that particular case. Modules suitable for obtaining cryptographically-secure random numbers include:Crypto.Randomfrom crypto-api.System.Entropyfrom entropy.
All functions in tinfoil are thread-safe unless explicitly noted
otherwise in the function's documentation.
tinfoil explicitly supports Linux and OS X. It may run on other
unixlike systems, but may also break or violate the behavioural
invariants described above.