

DJB: Network and Cryptography Library (efforts against timing attacks) - munin
http://nacl.cr.yp.to/

======
huhtenberg
I love djb's work, but, man, if this is one unnecessary terse documentation.
Like someone forcing himself to talk through clenched teeth. A simple example
on the Introduction page would go a long way.

The fast and secure/non-exploitable (re-)implementation of core crypto
algorithms is definitely useful. The restrained resource usage and no _malloc_
dependency is something that I wish more libraries paid more attention to.

However, the stated target audience of the library seems odd. They say that
the API is meant to abstract away the cryptographic details, and yet it still
requires a crypto expert to go behind the API to set things up... which is
fine, but if there _is_ a crypto guy on a team, he could as easily cook up the
abstraction interface around whatever crypto library they currently use.
Unless I am missing something obvious, this abstraction layer and the whole
focus on "usability" appears to be more of a hindrance that complicates access
to the actually useful parts of the library (the high-speed crypto).

~~~
cperciva
_this abstraction layer and the whole focus on "usability" appears to be more
of a hindrance that complicates access to the actually useful parts of the
library (the high-speed crypto)._

If you're not using the abstraction layer, the high-speed crypto bits you
mention aren't useful anyway. The high speed crypto is djb's favourite
primitives -- curve25519, salsa20, and poly1305 -- which is fine if you're
only ever going to talk to other people using this library but makes it
utterly useless otherwise since nobody else ever uses those primitives.

------
vinutheraj
I was first confused by the NaCl name. The NaCl nomenclature is used by
another popular project - chrome Native Client.

------
marshray
Perhaps a more-specific link is: <http://nacl.cr.yp.to/verify.html>

~~~
munin
the paper here talks about the things they do to avoid exposure to timing
attacks: <http://eprint.iacr.org/2011/646.pdf>

------
zdw
I believe much of the motivation behind this is the CurveCP and DNSCurve
projects:

<http://dnscurve.org/>

<http://curvecp.org/>

------
zrail
I think this is great. If I were to want to implement some sort of darknet
project I would definitely consider using NaCl, CurveCP, and DNSCurve as core
components.

