Yes we're always where the critics are, they are or best source of information.
I'm very happy to see our work being reviewed. I'm not an expert cryptographer but I am capable of understanding it. (fyi I didn't code it).
Our memcmp in constant time is not the prettiest, but it's short so we roll with it :P
This project started around 2014, LibSodium was still very small back then and OpenSSL, in ours view, remains the defacto standard.
Is there any particular reason on why we should move away from RAND_bytes() ?
Yes: Aside from being a userspace CSPRNG (which is an additional risk of failure over the kernel's CSPRNG and doesn't provide defense-in-depth), it isn't thread-safe.
That link to NodeJS was a good read, I'm fairly convinced that we should ditch RAND_bytes from OpenSSL for something more secure, we'll look into LibSodium.
I've caught rumours of a possible RAND_sys_bytes which operates over the systems CSPRNG? We like to be conservative on the libs.
We'd like to tip you for your efforts, do you have a Bitcoin (or ShadowCash) address?
Yes we're always where the critics are, they are or best source of information.
I'm very happy to see our work being reviewed. I'm not an expert cryptographer but I am capable of understanding it. (fyi I didn't code it).
Our memcmp in constant time is not the prettiest, but it's short so we roll with it :P
This project started around 2014, LibSodium was still very small back then and OpenSSL, in ours view, remains the defacto standard. Is there any particular reason on why we should move away from RAND_bytes() ?