Is cryptonite anything like production ready? I mean, does it protect against timing side channels (perhaps using crypto instructions like AES-NI), etc.
Something I didn't like about it is that it exposes crypto primitives, including stuff like TripleDES, with no warning[0]. The tutorial also has you handle IVs directly.[1]
If you notice, it only exposes the _types_ of the TripleDES, not the constructors, meaning you don't have access to the values unless you clone the cryptonite repo and modify it to expose the constructors, giving access to the values at run time.
Also, the tutorial is a bit advanced and is meant to show a particular use case of using symmetric block ciphers for encryption/decryption, you are not always using such bare-bones primitives-- check out the hashing part of the README.md in Nanocoin.
IMO it's production ready, and has most all potential known attacks documented above the functions that are vulnerable.
Also, the tutorial is a bit advanced and is meant to show a particular use case of using symmetric block ciphers for encryption/decryption, you are not always using such bare-bones primitives-- check out the hashing part of the README.md in Nanocoin.
IMO it's production ready, and has most all potential known attacks documented above the functions that are vulnerable.