[cesaref]

I can't seem to fathom the why in this. Why is Rust different from, say, Python?

[conradludgate]

Well, let's put it this way. The python cryptography package contains rust code. The rust cryptography libraries are certainly not going to contain python code.

[cesaref]

I wasn't clear, I mean, why should Rust have it's own implementation, with the cost and worries about correctness, and maintenance burden vs using an existing library, as is typically what other languages (e.g. Python) would do in this situation.

I don't see the benefit, that's what I was wondering about.

[conradludgate]

What library? Who maintains the library?

For some background, ring/rustls is a Rust library that replaces openssl because it doesn't have a good track record for vulnerabilities - especially those caused by memory safety issues.

[wffurr]

Unlike Python, Rust is efficient enough and suitable for low level bit twiddling to write fast crypto libraries without using an unsafe language like C.

[cesaref]

So it's a safety concern, is that what this is about? Safety as in, thread safety that sort of thing? I personally would be more worried about correctness, and so i'm not sure what the win is over wrapping an existing library, like every other language does (ok, there are bound to be exceptions).

[wffurr]

Well yes? Heartbleed? The majority of significant security bugs are memory corruption and data races, both of which safe Rust prevents by design.

[kdjfkhsakhkdhjk]

20x performance increase when using rust over python.

Plus the syntax is not that different, you can hand transpose python -> rust.

[ZiiS]

Most of rust is written in rust, it targets being able to write low level code.