Hi there, fairly new to crystal and I’m a little surprised by the seeming lack of an obvious community “standard” library for common crypto - argon2, etc. Even the most recently updated libraries i could find haven’t seen a commit in years.
I’ve noticed the shards.info index site is extremely poor, so I was hoping to find recommendations as to what everyone is using?
thanks
James
Were you looking for something in particular? For handling passwords or?
The stdlib has some via Crypto - Crystal 1.12.2, and also openssl via OpenSSL::Cipher - Crystal 1.12.2
shards.info essentially scrapes GH, could also checkout Cryptography on Shardbox which might have some additional ones as well as GitHub - veelenga/awesome-crystal: 💎 A collection of awesome Crystal libraries, tools, frameworks and software.
The main downside of decentralized shards is that there isn’t a good way to track the shards ecosystem as a whole. Efforts to make unified lists all have their limits.
Hi James, welcome to Crystal where you’ll discover that shards that haven’t been updated for four years in most cases works just fine.
Regarding argon2, it’s supported by GitHub - didactic-drunk/sodium.cr: Crystal wrapper for the libsodium crypto API and GitHub - Axentro/crystal-argon2: Crystal bindings for the argon2 hashing algorithm it seems. I wouldn’t know any details as I’ve so far avoided having to deal with crypto by making it Someone Elses Problem (the best kind).
So, as @Blacksmoke16 was asking, what exactly are you looking for?
Hello all, thanks for the prompt and helpful responses. Yes, it’s for passwords, specifically key derivation - i have some user data stored in a config file and would like to protect it somewhat by putting an expensive KDF in front of it. Idea being that the user can enter a password, it gets turned expensively into a hash via argon2id, then that hash is used as the encryption key.
I’d definitely looked first at the libsodium wrapper, but it seems all over the place and the README examples don’t work. Very happy to see bcrypt is in the stdlib, i think that is enough that i’ll just switch to using that instead of argon. I had also missed that openssl has a stdlib wrapper so i’ll use that for the encryption. Awesome.
The decentralized shards system is great in its low ceremony but does indeed make it hard to find what people are really using… i’m very used to tools like hex.pm and rubgems.org to answer this kind of question rather than posting to a forum. It would be good if some kind of solution could be found!
Another takeaway might be that shards indexes do not give visibility to the std-lib areas.
For example for crypto you might be interested in Crypto namespace, but also Random::Secure, OpenSSL, and Digest.
I don’t think we have the means for users to discover its existence other than browsing the whole std-lib api, be familiar with ruby std-lib that sometimes match, or have an article introducing them.
If they were put in a shard users might discover them as they do with other packages. I don’t want to move them out, but to highlight a potential need to group the std-lib in some way that is more discoverable.