Rust has become widely adapted throughout all domains, say ML, say web, of course systems and beyond. Networking companies and specially cybersecurity companies need cryptography in play, in almost everyday operations. A pal of mine, who works for a cybersecurity company (she has requested anonymity) asked me about Rust and cryptography. Well I do write web servers, I do use hashing but cryptography is not my thing. What I found is that there are not very promising projects in this arena. I’d like to make Rust strong in this field, so that Rust can be adopted in cryptography too. Now I know, Rust’s aim is to keep the standard library as small as possible (as opposed to Go, which keeps stuff like JSON parsing and templating into the std), hence I am not asking for that. I want ideas on how to build a cryptographically strong library with hashing and salting functions that can be used with trust, just like some sort of ‘incubation’ with
futures-rs and rust-lang/rust-lang-nursery, maybe a crate can be developed which provides this sort of functionality.
Who on earth needs cryptography?
- Networking protocols (say TLS)
- Web Development (storing passwords)
- Banking applications
- System applications and general applications (browsers such as Firefox, can store saved passwords by hashing them, AFAIK servo is being written in Rust)
- And an endless number of uses (basic authentication, maybe some kind of embedded fingerprint devices that are used for authentication)
What would be ideal? (in terms of a library)
- Bcrypt (most important I’d guess)
I’m open to inputs and people who can guide me and work with me for such an implementation
Why don’t you go and write a library yourself?
I wish I had known how these algorithms work, then my first action would have been to write a lib myself
What to do you mean by ‘standardized’?
I mean a stable and reliable API, something that doesn’t wildly change. Everyone has a different way to think, and not all people think in the same way, hence we should have a standard, or rather stable and predictable API that is production ready.