top | item 20485194

(no title)

return_0e | 6 years ago

I haven't implemented PASETO but I was thinking about adding support for another language. If I were to implement it, I would just use libsodium for most of the cryptographic primitives whenever possible since the reference PASETO implementation uses it as well as most of the other language implementations too (Except for the Go version).

PASETO does seem like a cryptographic secure alternative that addresses the pitfalls of the JOSE standard and has most of the mitigations mentioned in this blog-post (No cryptographic-algorithm agility) and it supports the same functionalities of JWT/JWE and JWS. So I am convinced on getting that standardized, but it also needs XChaCha20-Poly1305 AEAD to be standardized too [0].

Fernet was also around as being a secure alternative, but it has been mostly replaced by Branca [1] and PASETO.v2.

[0] - https://github.com/bikeshedders/xchacha-rfc

[1] - https://branca.io

discuss

No comments yet.