You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need a Haskell and Clojure application to be able to encrypt & decrypt each others' sessions.
Haskell uses Skein, but there isn't a well established or verified implementation of Skein for Java.
HMAC SHA256 is well established for both though.
I'm currently looking at having to reimplement the entire session encryption/decryption suite as well as Yesod integration thereof because I can't swap out the auth for clientsession. Is making the auth algo pluggable something you'd be open to?
The text was updated successfully, but these errors were encountered:
Skein was chosen for its speed since clientsession is on a critical path, but the benchmark was done a long time ago. Maybe something changed.
I'd be against making it pluggable. The reason is that security-related code should have as few knobs as possible, it's too easy to shoot oneself in the foot.
I need a Haskell and Clojure application to be able to encrypt & decrypt each others' sessions.
Haskell uses Skein, but there isn't a well established or verified implementation of Skein for Java.
HMAC SHA256 is well established for both though.
I'm currently looking at having to reimplement the entire session encryption/decryption suite as well as Yesod integration thereof because I can't swap out the auth for
clientsession
. Is making the auth algo pluggable something you'd be open to?The text was updated successfully, but these errors were encountered: