mirror
/
reticulum
kopia lustrzana https://github.com/markqvist/reticulum
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Updated readme

pull/76/head
Mark Qvist 2022-06-10 11:32:10 +02:00
rodzic c5918395de
commit c6e2ba2cf3
1 zmienionych plików z 1 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
README.md
Wyświetl plik

@ -199,7 +199,7 @@ Reticulum has been designed to use a simple suite of efficient, strong and moder
In the default installation configuration, Reticulum primarily uses cryptograhic primitives from [OpenSSL](https://www.openssl.org/) (via the [PyCA/cryptography](https://github.com/pyca/cryptography) package). The hashing functions `SHA-256` and `SHA-512` are provided by the standard Python `hashlib`, and `Fernet` is provided by [an internal implementation](RNS/Cryptography/Fernet.py). All other primitives are provided by [OpenSSL](https://www.openssl.org/) & [PyCA](https://github.com/pyca/cryptography).
Reticulum also includes a *complete implementation of all necessary primitives in pure Python*. If [OpenSSL](https://www.openssl.org/) & [PyCA](https://github.com/pyca/cryptography) are *not* available on the system when Reticulum is started, Reticulum will instead use the internal pure-python primitives. A trivial consequence of this is performance, with the OpenSSL backend being *much* faster. The most important consequence however, is the potential loss of security by using primitives that has not seen the same amount of scrutiny, testing and review as those from OpenSSL. If you still want to use the internal pure-python primitives, it is highly advisable that you have a good understanding of which risks this pose, and make a decision on whether those are acceptable in your usage scenario.
Reticulum also includes a *complete implementation* of all necessary primitives *written in pure Python*. If [OpenSSL](https://www.openssl.org/) & [PyCA](https://github.com/pyca/cryptography) are *not* available on the system when Reticulum is started, Reticulum will instead use the internal pure-python primitives. A trivial consequence of this is performance, with the OpenSSL backend being *much* faster. The most important consequence however, is the potential loss of security by using primitives that has not seen the same amount of scrutiny, testing and review as those from OpenSSL. If you still want to use the internal pure-python primitives, it is highly advisable that you have a good understanding of which risks this pose, and make a decision on whether those are acceptable in your usage scenario.
## Caveat Emptor
Reticulum is relatively young software, and should be considered as such. While it has been built with cryptography best-practices very foremost in mind, it _has not_ been externally security audited, and there could very well be privacy or security breaking bugs. If you want to help out, or help sponsor an audit, please do get in touch.