README.md in rbnacl-1.1.0 vs README.md in rbnacl-2.0.0.pre
- old
+ new
@@ -1,10 +1,9 @@
======
[](http://badge.fury.io/rb/rbnacl)
[](https://travis-ci.org/cryptosphere/rbnacl)
-[](https://gemnasium.com/cryptosphere/rbnacl)
[](https://codeclimate.com/github/cryptosphere/rbnacl)
[](https://coveralls.io/r/cryptosphere/rbnacl)
A Ruby binding to the state-of-the-art [Networking and Cryptography][nacl]
library by [Daniel J. Bernstein][djb]. This is **NOT** Google Native Client.
@@ -45,18 +44,21 @@
is extremely fast with comparatively small cryptographic keys.
For more information on NaCl's goals, see Dan Bernstein's presentation
[Blaming the Cryptographic User](http://cr.yp.to/talks/2012.08.08/slides.pdf)
+### Is it any good?
+
+[Yes.](http://news.ycombinator.com/item?id=3067434)
+
## Supported platforms
You can use RbNaCl anywhere you can get libsodium installed (see below).
RbNaCl is continuously integration tested on the following Ruby VMs:
* MRI 2.0
* MRI 1.9 (YARV)
-* MRI 1.8 / REE
* JRuby 1.7 (in both 1.8/1.9 mode)
* Rubinius HEAD (in both 1.8/1.9 mode)
In theory Windows should be supported, although there are not yet any
reports of successful Windows users.
@@ -198,15 +200,62 @@
Have a general interest in cryptography? Check out the free course
Coursera offers from Stanford University Professor Dan Boneh:
[http://crypto-class.org](http://crypto-class.org)
+## Important Questions
+
+### Is it "Military Gradeā¢"?
+
+Only if your military understands twisted Edwards curves
+
+### Does it have a lock with a checkmark?
+
+Sure, here you go:
+
+
+
+### Is it full of NSA backdoors?
+
+
+
+The design of RbNaCl's primitives is completely free from NIST (and by
+association, NSA) influence, with the following minor exceptions:
+
+* The Poly1305 MAC, used for authenticating integrity of ciphertexts, uses AES
+ as a replaceable component
+* The Ed25519 digital signature algorithm uses SHA-512 for both key derivation
+ and computing message digests
+* APIs are provided to certain NIST hash functions, including SHA-256, SHA-512,
+ and their associated HMAC counterparts
+
+Otherwise, all of the algorithms in NaCl were designed by Dan Bernstein and his
+collaborators.
+
+The design choices in NaCl, particularly in regard to the Curve25519
+Diffie-Hellman function, emphasize security (whereas [NIST curves emphasize
+"performance" at the cost of security][nist-security-dangers]), and "magic
+constants" in NaCl are picked by theorems designed to maximize security.
+The same cannot be said of NIST curves, where the specific origins of certain
+constants are not described by the standards and may be subject to malicious
+influence by the NSA.
+
+It is the opinion of this library's authors that Dan Bernstein is unlikely to be
+subject to NSA influence (although we have no way of actually knowing this).
+
+Dan Bernstein's designs have been well-scrutinized both as part of the [ESTREAM
+Project](https://en.wikipedia.org/wiki/ESTREAM) and the cryptographic community
+as a whole. And despite the emphasis on higher security, NaCl's primitives are
+faster across-the-board than most implementations of the NIST standards.
+
+[nist-security-dangers]: http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf
+
## Contributing
* Fork this repository on Github
* Make your changes and send a pull request
* If your changes look good, we'll merge 'em
## License
-Copyright (c) 2013 Tony Arcieri, Jonathan Stott.
+Copyright (c) 2013 Jonathan Stott, Tony Arcieri.
Distributed under the MIT License. See LICENSE.txt for further details.