Use libsodium bin2hex and hex2bin
rugk opened this issue · 1 comments
rugk commented
Currently bin2hex and hex2bin are used quite often.
However these functions are not are not timing-resistent, which means they could theoretically be exploited in a bad situation. Therefore it may be a good idea to use libsodiums time-resident implementation of it.
I would be willing to just replace all of them so we are on the safe side, but I've asked whether there would be any disadvantages in doing so.
rugk commented
Based on the answers there seem to be no disadvantages. I'd say switching would be a good thing.