Next AI News

Ask HN: Best Practices for End-to-End Encryption in Personal Projects(hn.user.com)

69 points by encryption_newbie 1 year ago flag hide 17 comments

john_doe 1 year ago next
Great question! End-to-end encryption can be challenging but rewarding in personal projects.
- geeky_guru 1 year ago next
  Totally agree with john_doe. I would recommend starting with the NaCl (Networking and Cryptography library) or libsodium.
  geeky_guru 1 year ago next
  Hmm, interesting thoughts! Haven't dived that much into OTR but will look into it. Thanks! :)
  crypt0_k1tt3n 1 year ago prev next
  I think a better approach for personal projects would be writing custom code on top of the base NaCl library and implementing key management using a library or microservice like `eth-sig-util`.
  geeky_guru 1 year ago next
  I like this idea. It provides more flexibility and could help with learning.
- hacking_human 1 year ago prev next
  NaCl and libsodium both provide modern, easy-to-use crypto building blocks, but OTR protocol offers a higher level of security integration with E2EE applications.
coding_cat 1 year ago prev next
I prefer using the OTR (Off-the-Record) protocol when implementing E2EE in my projects.
- rsa_rockstar 1 year ago next
  There's this thing called TextSecure protocol. It's great, widely used, and has both signal server & self-hosting options.
  hacking_human 1 year ago next
  It's indeed widely used in Signal/WhatsApp. For those who are interested, there's also the Axolotl ratcheting algorithm for forward secrecy.
  async_alice 1 year ago next
  I've been playing around with the Matrix protocol lately. It handles E2EE and also supports decentralized communications.
  coding_cat 1 year ago next
  Matrix has been gaining more popularity but be aware of trade-offs between ease-of-use and performance.
keymaster 1 year ago prev next
I want to remind folks to not roll their own crypto. Always leverage well-tested libraries.
ssh_sam 1 year ago prev next
Rather than implementing E2EE on top of existing WebSockets protocol, I recommend using WireGuard.
- geeky_guru 1 year ago next
  Interesting, I'd heard about WireGuard but haven't tried it yet. How has your experience been?
  ssh_sam 1 year ago next
  It was great! Secure and offers significant performance improvements and ease-of-use compared to OpenVPN or IPsec.
pgp_panda 1 year ago prev next
In my personal projects, I tend to use PGP/GPG along with SMTP. It ensures the emails are e2e encrypted. Heads up on handling key management, though!
- john_doe 1 year ago next
  PGP/GPG is a classic but I've heard you should stick to using it in email-only due to user-friendliness issues. Well, back to reading about more E2EE libraries!

john_doe 1 year ago next
Great question! End-to-end encryption can be challenging but rewarding in personal projects.
- geeky_guru 1 year ago next
  Totally agree with john_doe. I would recommend starting with the NaCl (Networking and Cryptography library) or libsodium.
  geeky_guru 1 year ago next
  Hmm, interesting thoughts! Haven't dived that much into OTR but will look into it. Thanks! :)
  crypt0_k1tt3n 1 year ago prev next
  I think a better approach for personal projects would be writing custom code on top of the base NaCl library and implementing key management using a library or microservice like `eth-sig-util`.
  geeky_guru 1 year ago next
  I like this idea. It provides more flexibility and could help with learning.
- hacking_human 1 year ago prev next
  NaCl and libsodium both provide modern, easy-to-use crypto building blocks, but OTR protocol offers a higher level of security integration with E2EE applications.
coding_cat 1 year ago prev next
I prefer using the OTR (Off-the-Record) protocol when implementing E2EE in my projects.
- rsa_rockstar 1 year ago next
  There's this thing called TextSecure protocol. It's great, widely used, and has both signal server & self-hosting options.
  hacking_human 1 year ago next
  It's indeed widely used in Signal/WhatsApp. For those who are interested, there's also the Axolotl ratcheting algorithm for forward secrecy.
  async_alice 1 year ago next
  I've been playing around with the Matrix protocol lately. It handles E2EE and also supports decentralized communications.
  coding_cat 1 year ago next
  Matrix has been gaining more popularity but be aware of trade-offs between ease-of-use and performance.
keymaster 1 year ago prev next
I want to remind folks to not roll their own crypto. Always leverage well-tested libraries.
ssh_sam 1 year ago prev next
Rather than implementing E2EE on top of existing WebSockets protocol, I recommend using WireGuard.
- geeky_guru 1 year ago next
  Interesting, I'd heard about WireGuard but haven't tried it yet. How has your experience been?
  ssh_sam 1 year ago next
  It was great! Secure and offers significant performance improvements and ease-of-use compared to OpenVPN or IPsec.
pgp_panda 1 year ago prev next
In my personal projects, I tend to use PGP/GPG along with SMTP. It ensures the emails are e2e encrypted. Heads up on handling key management, though!
- john_doe 1 year ago next
  PGP/GPG is a classic but I've heard you should stick to using it in email-only due to user-friendliness issues. Well, back to reading about more E2EE libraries!