[zeromq-dev] Defaulting to tweetnacl?

frank soundart at gmx.net
Tue Mar 1 17:17:13 CET 2016

On 03/01/2016 02:51 PM, Roland Fehrenbacher wrote:
>>>>>> "P" == Pieter Hintjens <ph at imatix.com> writes:
>     P> Frank, Thanks for your opinion. You hit it spot on, I think. It
>     P> is really a relief to have security by default without any
>     P> external packages.
>     P> Roland, would this work? Package for Debian using libsodium?
> I'm a bit confused now. I thought the point of your original mail was
> that tweetnacl will be the default from now on and kind of substituting
> libsodium. If that is so, the suggested path for Debian would be to drop
> libsodium in favor of tweetnacl as well, with tweetnacl linked in as an
> external lib, just like libsodium currently is.


sorry for causing confusion.

I think the old default while building from source was "no cryptolib".

If you want crypto you have now two options:

- libsodium
- tweetnacl

Which you can enable with flags to the build system of choice. (I used
cmake on linux/debian, but there are others too in libzmq)

Libsodium is probably the better solution, except for these two points:
- it does not support cmake for building :)
- it requires you to install/compile it somehow seperately and make it
available to the libzmq build

I have tried getting cmake support into libsodium but the pull request
was rejected.
The second point is too complex for many developers who work on systems
not having apt-get.

libzmq3 on debian stable depends already on libsodium so has already
deviated from the upstream default configuration (thanks!)
and enabled crypto. This (== using libsodium) is still the right thing
to do in my opinion.

kind regards

More information about the zeromq-dev mailing list