Cryptographically verifiable, distributed dependency reviews
reviewer: ThomasdenH
$ cargo crev repo fetch url https://github.com/ThomasdenH/crev-proofs$ cargo crev id trust mQfcYeOGmCGYJenSPXjSdxZHAnyWQ9GM1OdTeuKAjaIrepo: https://github.com/ThomasdenH/crev-proofs
Please, use mobile in landscape.
A small crate to find the rust compiler version as well as some metadata. Contains plenty of tests and handles versioning quirks
I am the creator of this crate. This crate is tested extensively. All country-specific code is automatically generated from the registry. I suspect this may be one of if not the fastest iban parser out there. I have also noticed mistakes in other parsers online that are not present in this library. One reason you may avoid using this that I can think of is the dependency on arrayvec, which uses quite a bit of unsafe code.
This is a very small crate. The RNG doesn't make any security guarantees, which makes the risks associated with the crate low. The code seems to implement the algorithm from the paper straightforwardly, although it doesn't specify why the particular values for a, b, c were chosen. (They don't seem to appear in the paper)
The code seems correct. Most of the code is boilerplace, for example directly calling the underlying Vec.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
The crate uses a lot of unsafe, although the conditions for safety seem to have been taken in consideration carefully.
The use of unsafe consists of: - Handling len/capacity where bounds are checked manually. This looks correct. - Handling unitialized memory for indices >= len. I don't know enough about it to judge correctness here - Handling utf8 conversions/assumptions. For example, the conversion from char to bytes. Correctness is checked for every byte here, so this is likely correct, too.