Libsodium
Libsodium is a crypto library written in C.
We compared two versions of Libsodium:
- one where SLH is activated on all files
- one where SLH is activated only for files where Ectopass finds a vulnerability (selective SLH)
We observed that the overhead of SLH is significantly lower when SLH is applied selectively. Note that this is without using any annotation in Ectopass’ configuration to remove eventual false positives. The difference could be even higher using them.
| Mitigation | Average Overhead |
|---|---|
| SLH | 831% |
| Selective SLH | 4% |
