We recently shipped a new pure Rust cryptography layer that now powers the Locker web app and Ensu. It is the start of a gradual move away from libsodium toward a single shared implementation that compiles natively to mobile and trivially to the web via WASM.
We love libsodium. But in Rust, the popular wrappers still bottleneck on libsodium-sys, a C dependency that makes cross-compilation painful. Pure Rust crates from the RustCrypto project gave us the same primitives with byte-for-byte wire compatibility, and one cargo build for every target. One crate, thin binding layers for each platform: web, mobile, CLI.
The new layer (our ente-core crate) is not large, but since it handles all the encryption we felt we needed independent eyes on it before rolling it out.
The review
Short version: we passed. winfunc found only medium and low severity issues, none of which materially affect us within our threat model. We’ll still address them, but for all practical purposes, green tick.
That's usually where the blog post would end. Link the report. Move on.
But we think the auditor deserves more than a footnote.
winfunc
winfunc is an LLM-powered security audit startup.
Their name is a nod to the CTF idea of a 'win function': a function that already exists in a program for a different purpose, but that an attacker repurposes by reaching it in a context where it should never run.
We'd been through the other, more established automated security review tools before, and had found them to be mostly noise.
We first came across winfunc when they audited our server code on their own initiative. That report was noticeably better: It was clearer (the findings read like they were written for an engineer), had fewer false positives, and felt directly actionable ("here's what's wrong, here's where, here's what to do.")
We met the founders. They're sharp, young, and building something that already punches well above its weight.
And when it came time to review ente-core, we reached out to them.
What's next
ente-core is live in the new Locker web beta, and is also integrated into Ensu.
Over time, unless a pure Rust libsodium port appears, it'll make its way into our other apps too. The engineering holy grail: one pure Rust crypto implementation everywhere.