Over my keynote at ElixirConf we discussed when to add things to the language, which are also
in our development page, and although crypto is super important, having crypto functionality in Elixir would not provide anything different than if it belongs to a package. Therefore, I don't believe it is a good candidate for inclusion.
I would not treat the creation of plug_crypto and pbcs as a yellow flag but I would say quite the opposite, the community is finally starting to extract and share their crypto code into packages, which is exactly the direction we want to go.
In fact, if we want to move to a shared tool, breaking the existing code apart is a necessity, so we can preserve backwards compatibility for users of those APIs. However, both packages are still lacking in some areas, especially in the documentation front. pbcs focuses on algorithm names, so developers, including myself, have no idea how to use them. That's why the plug_crypto API focuses on use cases. At the same time, plug_crypto focusing on use cases means someone looking for an existing algorithm will have a hard time finding it.
I would also like to say that there are some disadvantages to creating a package that attempts to tackle everything related to crypto:
* The package will provide too many functionality and become too large, which increases its footprint and makes it harder to maintain
* The APIs will likely grow in size in terms of options, which also makes it hard to maintain and may become itself a security issue
Maybe the best approach is to create an elixir-crypto organization and have multiple packages in there. They can depend on a master package with basic functionality (like secure_compare) and have everything else built on top using shared conventions. I am also certain that this should not belong to the elixir-lang organization. If our answer to every problem is "let's put it to the Elixir team to maintain", then we are in deep problem. I do understand you were not necessarily asking the Elixir team to maintain it but, if it is in the elixir-lang organization, then it is OUR responsibility.
Thanks for the proposal, Mark!
José Valim
Skype: jv.ptec
Founder and Director of R&D