Hi there,

First off thanks for all the work in building this - crypto is a PITA.

After reading your docs, I had the following questions, which I think would be useful to cover (or clarify) for other people in the docs:

1. Have any cryptographers reviewed this library? If so who - were they internal or a hired 3rd party - which part(s) did they review? Your docs appear to be asking for a security review, which makes me wonder if this library has been blessed by an actual cryptographer, i.e. Cryptography is hard. Please review and test this code before depending on it for critical functionality.. I do not mean for this to sound accusatory in any way- I'm merely curious as to the current state of this library.

2. Is this intended to be used in production or is this more of a hobby project/proof-of-concept? I assume you guys use this in production today?

3. Are there any known (demonstrated) vulnerabilities against anything specific to this library's implementation? Your documentation hints that there might be a known timing attack vulnerability due to it being difficult to check MAC equality in constant time in JS runtimes - what else might exist?