-
litep2p causes multiple issues downstream for us at Subspace. Older release brought vulnerable ed25519-dalek version that we had to suppress in cargo audit, now I noticed it pulls a large number of ex…
-
### Summary
When using the identity::ed25519::SecretKey::from_bytes function from rust-libp2p in a release build on Linux (Ubuntu 24), a segmentation fault occurs. This happens during the process o…
-
**Description**
A long time ago we moved away from the `ring` crate to a constellation of pure-rust cryptographic libraries. We did the switch because the `ring` library did not build for certain a…
-
It seems like [`DecodingKey::from_ed_der`](https://docs.rs/jsonwebtoken/latest/jsonwebtoken/struct.DecodingKey.html#method.from_ed_der) function actually expects raw 32 bytes public key, which ring's …
-
Right now `rai::validate_message_batch` requires a vector, but it could accept an iterator and build up the verification.
This needs to have a different batch verification implementation exposed, @…
-
~~A verification error was observed in verification compatibility between the ring Ed25519 and ed25519-dalek implementations.~~ This issue is to track how this is happening and adding tests to **ensur…
-
2018-11-02T16:03:26Z rkeene
Right now requires a vector, but it could accept an iterator and build up the verification.This needs to have a different batch verification implementation exposed, @Plasm…
-
There are several downstream vulnerabilities that could tangentially impact this library, update dependencies.
-
The following outdated dependencies are related and likely should be updated together:
```
$ cargo outdated -R
Name Project Compat Latest Kind Platform
---- ------- …
bjorn updated
12 months ago
-
> Double Public Key Signing Function Oracle Attack on `ed25519-dalek`
| Details | |
| ------------------- | -------------------------------…