-
Hello,
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found some warnings (indicating potential vulnerabilities) when running a static analysis tool…
-
In various CryptoGuard projects in issue #134 that were headless tested, misuses were not caught in the following scenario from the analysis. The cases include a particular scenario where a value is s…
-
Currently the "custom" feature is last in our precedence order for selecting implementations. The original idea behind this was to ensure that a crate couldn't (accidentally or intentionally) change t…
-
## Problem
Mods sometimes need the ability to set user passwords. For example, you may wish to support password resets using a web control panel.
`minetest.get_password_hash` only supports SHA-1…
-
Thanks for building this. It's the best JS SRP library I've found! I'm looking into using it as a part of https://github.com/jcgsville/project-expedius
I ran into a bump in the road, and I'm wonder…
-
I'd like to perform an amateur security audit, spot and fix some theoretical weaknesses before the final public release.
Keep tuned.
-
# `EC_GROUP_cmp()` behaviour
Consider the following code snippet:
~~~C
int nid, rv;
EC_GROUP *group1 = NULL, *group2 = NULL;
ECPARAMETERS *ecparameters = NULL;
BN_CTX *ctx…
-
We've had a few requests (#86, #186, #230) to support decrypting messages using a public key. Though this should be straightforward using any encryption padding as it's the reciprocal operation to pub…
-
Right now as I understand it, the source uploads a sensitive document, that document is sent over Tor to the hidden service running on the source server, that source server encrypts the document, and …
-
I'm personally interested in implementing a hash to curve (an existing one, not a new one), which I understand isn't something that comes up often (lack of other issues with this request). I am curren…