search

Aareon / ChickenTicket

Pure Python implementation of a cryptocurrency blockchain
MIT License
15 stars 2 forks source link

Minerva timing attack on P-256 in python-ecdsa #53

Open Aareon opened 3 months ago

Aareon commented 3 months ago

https://github.com/Aareon/ChickenTicket/security/dependabot/17

Replace python-ecdsa dependency with alternative.

Aareon commented 3 months ago

In the process of removing the python-ecdsa dependency, I will also remove the pycryptodome dependency, in lieu of the cryptography package, which features ecdsa signing and blake2s.

Aareon commented 3 months ago

Problem being, cryptography does not support seed-based key generation. Research needed.