TritonDataCenter / node-sshpk

Parse, convert, fingerprint and use SSH keys in pure node.js
MIT License
189 stars 50 forks source link

ed25519 key verification is malleable #89

Open paulmillr opened 1 year ago

paulmillr commented 1 year ago

The cryptography module tweetnacl you're using allows forged signatures.

Suggest to switch to https://github.com/paulmillr/noble-curves or https://github.com/paulmillr/ed25519-keygen