Closed stackinspector closed 1 year ago
We are about to release rc.2 across the crates :heart: from current main which should be safe to use.
Just need to make StaticSecret
optional today in which is one API change we are doing for 2.0.0 x25519 - if you're not using StaticSecret
w/ default feature set then you'll be okay until rc.2 compat wise.
rc.2 is out btw across all the crates
The latest prerelease of
ed25519-dalek
has been updated tocurve25519-dalek
4.0.0-rc
, and using both prereleases (of it and this crate) would cause dependency redundance. The reason for using prereleases is that theed25519-dalek
andcurve25519-dalek
prereleases usedigest
API version0.10
, which does not force the hash algorithm to implement resetting state, which is different from the three-year-old version0.9
used by current stable versions. And I need to replace the SHA2 algorithm in Ed25519 with cSHAKE256 provided bytiny-keccak
crate (I know this makes it not specification-compliant) and the public API oftiny-keccak
does not support resetting state. For now I'm using this crate on git main to solve this problem temporarily. (Is there a security risk with this?)