ECDSA signing is vulnerable to timing attacks

[frasertweedale]

Crypto.PubKey.ECC.ECDSA signing operations are vulnerable to timing attacks. Switch to a safe implementation.

http://hackage.haskell.org/package/crypto-pubkey-0.2.8/docs/Crypto-PubKey-ECC-ECDSA.html

[sophie-h]

Am I right to assume this bug has actually been fixed with #12 been closed? There is still a warning in the README.

[frasertweedale]

@sophie-h alas no, the latest version of cryptonite still apparently has the timing problem: https://hackage.haskell.org/package/cryptonite-0.21/docs/Crypto-PubKey-ECC-ECDSA.html

[sophie-h]

Thank you for the clarification!