Critical Vulnerability in Monocypher 1.0.1, please update

philanc / luanacha

"NaCl with Chacha in Lua" - a wrapper around the Monocypher crypto library

5 stars 4 forks source link

Critical Vulnerability in Monocypher 1.0.1, please update #4

Closed LoupVaillant closed 5 years ago

LoupVaillant commented 5 years ago

EdDSA signatures in Monocypher 1.0.1 are vulnerable to forgeries (all-zero signatures are accepted as valid). You should update to version 2.0.5 (preferably), or 1.1.1 (backwards compatible).

If you want further updates about Monocypher (hopefully never more bad news like this), consider registering to the news feed.

philanc commented 5 years ago

Thanks for the heads-up. Luanacha has been upgraded to version Monocypher 2.0.5.