Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address private key leak vulnerabilty in ed25519-dalek #4

Closed
arjanz opened this issue Jul 4, 2022 · 1 comment
Closed

Address private key leak vulnerabilty in ed25519-dalek #4

arjanz opened this issue Jul 4, 2022 · 1 comment

Comments

@arjanz
Copy link
Member

arjanz commented Jul 4, 2022
edited
Loading

Article at https://github.com/MystenLabs/ed25519-unsafe-libs mentions potentially unsafe ed25519 signature libraries that allow a public api where secret and public key can be provided independently as signing function inputs. Misuse of these public apis can result to private key exposure.

ed25519-dalek (RUST crate used for the bindings) is on that list and currently a PR is created addressing this issue: dalek-cryptography/ed25519-dalek#205

Will upgrade bindings as soon this is merged
@arjanz arjanz mentioned this issue Sep 11, 2022
Closed
@arjanz
Copy link
Member Author

arjanz commented Oct 16, 2022

Followed Substrate by moving to ed2219-zebra, created new bindings: https://github.com/polkascan/py-ed25519-zebra-bindings

@arjanz arjanz closed this as completed Oct 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arjanz