You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Article at https://github.com/MystenLabs/ed25519-unsafe-libs mentions potentially unsafe ed25519 signature libraries that allow a public api where secret and public key can be provided independently as signing function inputs. Misuse of these public apis can result to private key exposure.
ed25519-dalek (RUST crate used for the bindings) is on that list and currently a PR is created addressing this issue: dalek-cryptography/ed25519-dalek#205
Will upgrade bindings as soon this is merged
The text was updated successfully, but these errors were encountered:
Article at https://github.com/MystenLabs/ed25519-unsafe-libs mentions potentially unsafe ed25519 signature libraries that allow a public api where secret and public key can be provided independently as signing function inputs. Misuse of these public apis can result to private key exposure.
ed25519-dalek
(RUST crate used for the bindings) is on that list and currently a PR is created addressing this issue: dalek-cryptography/ed25519-dalek#205Will upgrade bindings as soon this is merged
The text was updated successfully, but these errors were encountered: