DOMtegrity
noble-ed25519
Our great sponsors
DOMtegrity | noble-ed25519 | |
---|---|---|
3 | 2 | |
9 | 387 | |
- | - | |
10.0 | 7.2 | |
about 6 years ago | 5 days ago | |
JavaScript | JavaScript | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DOMtegrity
- LastPass owner GoTo has been hacked
-
DOMtegrity: Integrity checking for the web browser - A proposal by Newcastle University
Source code is provided here: https://github.com/toreini/DOMtegrity
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
For browsers this problem is partially solved as subresources may be integrity checked. Further, there have been proposals like DOMTegrity, that provides a complete solution. For now, yes, full integrity checking isn't done automatically in browser, but it may be done automatically using git or manually as is normally done for any software downloaded not using a package manager or git.
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
What are some alternatives?
pwsafe - PasswordSafe - popular secure and convenient password manager
bogbook - bogbook v3 - A replicated and secure social network made from ed25519 hash chains
Android-Password-Store - Android application compatible with ZX2C4's Pass command line application
VulnTLS - Collection of TLS vulnerabilities ready to be exploited.
pass-import - A pass extension for importing data from most existing password managers
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
Ed25519Tool - Ed25519 signing and verification online tool.
signature-sdk-js - Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
PythonPassKeep - PassKeep Clone written in Python. AES Encrypted SQLite tkinter UI
fiat-crypto - Cryptographic Primitive Code Generation by Fiat