Ed25519Tool VS noble-ed25519

I'm concerned about the `#` character in the URL.

# means fragment and that's kept local and not sent to the server unless client side Javascript sends it to the server. I would use an identifier that doesn't already mean something to the URL.

See https://github.com/Cyphrme/URLFormJS#query-parameters-fragme... (Also see https://github.com/Cyphrme/Path)

For an example where this is relevant: https://cyphr.me/ed25519_tool/ed.html#?msg_encoding=Text&msg...

And see https://www.rfc-editor.org/rfc/rfc3986#section-3.5

For browsers this problem is partially solved as subresources may be integrity checked. Further, there have been proposals like DOMTegrity, that provides a complete solution. For now, yes, full integrity checking isn't done automatically in browser, but it may be done automatically using git or manually as is normally done for any software downloaded not using a package manager or git.

The only reason the evil tool is now the second result is because this backdoor angered me so much I created the (now) #1 tool, that runs in browser, never sends off keys, and is fully open source. Feel free to click on that one all you want and star it on Github. Just practicing, "cypherpunks write code". 😉

git clone https://github.com/Cyphrme/ed25519_applet.git

[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).

I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.

Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.

(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)