VulnTLS
noble-ed25519
| VulnTLS | noble-ed25519 | |
|---|---|---|
| 1 | 2 | |
| 7 | 394 | |
| - | - | |
| 4.7 | 7.2 | |
| 5 months ago | 9 days ago | |
| Rust | JavaScript | |
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
VulnTLS
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
What are some alternatives?
noble-secp256k1 - Fastest 4KB JS implementation of secp256k1 signatures and ECDH
DOMtegrity - JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.
credential-plus - 🔒Unified API for password hashing algorithms
bogbook - bogbook v3 - A replicated and secure social network made from ed25519 hash chains
al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
tlspuffin - A Dolev-Yao-model-guided fuzzer for TLS
signature-sdk-js - Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
Ed25519Tool - Ed25519 signing and verification online tool.
fiat-crypto - Cryptographic Primitive Code Generation by Fiat