ed25519-unsafe-libs
List of unsafe ed25519 signature libs (by MystenLabs)
trezor-firmware
:lock: Trezor Firmware Monorepo (by trezor)
ed25519-unsafe-libs | trezor-firmware | |
---|---|---|
5 | 889 | |
212 | 1,267 | |
-0.5% | 2.6% | |
3.8 | 9.8 | |
6 months ago | 1 day ago | |
Rust | C | |
MIT License | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ed25519-unsafe-libs
Posts with mentions or reviews of ed25519-unsafe-libs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-04.
-
Is my transaction signature system secure for my blockchain? (audit)
I tried to explain to you last time you asked about "your own crypto" that the answer always will be "it's not good, don't do it". First thing that strikes me is that you take public key from the provided data, which suggests a trivial attack like in https://github.com/MystenLabs/ed25519-unsafe-libs
- Vulnerability in the elliptic curve lib used by Trezor (among others)! Has this been disclosed by Trezor team?
- List of unsafe ed25519 signature libs
-
Initial impact report about this week's EdDSA Double-PubKey Oracle attack in 40 affected crypto libs
original findings and audit report by MystenLabs' Cryptography Chief + continuously updated list of affected libs: https://github.com/MystenLabs/ed25519-unsafe-libs
-
40 unsafe ed25519 libs where private key can be leaked via signing api misuse
TL;DR A new audit report revealed that the signing api of many ed25519 libs (some of them very popular) unfortunately expects a public key as input. An attacker may extract the private key by requesting two different signatures for the same message and private key, but on purpose for a different public key. Applications should not expose this api publicly and should refactor it to protect devs against accidental api misuse. Read more: https://github.com/MystenLabs/ed25519-unsafe-libs and https://blog.safeheron.com/blog/safeheron-originals/analysis-on-ed25519-use-risks-your-wallet-private-key-can-be-stolen
trezor-firmware
Posts with mentions or reviews of trezor-firmware.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-08-16.
-
¿How to start in bitcoin?
https://trezor.io/ - Easy to use, no matter how new in Bitcoin you're.
- Trezor unveils Trezor Safe family of devices
- New to the Crypto? 10 tips I wish I knew when entering the space
-
Trezor Suite added and later removed AOPP supporty
Added (November 2021): https://github.com/trezor/trezor-firmware/pull/1903
-
With what's happening with Binance, Coinbase, and others lately, I think we should switch to DeFi Platforms and Hard Wallets ASAP.
Next thing to have is a hard wallet if you haven’t already like a Ledger or a Trezor and let it sit there. That’s the safest thing to do! Also, there’s always been a risk of KYC (Know Your Customer) on CEXes as mentioned several times. This was all meant to be decentralized and keep our identity under wraps and retain that anonymity that crypto was originally designed for… and you get a hold of your keys.
- Trezor developer confirms private keys can be extracted if firmware is corrupt
-
Getting started
https://trezor.io/ - Easy to use, no matter how new in Bitcoin you're.
-
Trezor model 1 not recognized
where "x.y.z" is the VERSION of trezor (aka TrezorCTL) you are trying to install. See the version history when picking a version. "Oldest" is not necessarily "best". You'll want to pick a version that was released around the same time your Trezor-1 was last updated.
- Does the Bitbox02 Firmware Repo include a Simulator / Emulator?
-
Daily General Discussion - June 19, 2023
I've purchased a Trezor model T from what I believe is the official Trezor website (https://trezor.io/). Is it rational for me to have a slight fear that it isn't a legit trezor and maybe the chip is compromised, possibly being able to send off my seed to an unknown party?