noble-ed25519
DOMtegrity
Our great sponsors
| noble-ed25519 | DOMtegrity | |
|---|---|---|
| 2 | 3 | |
| 384 | 9 | |
| - | - | |
| 6.7 | 10.0 | |
| about 1 month ago | about 6 years ago | |
| JavaScript | JavaScript | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
DOMtegrity
- LastPass owner GoTo has been hacked
-
DOMtegrity: Integrity checking for the web browser - A proposal by Newcastle University
Source code is provided here: https://github.com/toreini/DOMtegrity
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
For browsers this problem is partially solved as subresources may be integrity checked. Further, there have been proposals like DOMTegrity, that provides a complete solution. For now, yes, full integrity checking isn't done automatically in browser, but it may be done automatically using git or manually as is normally done for any software downloaded not using a package manager or git.
What are some alternatives?
bogbook - bogbook v3 - A replicated and secure social network made from ed25519 hash chains
pwsafe - PasswordSafe - popular secure and convenient password manager
VulnTLS - Collection of TLS vulnerabilities ready to be exploited.
Android-Password-Store - Android application compatible with ZX2C4's Pass command line application
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
pass-import - A pass extension for importing data from most existing password managers
signature-sdk-js - Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
Ed25519Tool - Ed25519 signing and verification online tool.
PythonPassKeep - PassKeep Clone written in Python. AES Encrypted SQLite tkinter UI
fiat-crypto - Cryptographic Primitive Code Generation by Fiat