noble-ed25519
Ed25519Tool
noble-ed25519 | Ed25519Tool | |
---|---|---|
2 | 5 | |
387 | 20 | |
- | - | |
7.2 | 5.6 | |
9 days ago | 8 months ago | |
JavaScript | JavaScript | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
Ed25519Tool
-
Show HN: Non.io, a Reddit-like platform Ive been working on for the last 4 years
I'm concerned about the `#` character in the URL.
# means fragment and that's kept local and not sent to the server unless client side Javascript sends it to the server. I would use an identifier that doesn't already mean something to the URL.
See https://github.com/Cyphrme/URLFormJS#query-parameters-fragme... (Also see https://github.com/Cyphrme/Path)
For an example where this is relevant: https://cyphr.me/ed25519_tool/ed.html#?msg_encoding=Text&msg...
And see https://www.rfc-editor.org/rfc/rfc3986#section-3.5
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
For browsers this problem is partially solved as subresources may be integrity checked. Further, there have been proposals like DOMTegrity, that provides a complete solution. For now, yes, full integrity checking isn't done automatically in browser, but it may be done automatically using git or manually as is normally done for any software downloaded not using a package manager or git.
-
Daily General Discussion - September 30, 2022
The only reason the evil tool is now the second result is because this backdoor angered me so much I created the (now) #1 tool, that runs in browser, never sends off keys, and is fully open source. Feel free to click on that one all you want and star it on Github. Just practicing, "cypherpunks write code". 😉
-
Ed25519 Online Tool - Sign, Verify, and Generate Ed25519 Keys.
git clone https://github.com/Cyphrme/ed25519_applet.git
What are some alternatives?
DOMtegrity - JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript