noble-ed25519
bogbook
noble-ed25519 | bogbook | |
---|---|---|
2 | 1 | |
387 | 9 | |
- | - | |
7.2 | 6.7 | |
9 days ago | 7 months ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
bogbook
-
Don’t record your social life on an append-only social network
> One adjustment to the protocol that seems to me like a quick win (but presumably has some technical hitch I can't see, since I don't recall anyone suggesting this) would be to not include the post's body in the “block” (in the message itself that gets hashed and signed by the next message), but rather as a “blob” (essentially an attachment) which others don't need to download in order to verify the feed.
There's nothing to prevent you from taking this route, you just sign a blob hash instead of an entire message object.
I work on an experimental SSB-like-protocol in my spare time that does exactly what you've suggested: https://github.com/evbogue/bogbook
I don't know if this makes the network forget more, but the aim is to reduce the time it takes to sync and get started.
What are some alternatives?
DOMtegrity - JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
VulnTLS - Collection of TLS vulnerabilities ready to be exploited.
gun - An open source cybersecurity protocol for syncing decentralized graph data.
Ed25519Tool - Ed25519 signing and verification online tool.
signature-sdk-js - Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
JavaScript - Algorithms and Data Structures implemented in JavaScript for beginners, following best practices.
end-to-end - End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP)
fiat-crypto - Cryptographic Primitive Code Generation by Fiat
Fontify - A browser extension to add font support to social network posts.