Our great sponsors
-
Feature request submitted to libsodium: https://github.com/jedisct1/libsodium/issues/1191
-
original findings and audit report by MystenLabs' Cryptography Chief + continuously updated list of affected libs: https://github.com/MystenLabs/ed25519-unsafe-libs
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Trezor's hardware wallet firmware allows the affected api, but there was a deep dive by both the this attack's author (Kostas) and the Trezor team; they all eventually realized that current ed25519 signing invocations are fortunately safe. Thus, no worries at the moment, Trezor's current firmware is secure against this threat, but their engineers are working on deprecating the affected function to prevent any accidental future misuse - Github tracking issue https://github.com/trezor/trezor-firmware/issues/2338. I'd highlight that Trezor's response and cooperation was indeed blazing fast, good job guys!
-
Funny part is that even in CTF challenges made around this problem challenge authors were introducing some intentional bugs to account for this scenario, because they thought it would be too unrealistic otherwise :D See for example: https://github.com/p4-team/ctf/tree/master/2018-12-08-hxp/crypto_uff
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.