This repository has been archived by the owner on Mar 11, 2024. It is now read-only.
Possible ED25519-dalek issue #209
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to ed25519-unsafe-libs the library that is used for signing, ed25519-dalek, possibly contains a security bug that allows for private key extraction (as explained in this stack overflow post.
Now, the README mentions that it is not likely that libraries, like Ursa, using the "unsafe" library will also be "unsafe", but I thought I should mention it here.
I am by no means an expert in this, so likely it is just nothing, but it never hurts to mention it.
The text was updated successfully, but these errors were encountered: