You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the course of the project https://github.com/mailvelope/mailvelope/wiki/mw2018 we have initiated an audit of the OpenPGP.js code base which was conducted by Cure53.
This was only a short security review without final report, still I think it is interesting to share the assessement of Cure53 on features newly implemented in OpenPGP.js v3.
Cryptographic API exposure via different providers.
Feedback from Cure53 team:
Tested cryptographic implementations were top notch and excellent
quality given the platform. The only limitations come from the platform
itself (JavaScript/web), which do not allow for side channel resistance
or reliable constant time operations. Overall however this is an
exceptional library for JavaScript cryptography.
@cure53 please confirm result and please also open a new ticket for the identified issue MV-02-005 (low).
The text was updated successfully, but these errors were encountered:
In the course of the project https://github.com/mailvelope/mailvelope/wiki/mw2018 we have initiated an audit of the OpenPGP.js code base which was conducted by Cure53.
This was only a short security review without final report, still I think it is interesting to share the assessement of Cure53 on features newly implemented in OpenPGP.js v3.
Coverage of the audit:
AES-EAX, AES-GCM, AES-CBC, ED25519, C25519, ECDSA, HMAC, P256, P384,
P521, SECP256K1.
Feedback from Cure53 team:
@cure53 please confirm result and please also open a new ticket for the identified issue MV-02-005 (low).
The text was updated successfully, but these errors were encountered: