ChickenTicket icon indicating copy to clipboard operation
ChickenTicket copied to clipboard

Published 20 hours ago verified publisher icon Aareon

Minerva timing attack on P-256 in python-ecdsa

Open Aareon opened this issue 11 months ago • 2 comments

https://github.com/Aareon/ChickenTicket/security/dependabot/17

Replace python-ecdsa dependency with alternative.

Aareon avatar Mar 24 '24 16:03 Aareon

In the process of removing the python-ecdsa dependency, I will also remove the pycryptodome dependency, in lieu of the cryptography package, which features ecdsa signing and blake2s.

Aareon avatar Mar 27 '24 23:03 Aareon

Problem being, cryptography does not support seed-based key generation. Research needed.

Aareon avatar Mar 28 '24 04:03 Aareon