Filippo Valsorda
Filippo Valsorda
Encodings are unique, not malleable, but not uniform. We should probably say that in Section 4. We might also warn against relying on them being uniform in Section 7. Relatedly,...
The identity element just works with encoding and decoding, and there is a test vector for it in the appendix, but I feel like it might be worth calling out...
Hello! We recently finally deprecated x/crypto/openpgp (golang/go#44226), and once the deprecation notice goes out I expect a number of users will move to forks like yours, which is great! To...
crypto/ecdsa currently generates "hedged" signatures, by drawing the random nonce from an AES-CTR CSPRNG keyed by `SHA2-512(priv.D || entropy || hash)[:32]`. This is great, as it provides the best of...
https://github.com/FiloSottile/age/issues/550, https://github.com/FiloSottile/age/issues/551, https://github.com/FiloSottile/age/issues/552, https://github.com/FiloSottile/age/issues/553, https://github.com/FiloSottile/age/issues/556, https://github.com/FiloSottile/age/issues/557, and https://github.com/FiloSottile/age/issues/558 were all filed after #19 was closed, and a couple show transcripts with the age report URL still. I must insist, this...
For example we could link to sunlight.dev, present the list of running logs and their keys and checkpoints, maybe even show CLI commands to submit to the log. Also, metrics...
crypto/cipher has well defined interfaces with plenty of tricky requirements (about aliasing, different lengths, state) that are hard to test for and easy to overlook. cryptotest will be an interface...
Now that Wycheproof is community managed (more on that later!), I’d like to propose a significant change: removing the Java and Javascript testing harnesses, and focusing entirely on the JSON...
Hey, I see you are using bleach on the HTML contents, which is awesome. A great defense in depth measure available in all modern browsers is [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). With a few...
> I also usually do NPM publish using CI: [publish-npm.yml](https://github.com/paulmillr/noble-curves/blob/main/.github/workflows/publish-npm.yml) > >It will build the package and upload it to NPM, using [transparency logs](https://docs.npmjs.com/generating-provenance-statements). This would require adding NPM_PUBLISH_TOKEN to...