rbnacl

rbnacl copied to clipboard

SigningKey#sign(message) makes undocumented assumptions about message encoding

1

`SigningKey#sign(message)` is using String#[] to truncate the output from `sign_attached(message)` which yields unpredictable results according to the `message` encoding. ``` [43] pry(main)> data.encoding => # [44] pry(main)> signing_key.sign(data).length => 64...

wmlele

are there methods for validating passwords when using `#scrypt`? are there methods for validating passwords when using `#argon2` instead of `#argon2_str`? EDIT FOR CLARITY The way the docs are presented...

SampsonCrowley

This pull request adds two libsodium constants `OPSLIMIT_SENSITIVE` and `MEMLIMIT_SENSITIVE` as default values for the `opslimit` and `memlimit` parameters to `RbNaCl::PasswordHash.scrypt`. Here is an example of these values being used...

jshawl

FAQ should mention sealed boxes

2

https://github.com/RubyCrypto/rbnacl/wiki/Frequently-Asked-Questions states: > Q: Is there any way to decrypt a Crypto::Box message with only a private key without requiring the public key of the sender? > > A: No,...

plujon

`Argon2.opslimit_value`'s documentation, and the ArgumentError it raises, state the value must be in the range of `3..10`. This claimed lower limit is incorrect for Argon2id, where OPSLIMIT_MIN is `1`. It...

bannable

Add Ruby 3.3 to the CI Ruby version matrix to test against the current stable release of Ruby. Also update the `actions/checkout` GitHub Action to the current latest version.

gregfletch

This adds support for an XChaCha20Poly1305 sealed box. It can either be used stand-alone, or it can be passed to the the `SimpleBox` initializer which accepts an existing box and...

vcsjones

Running `gem build` on main branch gives me a 227kb gem file. After removing unnecessary files, I got the size down to 43kb.

bquorning