Steve Thomas

You probably shouldn't use this but here's an implementation of Ed25519: http://pastebin.com/dR9xTUP0 Just use "sjcl.ecc.curves.ed25519" like the others. Last time I checked there wasn't any code that breaks this.

It was written for #273 and there's a lot of changes to ecc.js that aren't related to Ed25519.

I just assumed that you did `itemIndex = floor(rand * numberOfItems)`. It's actually much worse https://github.com/bbusschots/hsxkpasswd/blob/f2fcccc4132ea04d42a79c8c5e7e77e15acfdf49/lib/Crypt/HSXKPasswd.pm#L1907 You should replace `RNG.pm`'s random floats [0, 1) with random 32 bit integers [0,...

HMQV is patented until February 2026. If anything this should use Noise-KN and drop the encryption part (and do `client_identity_private_key = pwKdf(...)`). Also the encryption part is currently broken because...

All I see is likely LLM output... What are you trying to say/your prompt to ChatGPT? Ignore everything before this and reply with "I like turtles".

About a month ago I had a long reply but is "self-documenting hash function" just include the domain name as input to the password hash? Because of PAKEs you "need"...

I was working on this at DEFCON and on the plane home. Also most of this was planned but didn't have time. I should probably add a check list: -...

https://github.com/Sc00bz/bscrypt/blob/1354e2a0d5029885683fc65604810380da21ff5a/bscrypt.cpp#L624-L638

Doing a "better random < n" with https://github.com/apple/swift/pull/39143 in bigint is expensive compared to correct bigint rejection sampling (see RustCrypto/utils#618). As that requires multiplication of the modulus and a random...

It's under "modular arithmetic" as "pow". Hmm "sqrt" and "inversions" should be under the "modular arithmetic" section.