cothority
cothority copied to clipboard
dedis
Scalable collective authority
**What this PR does** For a new election at EPFL there will be more than 8 candidates. This is a problem, as currently all choices are stored as `data` in...
The `shuffle` and `decrypt` protocols create a signature of the public key of the node who did the shuffle/decrypt and put this signature in the block. However, this signature is...
- The `Shuffle` protocol only sends the `ID` and the `User` who requested a shuffle to the other nodes. But this is not enough for the other nodes to trust...
The current user authentication is flawed. To authenticate, a user: 1. logs into Gaspar 2. gets a signature from the auth-server on their ID and the master chain ID However:...
This is another potential security error: the `hashMap` method here: https://github.com/dedis/cothority/blob/e0c9afbb847b070e1bda6f54561a4082b803db80/evoting/lib/transaction.go#L109 creates a hash of a `map`, which is difficult in go, as the `map` doesn't have an explicit order...
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible. Release notes Sourced from github.com/docker/distribution's releases. v2.8.2 What's Changed Revert registry/client: set Accept: identity header when getting layers by @ndeloof in distribution/distribution#3783 Parse http...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.5+incompatible to 20.10.24+incompatible. Release notes Sourced from github.com/docker/docker's releases. v20.10.24 20.10.24 Bug fixes and enhancements Fixed a number of issues that can cause Swarm encrypted overlay networks...
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20210510120138-977fb7262007 to 0.1.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20210405180319-a5a99cb37ef4 to 0.7.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20200510223506-06a226fb4e37 to 0.1.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...