P.I.E. Security Team
P.I.E. Security Team
https://github.com/o1egl/paseto/blob/f1000e3be0ce1d221c08cebbe13e184414a092f6/v2.go#L78 https://github.com/o1egl/paseto/blob/f1000e3be0ce1d221c08cebbe13e184414a092f6/v2.go#L138 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...
As PHP 8.1's release draws nearer, we're looking at the long tail of backwards compatibility (5.2.4+) and wondering if we should ever create a new major version of sodium_compat that...
Given that the [PHP versions older than 7.4 are unsupported](https://www.php.net/eol) and libsodium support landed in PHP 7.2, it may be a good idea to deprecate/archive this repository and point people...
Starting here: https://github.com/mpdavis/python-jose/blob/be8e914a63e8940cd34ac0f5a066d114f10dad48/jose/jws.py#L250-L258 This correctly rejects invalid `alg` headers, as JWT implementations MUST to be secure. https://github.com/mpdavis/python-jose/blob/be8e914a63e8940cd34ac0f5a066d114f10dad48/jose/jws.py#L259-L262 However, the algorithm associated with the key returned from `_get_keys()` is not validated....
See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays of length 32 are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2...
https://doc.libsodium.org/advanced/point-arithmetic/ristretto (since libsodium 1.0.18+)
Moving from https://github.com/paragonie/paseto/issues/5
PASETO v3/v4 have been specified. The PASETO specification now lives here: https://github.com/paseto-standard/paseto-spec The [rationale for V3/V4](https://github.com/paseto-standard/paseto-spec/blob/master/docs/Rationale-V3-V4.md) is worth reviewing. We also updated our [Implementation Guide](https://github.com/paseto-standard/paseto-spec/tree/master/docs/02-Implementation-Guide) and filed issues with other...
https://github.com/atholbro/paseto/blob/ed9567b4b1c8644ddda495c9e869278ac5ee38e1/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java#L55 https://github.com/atholbro/paseto/blob/ed9567b4b1c8644ddda495c9e869278ac5ee38e1/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java#L113 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...