P.I.E. Security Team issues

Results 33 issues of


P.I.E. Security Team

[Upstream] Halite v5 Released (Security Improvements)

Halite version 5 was released today, which contains a few security improvements and may be worth the effort to upgrade to v5. https://github.com/paragonie/halite/releases/tag/v5.0.0 (You're receiving this issue because Packagist says...

AEAD - AEGIS-128L and AEGIS-256

https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE We should support AEGIS-128L and AEGIS-256 in the next release of sodium_compat.

HKDF

https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE Libsodium 1.0.9 provids HKDF over SHA256 and SHA512. We should ensure it's available on all relevant PHP versions.

Replace mdanter/ecc with paragonie/ecc

The PHPECC project has been abandoned for years, despite numerous attempts to fix security issues in the code. [Paragon Initiative Enterprises](https://paragonie.com) has opted to fork PHPECC in order to provide...

Migrate to secure ECC library

Fixes #919 https://www.openwall.com/lists/oss-security/2024/04/24/4

Replace mdanter/ecc with paragonie/ecc

Allow sodium_compat v1 or v2

More info: https://paragonie.com/blog/2024/04/release-sodium-compat-v2-and-future-our-polyfill-libraries Target branch: 4.0.x Resolves issue # - [ ] It is a Bug fix - [ ] It is a New feature - [ ] It is...

Alow sodium_compat v1 or v2

More info: https://paragonie.com/blog/2024/04/release-sodium-compat-v2-and-future-our-polyfill-libraries ## Description Add a short description of the change. If this is related to an issue, please add a reference to the issue. ## CHANGELOG * [CHANGED]...

Support multiple encrypted channels for a single event

### Note: This assumes all channels have the same master secret. If you're interested in an E2EE design that doesn't have this requirement, [crypto_box_seal](https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use) only requires the recipient's public key....