P.I.E. Security Team
P.I.E. Security Team
https://github.com/purificant/python-paseto/blob/9638220495498a9ad45efe15ac2e3edda2d0f27c/paseto/protocol/version2.py#L16 https://github.com/purificant/python-paseto/blob/9638220495498a9ad45efe15ac2e3edda2d0f27c/paseto/protocol/version2.py#L91 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...
The PHPECC project has been abandoned for years, despite numerous attempts to fix security issues in the code. [Paragon Initiative Enterprises](https://paragonie.com) has opted to fork PHPECC in order to provide...
https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L69 https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L102 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...
We need to prevent mistakes like `v2.0.1` from shipping in the future. Additional tests that validate the public API (via `index.js` not directly loading the classes) and the default configuration...
Not today, but some day soon, the Internet may need post-quantum cryptography. [NIST](https://csrc.nist.gov/projects/post-quantum-cryptography) is currently putting forth the initial effort to standardize some asymmetric KEMs and signature algorithms for a...
https://paragonie.com/blog/2024/04/release-sodium-compat-v2-and-future-our-polyfill-libraries
Halite version 5 was released today, which contains a few security improvements and may be worth the effort to upgrade to v5. https://github.com/paragonie/halite/releases/tag/v5.0.0 (You're receiving this issue because Packagist says...
If you're seeing certificate bundle update failures, update to https://github.com/paragonie/certainty/releases/tag/v2.9.0 and clear your cache.
#### Summary When first installing Mattermost, `npm audit` reports a critical issue for malware in a dependency, but appears to be a false positive. Advisory link: https://github.com/advisories/GHSA-r5gc-r4qf-2vh7 #### Steps to...
https://github.com/dustinsoftware/Paseto.Net/blob/452a4b3f5c88283791bf8bd261d0a3dee2e17ccb/Paseto/Authentication/Algorithm.cs#L8-L12 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.