P.I.E. Security Team
P.I.E. Security Team
## Insecure Key Management This is not a secure way to derive a secret. You're hashing data using SHA256, hex-encoded, then only extracting 16 hex characters. https://github.com/elgiborsolution/laravel-database-encryption/blob/8856e2eab1848709aec5d0de898e6001f250db1f/src/Providers/DBEncryptionServiceProvider.php#L84 https://github.com/elgiborsolution/laravel-database-encryption/blob/8856e2eab1848709aec5d0de898e6001f250db1f/src/Providers/DBEncryptionServiceProvider.php#L60 This gives...
This wraps keys into a struct, which has a header flag. This flag is checked at runtime. KeyHeader is an enum. The least significant bit holds purpose (Local = 0,...
https://github.com/authenticvision/libpaseto/blob/e8bc52effb38027db125024d6dc7f20b86228983/src/paseto_v2_local.c#L137 https://github.com/authenticvision/libpaseto/blob/e8bc52effb38027db125024d6dc7f20b86228983/src/paseto_v2_public.c#L127 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...
https://www.openwall.com/lists/oss-security/2024/04/24/4
The PHPECC project has been abandoned for years, despite numerous attempts to fix security issues in the code. [Paragon Initiative Enterprises](https://paragonie.com) has opted to fork PHPECC in order to provide...
~~Both k5.seal and k6.seal use X-Wing (X25519 + ML-KEM-768).~~ Symmetric-key encryption and Password-Based Key Wrapping are unchanged (aside from the headers differing). See https://github.com/paseto-standard/paseto-spec/pull/36 for the congruent PASETO change EDIT:...
There are some situations in which the `vX.local.` header is undesirable. In these circumstances, the header **MAY** be stripped, provided they are provided by the configured key.
v5 is like v3, but public is replaced with ML-DSA-87 rather than ECDSA v6 is like v4, but public is replaced with SLH-DSA-SHA256-128s rather than Ed25519 See https://github.com/paseto-standard/paserk/pull/22 for the...
https://github.com/paseto-standard/paseto-spec/pull/36#discussion_r1747205584 This should be a fast-follow to the PQ spec update. I'm not going to pollute that PR with unrelated clean-ups.