Paul Miller
Paul Miller
https://github.com/bitpay/bitcore/blob/f778e62c3bcaa6799f8be0bd870d7e3910d7e16f/packages/bitcore-lib/package.json#L43 has been long unmaintained; and had a few CVEs. I suggest doing following actions: - replace elliptic with audited `@noble/curves` - replace scryptsy with audited `@noble/hashes` - upgrade ethers...
I think we should start discussions on eth2 address format. The hash function seems to be SHA2-256 nowadays. Should bech32 be used? How long should the addr be?
sjcl elliptic curve public key calculation time depends on private key bits, effectively leaking all the timings: ``` sjcl private key A x 7,624 ops/sec @ 131μs/op sjcl private key...
You're using `js-sha3`, while a better package would be https://github.com/paulmillr/noble-hashes which was audited and is utilized in https://github.com/ethereum/js-ethereum-cryptography.
You are using tweetnacl, which allows forged signatures. I suggest to upgrade to noble-curves, which are modern, audited, support ESM+Common.js and a bunch of other stuff. The noble libraries are...
README: >Lazysodium is a complete Android implementation of the [Libsodium](https://github.com/jedisct1/libsodium) library that provides developers with a smooth and effortless cryptography experience. Fact: Even pure xchacha20 (without poly1305) is not exposed.
1. wasm is not supported in all environments. the library is used in ethereumjs, which means the use-cases can be extensive 2. as-sha256 is slower than pure-js audited implementation in...
- [x] I have searched open and closed issues for duplicates - [x] I am submitting a bug report for existing functionality that does not work as intended - [x]...
https://github.com/indutny/elliptic/blob/43ac7f230069bd1575e1e4a58394a512303ba803/package.json#L47-L55 I suggest to switch to developed and audited projects: - `bn.js` can be dropped, in favor of native bigints, which have been supported everywhere for a long time -...
This is continuation of #217 from 2 years ago. It is possible to improve supply chain security of Elliptic. [noble-secp256k1](https://github.com/paulmillr/noble-secp256k1): 1. Is ~1000 lines of code, has 0 dependencies 2....