Soatok Dreamseeker
Soatok Dreamseeker
Well, it's been more than two years. I'm guessing @andyperlitch won't be fixing it?
Addendum: https://github.com/bcoin-org/bcrypto/blob/4db0feecde86bce71b0c33d31f7178fb14e7381f/lib/js/ecdsa.js#L471-L472 Leaking the exponent leaks the value of `k` (because Fermat uses `k-2` as `e`), which in turn leaks `k`. Leaking the hidden number lets you recover secret keys...
You're using SSS to split an AES key, and then encrypting a message (with AES-GCM) with the key you hope your recipients recover. This has a weakness that won't let...
I would honestly rather pay $X/month (where X >= the hosting costs + processing fees + misc overhead) to make the problem go away for everyone who uses this. :3...
> If you can I'd appreciate a donation, [my Patreon page](https://patreon.com/endel) is mostly related to Colyseus's projects, although I built this for Colyseus as well 😅 I joined your $30/month...
I'm not going to add a changelog entry for an additional comment. That's silly.
Why not just port this to Ruby? https://github.com/DivineOmega/password_exposed It's a relatively simple client-side library. It's used in a lot of services and hasn't caused any outages in the years that...
I see @johnbillion beat me to the general strategy in [his other pull request](https://github.com/johnbillion/wordpress-develop/pull/5). I think HMAC-SHA512 is a better approach than SHA384, but both are acceptable. There are libraries...