wpeckr

This isn't a surprising property of ECDSA, it's been well known that single-bit biases in the nonce selection (or the private key for that matter) result in complete breakage of...

There is some concern about the way the RNG is being called when producing private keys, but I don't really consider it to be a strong security issue at present....

It is marketing. The description of ed25519 being deterministic is simply due to their default implementation using RFC6979, for example. The way it is worded means that people believe it...

Functionally, there’s little difference in implementation risks between ECDSA and ed25529. There’s the same pitfalls in terms of the random number generation, same risks in timing and branching side channels...

You should be extremely cautious doing anything with this library, by all means test it and break it, but never trust it. Privately we've had concerns about how it operates...

This to me is a pretty good demonstration of code laundering. A library that nobody would ever have considered using in its current state is being included in a large...