paulmillr on Nostr: New noble cryptography releases are out: - NPM provenance is now used for transparent ...
New noble cryptography releases are out:
- NPM provenance is now used for transparent builds, to strengthen supply chain security [1]
- ed25519 and ed448 now provide non-repudiation (Strongly Binding Signatures). The feature is not present in most other libraries [2]
- tweetnacl users (including DJB's C version): it's time to switch away. It does not provide SUF-CMA, meaning, in some circumstances, the signatures are malleable [3]
1.https://github.blog/2023-04-19-introducing-npm-package-provenance/
2. https://csrc.nist.gov/csrc/media/Presentations/2023/crclub-2023-03-08/images-media/20230308-crypto-club-slides--taming-the-many-EdDSAs.pdf
3.https://blog.cryptographyengineering.com/euf-cma-and-suf-cma/
- NPM provenance is now used for transparent builds, to strengthen supply chain security [1]
- ed25519 and ed448 now provide non-repudiation (Strongly Binding Signatures). The feature is not present in most other libraries [2]
- tweetnacl users (including DJB's C version): it's time to switch away. It does not provide SUF-CMA, meaning, in some circumstances, the signatures are malleable [3]
1.https://github.blog/2023-04-19-introducing-npm-package-provenance/
2. https://csrc.nist.gov/csrc/media/Presentations/2023/crclub-2023-03-08/images-media/20230308-crypto-club-slides--taming-the-many-EdDSAs.pdf
3.https://blog.cryptographyengineering.com/euf-cma-and-suf-cma/