Jason Davies [ARCHIVE] on Nostr: š Original date posted:2018-04-09 š Original message:These issues all stem from ...
š
Original date posted:2018-04-09
š Original message:These issues all stem from the RC4-based RNG implementation (with insecure
fallback entropy) in Tom Wu's jsbn library, published here:
http://www-cs-students.stanford.edu/~tjw/jsbn/
Please refer to Tom Wu's URL, or this more up-to-date fork of Tom Wu's code
(published to NPM): https://github.com/andyperlitch/jsbn -- my repository on
GitHub was only ever intended to be a straight mirror of Tom Wu's code (created
over 7 years ago!). I'll probably delete my mirror repository given that there
are now better JavaScript bignum alternatives, and in light of this report.
Jason
> On 9 Apr 2018, at 22:11, mus at musalbas.com wrote:
>
> Here's the code in question: https://github.com/jasondavies/jsbn/pull/7
>
> Best,
>
> Mustafa
--
Jason Davies, http://www.jasondavies.com/
š Original message:These issues all stem from the RC4-based RNG implementation (with insecure
fallback entropy) in Tom Wu's jsbn library, published here:
http://www-cs-students.stanford.edu/~tjw/jsbn/
Please refer to Tom Wu's URL, or this more up-to-date fork of Tom Wu's code
(published to NPM): https://github.com/andyperlitch/jsbn -- my repository on
GitHub was only ever intended to be a straight mirror of Tom Wu's code (created
over 7 years ago!). I'll probably delete my mirror repository given that there
are now better JavaScript bignum alternatives, and in light of this report.
Jason
> On 9 Apr 2018, at 22:11, mus at musalbas.com wrote:
>
> Here's the code in question: https://github.com/jasondavies/jsbn/pull/7
>
> Best,
>
> Mustafa
--
Jason Davies, http://www.jasondavies.com/