Paul Miller on Nostr: New noble cryptography releases are out: - NPM provenance is now used for transparent ...
New noble cryptography releases are out:
- NPM provenance is now used for transparent builds, for better supply chain security [1]
- ed25519 and ed448 now provide non-repudiation (Strongly Binding Signatures). Check out the presentation to NIST [2]
- Users of tweetnacl (including DJB's C version): it's time to switch away. It does not provide SUF-CMA, meaning, in some circumstances, signatures are malleable [3]
1. https://github.blog/2023-04-19-introducing-npm-package-provenance/
2. https://csrc.nist.gov/csrc/media/Presentations/2023/crclub-2023-03-08/images-media/20230308-crypto-club-slides--taming-the-many-EdDSAs.pdf
3. https://blog.cryptographyengineering.com/euf-cma-and-suf-cma/
- NPM provenance is now used for transparent builds, for better supply chain security [1]
- ed25519 and ed448 now provide non-repudiation (Strongly Binding Signatures). Check out the presentation to NIST [2]
- Users of tweetnacl (including DJB's C version): it's time to switch away. It does not provide SUF-CMA, meaning, in some circumstances, signatures are malleable [3]
1. https://github.blog/2023-04-19-introducing-npm-package-provenance/
2. https://csrc.nist.gov/csrc/media/Presentations/2023/crclub-2023-03-08/images-media/20230308-crypto-club-slides--taming-the-many-EdDSAs.pdf
3. https://blog.cryptographyengineering.com/euf-cma-and-suf-cma/