1. 17 Jun, 2021 2 commits
  2. 04 Jun, 2021 2 commits
  3. 14 Aug, 2020 1 commit
  4. 08 Oct, 2019 1 commit
  5. 04 Oct, 2019 1 commit
  6. 01 Oct, 2019 2 commits
  7. 12 Jun, 2019 1 commit
  8. 16 Oct, 2018 1 commit
  9. 27 Jun, 2018 2 commits
  10. 25 Oct, 2016 1 commit
  11. 16 Sep, 2016 1 commit
  12. 04 Sep, 2016 1 commit
  13. 01 Sep, 2016 1 commit
    • Richard van der Hoff's avatar
      Fix Ed25519 keypair generation · 0c462cff
      Richard van der Hoff authored
      Ed25519 private keys, it turns out, have 64 bytes, not 32.
      
      We were previously generating only 32 bytes (which is all that is required to
      generate the public key), and then using the public key as the upper 32 bytes
      when generating the per-message session key. This meant that everything
      appeared to work, but the security of the private key was severely compromised.
      
      By way of fixes:
      
       * Use the correct algorithm for generating the Ed25519 private key, and store
         all 512 bits of it.
      
       * Update the account pickle format and refuse to load the old format (since we
         should consider it compromised).
      
       * Bump the library version, and add a function to retrieve the library
         version, so that applications can verify that they are linked against a
         fixed version of the library.
      
       * Remove the curve25519_{sign, verify} functions which were unused and of
         dubious quality.
      0c462cff
  14. 24 May, 2016 2 commits
  15. 23 May, 2016 1 commit
  16. 16 May, 2016 2 commits
  17. 26 Apr, 2016 1 commit
  18. 09 Apr, 2016 1 commit
  19. 24 Jul, 2015 1 commit
  20. 16 Jul, 2015 2 commits
  21. 15 Jul, 2015 1 commit
  22. 10 Jul, 2015 2 commits
  23. 09 Jul, 2015 1 commit
  24. 08 Jul, 2015 1 commit
  25. 07 Jul, 2015 1 commit
  26. 26 Jun, 2015 1 commit