Paragon Initiative Enterprises

Ending the year with a vulnerability in libsodium https://t.co/4HzUqZTYaP

-> https://t.co/wS46G3UctZ

Accelerating The Adoption of Post-Quantum Cryptography with PHP https://t.co/GZM7zzlePv

To whoever is working on "image encryption" out there: - Your custom stream cipher using chaotic maps is not secure or efficient - AES-CTR is not slow and does not suffer from weak entropy problems (WTF) - Floating point is not great for cryptography (sorry, Falcon folks!)

Just released a new version of libaegis, as well as the rust bindings https://t.co/Zjd49CzbXN - Easy-to-use, high security, high performance authenticated encryption. Now with convenient helpers to use it as a MAC, and workarounds for LLVM18 regressions. https://t.co/Zjd49CzbXN

See also: https://t.co/DYVojUgUur

Old, tired argument: "You can't declare things as a typed array, e.g. string[], in PHP" New, refreshing argument: https://t.co/3QcTTHafar

Newly open sourced: A CipherSweet key provider backed by AWS KMS. https://t.co/1sBoiGjzh0

The docs are available at https://t.co/sXzBtLImRq

Newly open sourced: A CipherSweet key provider backed by AWS KMS. https://t.co/1sBoiGjzh0

We introduced CipherSweet with a 2019 blog post: https://t.co/ra7pTNkbkt

The description the NVD published CVE-2024-33851 is unfortunately misleading. See the note at the top of https://t.co/wlr6KOVdIL for specific details.

We forked PHPECC! Read the release notes below and update your dependency ASAP. https://t.co/iR78yTNz7J

The latest release of EasyECC uses our PHPECC fork. Additionally, it prevents and rejects malleable ECDSA signatures and opts for constant-time algorithms when secret keys are involved.

However, this library is still rather low-level, so you're better off using https://t.co/0nQQ1Oibam instead. The API for EasyECC is much simpler, easier to get right, and harder to get wrong.

Given the prevalence of software (especially cryptocurrency-adjacent) that relies on this code, we thought we'd take it over and provide a better story for its security. So we forked it.

We've been trying to fix PHPECC since 2021, but there has been little-to-no response from the maintainers since 2018. e.g. https://t.co/KycDgSQDnw

The latest release of EasyECC uses our PHPECC fork. Additionally, it prevents and rejects malleable ECDSA signatures and opts for constant-time algorithms when secret keys are involved.

We forked PHPECC! Read the release notes below and update your dependency ASAP. https://t.co/iR78yTNz7J

However, this library is still rather low-level, so you're better off using https://t.co/0nQQ1Oibam instead. The API for EasyECC is much simpler, easier to get right, and harder to get wrong.