Filip Skokan

v24.x has a host of improvements I contributed that are not present on v22.x: - Post-Quantum Digital Signatures and Key Agreement/Encapsulation in node:crypto and Web Cryptography - (backport ready and pending) raw private/public/seed key gen and import formats

⚠️ Update: The Node.js project's security bug bounty program is being paused. Reporting remains unchanged, and so does our commitment to security. More details here: https://t.co/mSJQlPcpk4

The payload supports 3 ASCII characters. Messages like "Hi!", "lol", and "why" are covered. Longer messages are left as future work that SHOULD NOT be undertaken. https://t.co/K90pUk65aU

Introducing CWS, CSS Web Signatures. A security token scheme that runs entirely in the browser's style engine. No JavaScript. No WebAssembly. No server-side computation. Spec + interactive demo: https://t.co/GEhssDHDDC

CS24 provides exactly 0 bits of security. The key is displayed on screen, believed to be the least secure key storage mechanism ever devised. The 24-bit key space is exhaustible in milliseconds, though "somewhat longer using CSS."

https://t.co/yRNL02nOrX

HPKE vector validation in *your* browser (and the implementation project's github actions pipeline) https://t.co/KUal2Urjlo

Let's get some ⭐⭐⭐ going 🙏 https://t.co/obXVVZtS1f Hybrid Public Key Encryption (HPKE) for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes. Fully tree-shakeable. Fully typed. Extensible.

I've been hammering on a new, 0 dependency, runtime-native-only crypto, module that runs everywhere*. Hard to Predict, Keeps everything Encrypted.