PT-2016-7907 — Dalek Cryptography+1 Ed25519-Dalek+5

PT-2016-7907 · Dalek Cryptography+1 · Ed25519-Dalek+5

Publicado

2016-09-06

Atualizado

2016-09-06

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.

Name of the Vulnerable Software and Affected Versions rust-crypto (affected versions not specified)

Description The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. It is recommended to switch to alternative crates for cryptographic needs.

Recommendations To resolve the issue, consider switching to one of the following crates, depending on the required algorithms:

For key agreement and signature algorithms, use the dalek-cryptography GitHub Org crates, such as x25519-dalek and ed25519-dalek.
For AEAD algorithms, digest algorithms, HMAC, key agreement, key derivation, password hashing, and signature algorithms, use the ring crate.
For AEAD algorithms, block ciphers, digest algorithms, key derivation, MACs, password hashing, and stream ciphers, use the RustCrypto GitHub Org crates.
For key agreement and signature algorithms with secp256k1, use the secp256k1 crate.
For AEAD algorithms, digest algorithms, key derivation, MACs, password hashing, and stream ciphers, use the orion crate.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

RUSTSEC-2016-0005

Produtos afetados

Ed25519-Dalek

Orion

Ring

Rust-Crypto

Secp256K1

X25519-Dalek