PT-2016-7907 — Dalek Cryptography+1 Ed25519-Dalek+5

PT-2016-7907 · Dalek Cryptography+1 · Ed25519-Dalek+5

Published

2016-09-06

Updated

2016-09-06

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions rust-crypto (affected versions not specified)

Description The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. It is recommended to switch to alternative crates for cryptographic needs.

Recommendations To resolve the issue, consider switching to one of the following crates, depending on the required algorithms:

For key agreement and signature algorithms, use the dalek-cryptography GitHub Org crates, such as x25519-dalek and ed25519-dalek.
For AEAD algorithms, digest algorithms, HMAC, key agreement, key derivation, password hashing, and signature algorithms, use the ring crate.
For AEAD algorithms, block ciphers, digest algorithms, key derivation, MACs, password hashing, and stream ciphers, use the RustCrypto GitHub Org crates.
For key agreement and signature algorithms with secp256k1, use the secp256k1 crate.
For AEAD algorithms, digest algorithms, key derivation, MACs, password hashing, and stream ciphers, use the orion crate.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

RUSTSEC-2016-0005

Affected Products

Ed25519-Dalek

Orion

Ring

Rust-Crypto

Secp256K1

X25519-Dalek