Possible ED25519-dalek issue
berendsliedrecht opened this issue · comments
According to ed25519-unsafe-libs the library that is used for signing, ed25519-dalek, possibly contains a security bug that allows for private key extraction (as explained in this stack overflow post.
Now, the README mentions that it is not likely that libraries, like Ursa, using the "unsafe" library will also be "unsafe", but I thought I should mention it here.
I am by no means an expert in this, so likely it is just nothing, but it never hurts to mention it.