Security issue: outdated cryptography is used

Question

Security issue: outdated cryptography is used

paulmillr opened this issue 7 months ago · comments

You're using elliptic, which has long been unmaintained, and has a few cases where it produces invalid outputs, which means in blockchain context "users lose money".

It is advised to replace it with audited @noble/curves.

Shin Yoshiaki · Answer 1 · Sat Dec 16 2023 15:12:15 GMT+0800 (China Standard Time)

Thanks for the advice. I'll try to migration.

Shin Yoshiaki · Answer 2 · Sun Dec 17 2023 21:19:03 GMT+0800 (China Standard Time)

done it #358

Paul Miller · Answer 3 · Mon Dec 18 2023 02:01:50 GMT+0800 (China Standard Time)

not done. you didnt remove elliptic

Shin Yoshiaki · Answer 4 · Mon Dec 18 2023 08:51:47 GMT+0800 (China Standard Time)

finally #359