š
Original date posted:2018-04-09
š Original message:These issues all stem from the RC4-based RNG implementation (with insecure
fallback entropy) in Tom Wu's jsbn library, published here:
http://www-cs-students.stanford.edu/~tjw/jsbn/
Please refer to Tom Wu's URL, or this more up-to-date fork of Tom Wu's code
(published to NPM): https://github.com/andyperlitch/jsbn -- my repository on
GitHub was only ever intended to be a straight mirror of Tom Wu's code (created
over 7 years ago!). I'll probably delete my mirror repository given that there
are now better JavaScript bignum alternatives, and in light of this report.
Jason
> On 9 Apr 2018, at 22:11, mus at musalbas.com wrote:
>
> Here's the code in question: https://github.com/jasondavies/jsbn/pull/7
>
> Best,
>
> Mustafa
--
Jason Davies, http://www.jasondavies.com/
Jason Davies [ARCHIVE] /
npub14wā¦93nf8
2023-06-07 18:11:33
in reply to nevent1qā¦0q4r
Author Public Key
npub14w9s3hsqcjvzzmdh3c27tg70vr96wme6np3vy3gxtt4876m54q3qf93nf8Published at
2023-06-07 18:11:33Event JSON
{
"id": "06a90361e67dc8995552d99361546db79572bf12bad0bb95476339210baa4ec5",
"pubkey": "ab8b08de00c498216db78e15e5a3cf60cba76f3a9862c245065aea7f6b74a822",
"created_at": 1686161493,
"kind": 1,
"tags": [
[
"e",
"16ebb007490931911aeb5d12a0083344aee25d5c79aafb28f370f459ae6028a7",
"",
"root"
],
[
"e",
"b7af39f9829e9becdf479dfe8b926b117974db083abcf881105551ec04c6d44e",
"",
"reply"
],
[
"p",
"e6463bded8530d9750d0dba218a16739f7b235c9d33e69103341c2a88f0fdeac"
]
],
"content": "š
Original date posted:2018-04-09\nš Original message:These issues all stem from the RC4-based RNG implementation (with insecure\nfallback entropy) in Tom Wu's jsbn library, published here:\nhttp://www-cs-students.stanford.edu/~tjw/jsbn/\n\nPlease refer to Tom Wu's URL, or this more up-to-date fork of Tom Wu's code\n(published to NPM): https://github.com/andyperlitch/jsbn -- my repository on\nGitHub was only ever intended to be a straight mirror of Tom Wu's code (created\nover 7 years ago!). I'll probably delete my mirror repository given that there\nare now better JavaScript bignum alternatives, and in light of this report.\n\nJason\n\n\u003e On 9 Apr 2018, at 22:11, mus at musalbas.com wrote:\n\u003e \n\u003e Here's the code in question: https://github.com/jasondavies/jsbn/pull/7\n\u003e \n\u003e Best,\n\u003e \n\u003e Mustafa\n\n--\nJason Davies, http://www.jasondavies.com/",
"sig": "d3234f409f96d16bbdc4988929cace0c813bef1b0d8712bd0c642685d91ce573c41ffe0071d42fba1c2f9c8ebb6cb81963b9674f81bc0f939acbed1417b48a44"
}