This repository has been archived by the owner on Jul 21, 2023. It is now read-only.
Security audit(s) #133
Comments
|
Agreed, we're hesitant to use the library due to the lack of an audit. Our security team is recommending to use openssl directly instead where possible. |
|
We'll look at getting this on the roadmap in the near future. We are planning to do an overhaul soon to improve compatibility and usability. It would be good to work on coordinating an audit as part of this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I am unaware of any security audits that may have already been performed on libp2p-crypto and its underlying primitive dependencies.
node-forgeneeds a security audit ( digitalbazaar/forge#103 ) - which would help this project. I suggested to them to look into the open source crypto auditing that has helped other projects, see:https://opencryptoaudit.org/
https://wiki.mozilla.org/MOSS/Secure_Open_Source
FWIW, while audits are not perfect, I managed a crypto project that was audited a few times, and we found several holes to plug.
The text was updated successfully, but these errors were encountered: