Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current hash scheme has security vulnerability #308

Open
2 tasks
MavenRain opened this issue Feb 16, 2023 · 4 comments
Open
2 tasks

Current hash scheme has security vulnerability #308

MavenRain opened this issue Feb 16, 2023 · 4 comments
Labels
breaking change security

Comments

@MavenRain
Copy link
Contributor

MavenRain commented Feb 16, 2023
edited by tysloan
Loading

Description: many-rs needs a migration to fix the security issue patched with this change on the nomic fork: turbofish-org/merk@b555dff . Second pre-image attack.

  • Should fix the security vulnerability with the above patch.
  • Should be demoed.
@MavenRain MavenRain mentioned this issue Feb 16, 2023
Closed
@tysloan
Copy link

tysloan commented Mar 16, 2023

No blockers, but story at risk.

@MavenRain MavenRain mentioned this issue Mar 21, 2023
Open
@MavenRain
Copy link
Contributor Author

No blockers, refactoring to preserve DB filename

@MavenRain
Copy link
Contributor Author

Cleanup largely done . . . still awaiting review

@MavenRain
Copy link
Contributor Author

Need to make additional changes to merk and refactor PR according to suggestions in https://github.com/hansl/many-rs/pr-338

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MavenRain @tysloan