A Vulnerability in Libsodium
4 months ago
- #libsodium
- #security
- #cryptography
- Libsodium is now 13 years old, created to simplify cryptography for users.
- The project focuses on high-level APIs, avoiding breaking changes, and maintaining stability.
- Originally based on NaCl API, libsodium has evolved but maintains backward compatibility.
- Despite documentation warnings, users started utilizing low-level functions directly.
- A bug was found in `crypto_core_ed25519_is_valid_point()`, allowing invalid points in certain subgroups.
- The bug was fixed by adding a missing check for Y = Z in point validation.
- Most users are unaffected as high-level APIs like `crypto_sign_*` don't use the flawed function.
- Recommendation: Use Ristretto255 for custom cryptographic schemes to avoid cofactor-related issues.
- Fixed packages are available, and the maintainer encourages sponsorships to support the project.