Comments (2)
romac
commented on September 26, 2024
Hi Noah,
Thank you so much for reporting this, that's a big one.
Fortunately, this bug seem to follow from a refactoring I did while working on the deterministic secret sharing scheme, and is thus not present in RustySecrets v0.0.2. As such, Sunder is thankfully not affected, given that the npm package it depends on actually uses that very same version of the library.
I will merge this as soon as I have time to write a good test to ensure we never make the same mistake in the future.
Thank you so much again for taking the time to go through the code and report this security issue. The DSS code is going to go under audit soon and we'll work towards improving the code coverage in tests. In the meantime, I want to stress that the code published under v0.0.2 has been audited already and does not suffer from this very issue.
Thanks again!
Romain
from rustysecrets.
romac
commented on September 26, 2024
@nvesely Your patch has been merged. I added a test in #44 to make sure we never encounter this very same issue in the future.
Thank you again for noticing this bug, reporting it, and fixing it :)
from rustysecrets.
Related Issues (20)
- Communicate Key Groups HOT 1
- Fuzz signatures code
- `rusty_secrets::sss::generate_shares` returns `String`s? HOT 2
- rustc: "warning: use of deprecated item" HOT 2
- secret::RustySecrets is not public and thus not documented HOT 1
- Replace custom_error.rs with `error-chain` HOT 1
- Setup proper CI based on `trust`
- Benchmarking currently requires workaround HOT 1
- Add RustySecrets + CLI to Awesome Rust
- Make gf256 it's own crate HOT 1
- Consider ensuring the (k - 1)-th coefficient is non-zero
- Port benchmarks to criterion.rs
- Add ability to pre-compute shares up to addition of secret bytes
- Build failure when added as a dependency HOT 2
- Consider providing a low-level crate without protobuf HOT 1
- Build failure with latest version due to ring
- Release version 0.3.0 HOT 4
- Build fail due to merkle v1.10.0 HOT 4
- Is this repo still active and/or maintained?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustysecrets.