Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Elliptic's private key extraction in ECDSA upon signing a malformed input.
Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input.
I suggest not to be nervous, I think it will be fixed soon. However, this is interesting enough information to share with you!
Link: https://github.com/advisories/GHSA-vjh7-7g9h-fjfh
#cryptography #offtopic
Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input.
I suggest not to be nervous, I think it will be fixed soon. However, this is interesting enough information to share with you!
Link: https://github.com/advisories/GHSA-vjh7-7g9h-fjfh
#cryptography #offtopic
GitHub
GHSA-vjh7-7g9h-fjfh - GitHub Advisory Database
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)