Comment by CiPHPerCoder
1 month ago
I found several libraries that simply didn't implement the check, but none that implemented in incorrectly in the same way as the vulnerability discussed above.
If you didn't receive an email from me, either your implementation isn't listed on https://ianix.com/pub/ed25519-deployment.html, I somehow missed it, or you're safe.
Thank you for your work on free software.
My company just released a JWT library for java that supports Ed25519[0]. Any idea how I can submit that to the ianix list?
0: https://github.com/FusionAuth/fusionauth-jwt
[dead]
> Did you also check all of the libraries that implement the check differently to libsodium?
Yes, but it was a breadth-first search sourced from the ianix webpage, so I certainly missed some details somewhere. I'll continue to search over the coming weeks in my spare time (if I can get any).