libtrust icon indicating copy to clipboard operation
libtrust copied to clipboard
verified publisher icon docker

Supporting ECDSA P-384 or P-521 signatures in Golang is unsafe

Open coruus opened this issue 10 years ago • 0 comments

At the moment, neither P-384 nor P-521 have constant-time implementations in Go.

Because signature private keys are used repeatedly, it is unsafe to use either of these curves (unfortunately w.r.t. the twist-secure P-384).

See golang/go#11499.

coruus avatar Jul 01 '15 19:07 coruus