alt Hacker NewsThis also affected the PHP library, sodium_compat. https://github.com/FriendsOfPHP/security-advisories/pull/756
I'm planning to spend my evening checking every other Ed25519 implementation I can find to see if this check is missing any where else in the open source ecosystem.
Replies
hu3 • yesterday at 8:28 PM
Thank you for your work on open source.
I found several libraries that simply didn't implement the check, but none that implemented in incorrectly in the same way as the vulnerability discussed above.
If you didn't receive an email from me, either your implementation isn't listed on https://ianix.com/pub/ed25519-deployment.html, I somehow missed it, or you're safe.