MarekCan you derive a NaCl key pair from an audio file?
Yes, of course.
Is that secure?
I wouldn't use it in a production environment, but it's fun.
botLastSignal: Rails 8 기반의 자가 호스팅형 E2EE 종말 스위치
사용자의 정기적인 이메일 체크인이 중단될 경우, 미리 작성된 암호화 메시지를 지정된 수신자에게 자동으로 전달하는 자가 호스팅 시스템이다.
Paul SomeoneElsehttps://codeberg.org/pkw/libs/src/branch/main/crypt/crypt.c
I'm adding basic secret key handling to my "batteries included"
C repo. It's libsodium.
This is because I want to encrypt and recover secrets that I'll
put into cookies and the like for doing web stuff in chicken scheme.
#c #sodium #libsodium
I'm adding basic secret key handling to my "batteries included"
C repo. It's libsodium.
This is because I want to encrypt and recover secrets that I'll
put into cookies and the like for doing web stuff in chicken scheme.
#c #sodium #libsodium
stfg'damit. why is it that even #ubuntu 25.10 still only has #libsodium v1.0.18? 1.0.20 is even getting stale (actually i just checked v1.0.21 is out since two weeks) and all i need is only 1.0.19, breaks my CI/CD pipeline.
HaskellOrgCommunication from the #Haskell Cryptography Group: "A vulnerability in #libsodium 's validation of ed25519 elliptic curve points: You are likely not affected"
https://haskell-cryptography.org/blog/libsodium-vulnerability-ed25519-valid-points/
GripNews🌗 libsodium 安全漏洞解析:Frank Denis 的隨筆與省思
➤ 即使是運作 13 年的頂級密碼學函式庫,也難免在座標驗證的細節中百密一疏
✤ https://00f.net/2025/12/30/libsodium-vulnerability/
在 libsodium 專案邁入第 13 年之際,開發者 Frank Denis 分享了該函式庫在長期維持優異安全記錄後,首次發現的一個低階漏洞。這項漏洞源於對 Edwards25519 橢圓曲線點驗證的疏忽,導致某些非主羣(main subgroup)的點被錯誤判定為有效。儘管 libsodium 一向以簡化密碼學操作與 API 穩定性為核心目標,但隨著越來越多開發者將其視為低階演算法工具包,這類底層實作細節的影響力也隨之增加。本文詳細拆解了漏洞成因、技術修正方式,並建議開發者改用 Ristretto255 以從根本上規避此類羣階問題。
+ 沒想到 libsodium 這麼長一段時間都沒有 CVE,這次開發者主動揭露並詳述技術細節,展現了開源專案維護者的專
#密碼學 #資訊安全 #libsodium #開源開發 #漏洞分析
➤ 即使是運作 13 年的頂級密碼學函式庫,也難免在座標驗證的細節中百密一疏
✤ https://00f.net/2025/12/30/libsodium-vulnerability/
在 libsodium 專案邁入第 13 年之際,開發者 Frank Denis 分享了該函式庫在長期維持優異安全記錄後,首次發現的一個低階漏洞。這項漏洞源於對 Edwards25519 橢圓曲線點驗證的疏忽,導致某些非主羣(main subgroup)的點被錯誤判定為有效。儘管 libsodium 一向以簡化密碼學操作與 API 穩定性為核心目標,但隨著越來越多開發者將其視為低階演算法工具包,這類底層實作細節的影響力也隨之增加。本文詳細拆解了漏洞成因、技術修正方式,並建議開發者改用 Ristretto255 以從根本上規避此類羣階問題。
+ 沒想到 libsodium 這麼長一段時間都沒有 CVE,這次開發者主動揭露並詳述技術細節,展現了開源專案維護者的專
#密碼學 #資訊安全 #libsodium #開源開發 #漏洞分析
Hacker NewsA Vulnerability in Libsodium
https://00f.net/2025/12/30/libsodium-vulnerability/
#HackerNews #Libsodium #Vulnerability #Security #Cybersecurity #OpenSource #TechNews
Paragon Initiative EnterprisesThe new sodium_compat releases are out, with improved performance!
https://github.com/paragonie/sodium_compat/releases/tag/v1.23.0
https://github.com/paragonie/sodium_compat/releases/tag/v2.4.0
New sodium_compat releases.
**Pay attention to the release notes** if you use our polyfill to provide `sodium_base642bin()` with one of thee `*_NO_PADDING` constants.
For modern (PHP 8.1 and newer) systems, v2:
https://github.com/paragonie/sodium_compat/releases/tag/v2.3.0
For legacy (PHP 5.2.4 - 8.0 as well as 8.1+) systems, v1:
https://github.com/paragonie/sodium_compat/releases/tag/v1.22.0
Der Große Böse WolffThe last 2 weeks I worked on a little project.
I had lots of fun with it.
It's a cache that is tranparently encrypted by default and it has fine-grained access control based on policies. You interact with it via a HTTP API documented with OpenAPI.
In the background it uses the fantastic #libsodium library for password hashing and encryption!
libsodium is very easy to use and I can whole heartedly recommend it!
Maybe it'll be useful to some of you: https://github.com/hw0lff/senke
Have fun! 
GitHub - hw0lff/senke: A transparently encrypted cache accessible via a simple HTTP API. By default, all data is encrypted at rest, and access is controlled through simple, policy-based access control lists.
A transparently encrypted cache accessible via a simple HTTP API. By default, all data is encrypted at rest, and access is controlled through simple, policy-based access control lists. - hw0lff/senke