Paragon Initiative EnterprisesFeb 7, 2025

Last year, after failing to get in contact with the maintainers, we forked mdanter/ecc.

We did this in order to provide some much-needed security hardening.

* Constant-time arithmetic
* Use complete formulas for prime-order curves
* Defer to OpenSSL for NIST curves

A lot of PHP packages have yet to migrate.

Show threadParagon Initiative EnterprisesFeb 7, 2025
You can find the secure fork of phpecc (a.k.a. mdanter/ecc) here: https://github.com/paragonie/phpecc
Show threadParagon Initiative Enterprises
There are, by our count, about 89 packages that still require the vulnerable code: https://packagist.org/packages/mdanter/ecc/dependents?order_by=downloads&requires=require
Dependent Packages - mdanter/ecc - Packagist

The PHP Package Repository

Feb 7, 2025 at 5:29pmWeb