-
v1.5.0 Pre-Release
sarah released this
2021-09-28 21:09:57 +00:00 | 57 commits to master since this releaseIsValidHostname now rejects public keys that are invalid ed25519
curve points in addition to ed25519 points that contain torsion
components (which are defined to be invalid Tor Hostnames).Note: The lack of these checks previously would have been unlikely to manifest as an issue further up the stack because Tor would have prevented Cwtch from connecting to bad curve points, the Tapir authentication protocol would have failed with invalid curve points, and the experimental group chats only rely on signatures for voluntary authorship attribution,rather than e.g. consensus or security.
Downloads