Known Bugs & Vulnerabilities
- Version 2.0.1 has no known bug.
- Version 2.0.0 has no known bug.
- Version 1.1.0 has no known bug.
Old Bugs & Vulnerabilities
Version 1.0.1 and below use
crypto_memcmp(), which could not be guaranteed to run in constant time in practice, despite the absence of secret-dependent branch in the original source code. The fear of subsequent timing attacks lead to its deprecation. Version 1.1.0 and above use the fixed size
Version 1.0.1 and below do not wipe their internal buffers. This facilitates the exfiltration of data if the computer Monocypher runs on is compromised. Version 1.1.0 and above wipe their internal buffers and provide
crypto_wipe()to minimise how long secrets stay in memory. As an additional precaution, locking sensitive buffers is also recommended.