Boring crypto that simply works

Bug Bounty

I cannot not afford at this time to pay for bugs if they ever come up (not that I expect any). The bounty program is therefore suspended. It may be reinstated somewhere in 2019, if possible.

Find bugs, get thanks (used to be money). If there is any bug left.

If you think you found a bug, contact me via email. Or file an issue on GitHub if this is not a vulnerability.


This is about bugs in the Monocypher library. The web site, the manual, and external resources are out of scope. So are "bugs" that come from incorrect uses of Monocypher.

Bugs are divided in tiers.

Tier 1: catastrophic failures

Tier 2: serious vulnerabilities & bugs:

Tier 3: minor vulnerabilities & bugs:

Not eligible


The rewards currently are:

Not so fine print