Monocypher updates2020-12-27T00:00:00ZLoup Vaillanttag:monocypher.org,2018-01-28:/Version 4.0.2 is outtag:monocypher.org,2023-09-03:/download/monocypher-4.0.2.tar.gz2023-09-03T00:00:00Z
Fixed the Argon2 bug with multiple lanes, improved Poly1305 and
Argon2 performance, Makefile now takes standard variables like CC
and CFLAGS from the environment.
Version 4.0.1 is outtag:monocypher.org,2023-03-18:/download/monocypher-4.0.1.tar.gz2023-03-18T00:00:00Z
Corrected the failure to update the soname, added a couple
convenience targets in the makefile, added wire format information
in the manual.
Version 4.0.0 is outtag:monocypher.org,2022-04-25:/download/monocypher-4.0.0.tar.gz2023-02-27T00:00:00Z
Safer high-level EdDSA API, simpler and more flexible low-level
EdDSA API, full Argon2 support, added optional HKDF-SHA-512 and
Ed25519ph. Lots of small breaking changes to improve naming,
organisation, and consistency.
Version 3.1.3 is outtag:monocypher.org,2022-04-25:/download/monocypher-3.1.3.tar.gz2022-04-25T00:00:00Z
Fixed typos in the documentation, automated the test suite with
GitHub actions, added explicit support for C++ namespace and prefix
renaming, fixed a minor Elligator2 discrepancy, and deprecated
crypto_key_exchange().
WebAssembly port of Monocypher, JavaScript and TypeScript language
bindings.
tag:monocypher.org,2020-12-27:/download/wasm2020-12-27T00:00:00Z
With its small size and its utter lack of dependencies, Monocypher
is a natural fit for the browser, where its use limits download
sizes.
Version 3.1.2 is outtag:monocypher.org,2020-12-27:/download/monocypher-3.1.2.tar.gz2020-12-27T00:00:00Z
Addressed issues raised in last summer's audit, improved signature
performance, and other quality assurance tweaks.
Back ported 16-bit integer overflow fix (1.1.2 and 2.0.7)tag:monocypher.org,2020-09-06:/download2020-09-06T00:00:00Z
The bug made ellitpic curves unusable on 16-bit machines. Note that
the fix may not be enough: 64-bit multiplication generates lots of
code on 16-bit platforms, and often makes the binary too big.
Monocypher has been auditedtag:monocypher.org,2020-07-11:/quality-assurance/audit2020-07-11T00:00:00Z
A couple issues were found about documentation, tests, and API
design. No implementation bugs were found.
Version 3.1.1 is outtag:monocypher.org,2020-06-16:/download/monocypher-3.1.1.tar.gz2020-06-16T00:00:00Z
Corrected a few errors in the documentation, fixed various compiler
warnings, fixed integer overflows that occurred on 16-bit platforms.
Version 3.1.0 is outtag:monocypher.org,2020-04-03:/download/monocypher-3.1.0.tar.gz2020-04-03T00:00:00Z
Added the necessary primitives to support censorship circumvention
and password based key exchange. The primitives are Elligator 2
mappings (hash to curve, curve to hash), and scalar inversion
(exponential blinding for OPRF). Also added conversion of EdDSA key
to X25519 keys, so we can encrypt to SSH keys.
Version 3.0.0 is outtag:monocypher.org,2020-01-19:/download/monocypher-3.0.0.tar.gz2020-01-19T00:00:00Z
Major release.
Deprecated dangerous incremental AEAD interface.
Allow several versions of EdDSA to live in the same binary.
Removed the now unneeded ED25519_SHA512 pre-processor flag.
Version 2.0.6 is outtag:monocypher.org,2019-10-22:/download/monocypher-2.0.6.tar.gz2019-10-22T00:00:00Z
Signature verification uses much less stack, added a pre-processor
option to avoid bloat. And many small things.
Version 2.0.5 is outtag:monocypher.org,2018-08-23:/download/monocypher-2.0.5.tar.gz2018-08-23T00:00:00Z
Much faster EdDSA signatures and verification.
Bug bounty program is suspendedtag:monocypher.org,2018-07-27:quality-assurance/bug-bounty2018-07-27T00:00:00Z
My financial situation is changing, and I can no longer afford to
pay for bugs if they ever come up (not that I expect any). The
bounty program is therefore suspended. It should be reinstated as
my savings grow back to reasonable levels.
Critical vulnerability in EdDSAtag:monocypher.org,2018-06-25:/download/monocypher-2.0.4.tar.gz2018-06-25T00:00:00Z
A critical vulnerability in EdDSA signature verification has been
found. Update to version 2.0.4 or 1.1.1 as soon as possible.
Version 2.0.3 is outtag:monocypher.org,2018-06-18:/download/monocypher-2.0.3.tar.gz2018-06-18T00:00:00Z
Fixes the recently found undefined behaviour.
Undefined behaviour in Monocypher 2.0.2tag:monocypher.org,2018-06-12:/bugs2018-06-12T00:00:00Z
André Maroneze found an undefined behaviour in Monocypher 2.0.2,
using Frama-C. This should have awarded him 100€ (it's a tier 3
bug), but gracefully declined it on the grounds that he was doing
this for work, and thus may not be allowed to receive it. Note: the
TIS interpreter could have detected the bug, but I didn't want to
wait the 15+ hours required to run the entire test suite. Now I
will.
Bug bounty programtag:monocypher.org,2018-03-06:/quality-assurance/bug-bounty2018-04-23T00:00:00Z
We now award bounties for potentially dangerous bugs.
Version 2.0.2 is outtag:monocypher.org,2018-03-07:/download/monocypher-2.0.2.tar.gz2018-04-23T00:00:00Z
Mostly a bugfix release.
Version 2.0.1 is outtag:monocypher.org,2018-03-07:/download/monocypher-2.0.1.tar.gz2018-03-07T00:00:00Z
No visible change, just a little patch to enhance auditability.
Proof for Poly1305tag:monocypher.org,2018-03-06:/quality-assurance/poly1305-proof2018-03-06T00:00:00Z
A couple breaking changes for authenticated encryption, to
facilitate future optimisations, if the user ever needs them.
Version 2.0.0 is outtag:monocypher.org,2018-02-14:/download/monocypher-2.0.0.tar.gz2018-02-14T00:00:00Z
A couple breaking changes for authenticated encryption, to
facilitate future optimisations, if the user ever needs them.
Version 1.1.0 is outtag:monocypher.org,2018-01-29:/download/monocypher-1.0.1.tar.gz2018-01-29T00:00:00Z
Faster and more secure than ever before! Also comes with an
incremental API for authenticated encryption and signatures.
monocypher.org launchtag:monocypher.org,2018-01-28:/2018-01-28T00:00:00Z
The official Monocypher website is up! HTTPS coming soon.
Monocypher 1.1.0 coming sooner.