[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#861639: ITP: node-elliptic -- fast elliptic curve cryptography in pure javascript

On 05/02/2017 10:13 PM, Bastien ROUCARIES wrote:
> On Tue, May 2, 2017 at 8:44 PM, Chris Lamb <lamby@debian.org> wrote:
>> Christian Seiler wrote:
>>
>>> As with the other pure JS crypto package ITP here recently [1]: has
>>> this library been designed with timing attacks in mind?
>>
>> JFTR I filed #860939 to track (and prevent a testing migration of) the
>> parallel issue in node-diffie-hellman.
> 
> I will prefer this king of aproach let package the stuff and do not
> try to diverge from upstream.
> 
> Fill RC bug and try to solve this before next debian version

Sure. When I voiced my concerns I wasn't trying to hinder anyone's
progress, I just wanted to make sure that people are aware of
these concerns. If my responses to the ITPs came across differently,
I apologize.

Regards,
Christian
Reply to: