Comments (3)
technion
commented on September 17, 2024
I've regretted that I haven't had a "proper" answer to this for quite some time. Certainly in my ideal scenario, everything would be signed everywhere.
Even signed, you won't be able to install in HighSecurity mode because neither of our dependencies are signed. I've gone out of my way to utilise a very bare minimum of deps, but ffi isn't able to be avoided. Secondly, using the guide you've got, users are encouraged to grab the public key right from the same public Github repo we store the codebase on - significantly limiting the actual security offered here.
However in order to at least do something, I'm going to commit a certificate version and make a signed release soon.
from ruby-argon2.
technion
commented on September 17, 2024
Unfortunately I'm going to have to revert this. Signing appears to work on some machines but then I go to verify on others and I just get this:
ERROR: While executing gem ... (Gem::Security::Exception)
no digests provided (probable bug)
I've reviewed common gems and there's no certificates shipped with libsodium or bcrypt, two of the most trusted and significant crypto libraries.
from ruby-argon2.
joshbuker
commented on September 17, 2024
Certainly in my ideal scenario, everything would be signed everywhere.
I would highly recommend signing your git commits. For guidance, see: https://docs.github.com/articles/signing-commits-with-gpg/
from ruby-argon2.
Related Issues (20)
- Argon2id binding HOT 17
- Gem fails to build under FreeBSD 12.0 HOT 8
- Required Ruby Version unclear based on gemspec HOT 4
- Rubocop issues HOT 2
- Incompatible with other versions of Argon2 HOT 1
- RubyGems and Github naming mismatch HOT 2
- Allow providing parallelism cost parameter HOT 4
- Error when attempting to use fork HOT 12
- legacy.rb test unused and in broken state HOT 2
- Github Org for improved SEO HOT 2
- Unable to install latest on master via Bundler HOT 2
- :salt_do_not_supply option renamed HOT 4
- Fails to load with Rubygems 3.4 HOT 36
- RBS issue - Cannot find type `FFI::Library` HOT 1
- Memory cost definition HOT 2
- Incorrect initialization checks: `ARGON2_MEMORY_TOO_LITTLE` raised when m_cost < 3 HOT 1
- Cannot specify memory costs that aren't `2^N` HOT 2
- Default argon2.online builds a hash which ruby_argon2 cant verify HOT 1
- Add OWASP recommendations as additional profiles? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-argon2.