2 matches found
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
CVE-2024-1631
CVE-2024-1631 describes a vulnerability in the editor-js/agent-js identity library where Ed25519KeyIdentity.generate may use an insecure seed instead of secure randomness when no seed is provided. The private key for identity 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe can be ...