Hacker News new | ask | show | jobs
by deathanatos 2320 days ago
If your complaint is that RSA is outdated and ECDSA is backdoored by the NSA, use Ed25519, which JWS/JWT supports[1].

[1]: https://tools.ietf.org/html/rfc8037#section-3.1
1 comments
bvrmn 2320 days ago
> JWS/JWT supports

Support for ed25519 signature in current implementations is pretty poor.

link
ClumsyPilot 2320 days ago
You can use symmetric, sha256
link
bvrmn 2320 days ago
Symmetric signatures completely kill ability to verify token without secret.

For python I had to glue and stick python_jwt with cryptography primitives to do ed25519.

And the most funny thing: very few clients will understand these "standard" JWT tokens.

link