|
|
|
|
|
|
by aryastark
4447 days ago
|
|
|
Quicktun used to use C's rand() to generate keypairs (see keypair.c). They still include a blurb about /dev/urandom being insecure and apparently requiring the user to manually input random data. The nacl0 protocol is inherently insecure (null nonce, vulnerable to replay), not sure why they even include that. IIRC, you also pass the private key via environment variable. Lots of horrible flaws for such a small code base. |
|
|