Replace ecdsa with cryptography #69
Description
The ecdsa package is vulnerable to CVE-2024-23342 and shouldn't be used anyway:
I don't want people to use this library in production environments...
It's a teaching tool, it's a testing tool, it's absolutely not an production grade implementation.
I maintain it to have support for ECDH and ECDSA in tlsfuzzer, which I need to be first and foremost portable. Security does not even enter a picture for that tool.1
This repo is using Opire - what does it mean? 👇
💵 Everyone can add rewards for this issue commenting
/reward 100 (replace 100 with the amount).🕵️♂️ If someone starts working on this issue to earn the rewards, they can comment
/try to let everyone know!🙌 And when they open the PR, they can comment
/claim #69 either in the PR description or in a PR's comment.🪙 Also, everyone can tip any user commenting
/tip 20 @dotlambda (replace 20 with the amount, and @dotlambda with the user to tip).📖 If you want to learn more, check out our documentation.