RUSTSEC-2016-0005

See a problem?
Source
https://rustsec.org/advisories/RUSTSEC-2016-0005
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2016-0005.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2016-0005
Published
2016-09-06T12:00:00Z
Modified
2022-01-09T20:07:15Z
Summary
rust-crypto is unmaintained; switch to a modern alternative
Details

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive.

NOTE: The (old) rust-crypto crate (with hyphen) should not be confused with similarly named (new) [RustCrypto GitHub Org] (without hyphen). The GitHub Org is actively maintained.

We recommend you switch to one of the following crates instead, depending on which algorithms you need:

  • [dalek-cryptography GitHub Org]:
    • Key agreement: [x25519-dalek]
    • Signature algorithms: [ed25519-dalek]
  • [ring]:
    • AEAD algorithms: AES-GCM, ChaCha20Poly1305
    • Digest algorithms: SHA-256, SHA-384, SHA-512, SHA-512/256 (legacy: SHA-1)
    • HMAC
    • Key agreement: ECDH (P-256, P-384), X25519
    • Key derivation: HKDF
    • Password hashing: PBKDF2
    • Signature algorithms: ECDSA (P-256, P-384), Ed25519, RSA (PKCS#1v1.5, PSS)
  • [RustCrypto GitHub Org]:
    • AEAD algorithms: [aes-gcm], [aes-gcm-siv], [aes-siv], [chacha20poly1305], [xsalsa20poly1305]
    • Block ciphers: [aes], [cast5], [des]
    • Digest algorithms: [sha2], [sha3], [blake2], [ripemd160] (legacy: [sha-1], [md-5])
    • Key derivation: [hkdf]
    • MACs: [cmac], [hmac], [pmac], [poly1305]
    • Password hashing: [pbkdf2]
    • Stream ciphers: [aes-ctr], [chacha20], [hc-256], [salsa20]
  • [secp256k1]:
    • Key agreement: ECDH (secp256k1 only)
    • Signature algorithms: ECDSA (secp256k1 only)
  • [orion]:
    • AEAD algorithms: ChaCha20Poly1305 (IETF version), XChaCha20Poly1305
    • Digest algorithms: SHA-512, BLAKE2b
    • Key derivation: HKDF
    • MACs: HMAC, Poly1305
    • Password hashing: PBKDF2
    • Stream ciphers: ChaCha20 (IETF version), XChaCha20
References

Affected packages

crates.io / rust-crypto

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.2.37-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unmaintained",
    "categories": []
}