Paragon Initiative Enterprises

Allow Developers to Cryptographically Sign Their Own Plugins/Themes with the Gossamer Public Key Infrastructure (PKI) core.trac.wordpress.org/ticket/49200 #WordPress #infosec #crypto #pki #ed25519 #GossamerPKI

Ending the year with a vulnerability in libsodium 00f.net/2025/12/30/lib…

-> bsky.app/profile/parago…

Accelerating The Adoption of Post-Quantum Cryptography with PHP paragonie.com/blog/2025/02/a…

To whoever is working on "image encryption" out there: - Your custom stream cipher using chaotic maps is not secure or efficient - AES-CTR is not slow and does not suffer from weak entropy problems (WTF) - Floating point is not great for cryptography (sorry, Falcon folks!)

Just released a new version of libaegis, as well as the rust bindings github.com/jedisct1/libae… - Easy-to-use, high security, high performance authenticated encryption. Now with convenient helpers to use it as a MAC, and workarounds for LLVM18 regressions. github.com/jedisct1/libae…

See also: old.reddit.com/r/PHP/comments…

Old, tired argument: "You can't declare things as a typed array, e.g. string[], in PHP" New, refreshing argument: github.com/paragonie/type…

Newly open sourced: A CipherSweet key provider backed by AWS KMS. github.com/paragonie/ciph…

The docs are available at ciphersweet.paragonie.com

We introduced CipherSweet with a 2019 blog post: paragonie.com/blog/2019/01/c…

The description the NVD published CVE-2024-33851 is unfortunately misleading. See the note at the top of github.com/paragonie/phpe… for specific details.

Security Issues, Abandonment, and Fork of PHP ECC library (mdanter/ecc, phpecc/phpecc) openwall.com/lists/oss-secu… The project "has not responded to our attempts to fix security issues from the year 2021" so "we opted to fork this library." by @ParagonIE

We forked PHPECC! Read the release notes below and update your dependency ASAP. github.com/paragonie/phpe…

The latest release of EasyECC uses our PHPECC fork. Additionally, it prevents and rejects malleable ECDSA signatures and opts for constant-time algorithms when secret keys are involved.

However, this library is still rather low-level, so you're better off using github.com/paragonie/easy… instead. The API for EasyECC is much simpler, easier to get right, and harder to get wrong.

Given the prevalence of software (especially cryptocurrency-adjacent) that relies on this code, we thought we'd take it over and provide a better story for its security. So we forked it.

We've been trying to fix PHPECC since 2021, but there has been little-to-no response from the maintainers since 2018. e.g. github.com/phpecc/phpecc/…