undefined | Better HN

0 pointsdeathanatos6y ago0 comments

If your complaint is that RSA is outdated and ECDSA is backdoored by the NSA, use Ed25519, which JWS/JWT supports[1].

0 comments

bvrmn6y ago

> JWS/JWT supports

Support for ed25519 signature in current implementations is pretty poor.

You can use symmetric, sha256

bvrmn6y ago

Symmetric signatures completely kill ability to verify token without secret.

For python I had to glue and stick python_jwt with cryptography primitives to do ed25519.

And the most funny thing: very few clients will understand these "standard" JWT tokens.

j / k navigate · click thread line to collapse

0 pointsdeathanatos6y ago0 comments

If your complaint is that RSA is outdated and ECDSA is backdoored by the NSA, use Ed25519, which JWS/JWT supports[1].

bvrmn6y ago

> JWS/JWT supports

Support for ed25519 signature in current implementations is pretty poor.

You can use symmetric, sha256

bvrmn6y ago

Symmetric signatures completely kill ability to verify token without secret.

For python I had to glue and stick python_jwt with cryptography primitives to do ed25519.

And the most funny thing: very few clients will understand these "standard" JWT tokens.

j / k navigate · click thread line to collapse