Add pdf for Sep 2024 audit

paulmillr · Oct 23, 2024 · db89d23 · db89d23 · paulmillr · Oct 23, 2024
1 parent 17c38cf
commit db89d23
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # noble-ciphers
 
-Auditable & minimal JS implementation of Salsa20, ChaCha and AES.
+Audited & minimal JS implementation of Salsa20, ChaCha and AES.
 
-- 🔒 Auditable
+- 🔒 Audited
 - 🔻 Tree-shakeable: unused code is excluded from your builds
 - 🏎 Fast: hand-optimized for caveats of JS engines
 - 🔍 Reliable: property-based / cross-library / wycheproof tests ensure correctness
@@ -394,7 +394,12 @@ GCM / SIV are not ideal:
 
 ## Security
 
-The library has not been independently audited yet.
+The library has been independently audited:
+
+- at version 1.0.0, in Sep 2024, by [cure53](https://cure53.de)
+  - PDFs: [in-repo](./audit/2024-09-cure53-audit-nbl4.pdf)
+  - [Changes since audit](https://github.com/paulmillr/noble-ciphers/compare/1.0.0..main)
+  - Scope: everything
 
 It is tested against property-based, cross-library and Wycheproof vectors,
 and has fuzzing by [Guido Vranken's cryptofuzz](https://github.com/guidovranken/cryptofuzz).

diff --git a/audit/2024-09-cure53-audit-nbl4.pdf b/audit/2024-09-cure53-audit-nbl4.pdf
diff --git a/audit/README.md b/audit/README.md
@@ -0,0 +1,3 @@
+# Audit
+
+All audits of the library are described in [README's Security section](../README.md#security)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Audit

		All audits of the library are described in [README's Security section](../README.md#security)