We forked PHPECC! Read the release notes below and update your dependency ASAP. github.com/paragonie/phpe…

We've been trying to fix PHPECC since 2021, but there has been little-to-no response from the maintainers since 2018. e.g. github.com/phpecc/phpecc/…

Given the prevalence of software (especially cryptocurrency-adjacent) that relies on this code, we thought we'd take it over and provide a better story for its security. So we forked it.

However, this library is still rather low-level, so you're better off using github.com/paragonie/easy… instead. The API for EasyECC is much simpler, easier to get right, and harder to get wrong.

The latest release of EasyECC uses our PHPECC fork. Additionally, it prevents and rejects malleable ECDSA signatures and opts for constant-time algorithms when secret keys are involved.

Security Issues, Abandonment, and Fork of PHP ECC library (mdanter/ecc, phpecc/phpecc) openwall.com/lists/oss-secu… The project "has not responded to our attempts to fix security issues from the year 2021" so "we opted to fork this library." by Paragon Initiative Enterprises

The description the NVD published CVE-2024-33851 is unfortunately misleading. See the note at the top of github.com/paragonie/phpe… for specific details.

Just released a new version of libaegis, as well as the rust bindings github.com/jedisct1/libae… - Easy-to-use, high security, high performance authenticated encryption. Now with convenient helpers to use it as a MAC, and workarounds for LLVM18 regressions. github.com/jedisct1/libae…

Newly open sourced: A CipherSweet key provider backed by AWS KMS. github.com/paragonie/ciph…

To whoever is working on "image encryption" out there: - Your custom stream cipher using chaotic maps is not secure or efficient - AES-CTR is not slow and does not suffer from weak entropy problems (WTF) - Floating point is not great for cryptography (sorry, Falcon folks!)

Accelerating The Adoption of Post-Quantum Cryptography with PHP paragonie.com/blog/2025/02/a…

-> bsky.app/profile/parago…

Ending the year with a vulnerability in libsodium 00f.net/2025/12/30/lib…