{"id":"RUSTSEC-2016-0005","summary":"rust-crypto is unmaintained; switch to a modern alternative","details":"The `rust-crypto` crate has not seen a release or GitHub commit since 2016,\nand its author is unresponsive.\n\n*NOTE: The (old) `rust-crypto` crate (with hyphen) should not be confused with\nsimilarly named (new) [RustCrypto GitHub Org] (without hyphen). The GitHub Org\nis actively maintained.*\n\nWe recommend you switch to one of the following crates instead, depending on\nwhich algorithms you need:\n\n- [dalek-cryptography GitHub Org]:\n  - Key agreement: [`x25519-dalek`]\n  - Signature algorithms: [`ed25519-dalek`]\n- [`ring`]:\n  - AEAD algorithms: AES-GCM, ChaCha20Poly1305\n  - Digest algorithms: SHA-256, SHA-384, SHA-512, SHA-512/256 (legacy: SHA-1)\n  - HMAC\n  - Key agreement: ECDH (P-256, P-384), X25519\n  - Key derivation: HKDF\n  - Password hashing: PBKDF2\n  - Signature algorithms: ECDSA (P-256, P-384), Ed25519, RSA (PKCS#1v1.5, PSS)\n- [RustCrypto GitHub Org]:\n  - AEAD algorithms: [`aes-gcm`], [`aes-gcm-siv`], [`aes-siv`], [`chacha20poly1305`], [`xsalsa20poly1305`]\n  - Block ciphers: [`aes`], [`cast5`], [`des`]\n  - Digest algorithms: [`sha2`], [`sha3`], [`blake2`], [`ripemd160`]\n    (legacy: [`sha-1`], [`md-5`])\n  - Key derivation: [`hkdf`]\n  - MACs: [`cmac`], [`hmac`], [`pmac`], [`poly1305`]\n  - Password hashing: [`pbkdf2`]\n  - Stream ciphers: [`aes-ctr`], [`chacha20`], [`hc-256`], [`salsa20`]\n- [`secp256k1`]:\n  - Key agreement: ECDH (secp256k1 only)\n  - Signature algorithms: ECDSA (secp256k1 only)\n- [`orion`]:\n  - AEAD algorithms: ChaCha20Poly1305 (IETF version), XChaCha20Poly1305\n  - Digest algorithms: SHA-512, BLAKE2b\n  - Key derivation: HKDF\n  - MACs: HMAC, Poly1305\n  - Password hashing: PBKDF2\n  - Stream ciphers: ChaCha20 (IETF version), XChaCha20\n\n[dalek-cryptography GitHub Org]: https://github.com/dalek-cryptography\n[RustCrypto GitHub Org]: https://github.com/RustCrypto\n[`aes`]: https://crates.io/crates/aes\n[`aes-ctr`]: https://crates.io/crates/aes-ctr\n[`aes-gcm`]: https://crates.io/crates/aes-gcm\n[`aes-gcm-siv`]: https://crates.io/crates/aes-gcm-siv\n[`aes-siv`]: https://crates.io/crates/aes-siv\n[`blake2`]: https://crates.io/crates/blake2\n[`cast5`]: https://crates.io/crates/cast5\n[`chacha20`]: https://crates.io/crates/chacha20\n[`chacha20poly1305`]: https://crates.io/crates/chacha20poly1305\n[`cmac`]: https://crates.io/crates/cmac\n[`des`]: https://crates.io/crates/des\n[`ed25519-dalek`]: https://crates.io/crates/ed25519-dalek\n[`hc-256`]: https://crates.io/crates/hc-256\n[`hkdf`]: https://crates.io/crates/hkdf\n[`hmac`]: https://crates.io/crates/hmac\n[`pbkdf2`]: https://crates.io/crates/pbkdf2\n[`pmac`]: https://crates.io/crates/pmac\n[`poly1305`]: https://crates.io/crates/poly1305\n[`ring`]: https://crates.io/crates/ring\n[`ripemd160`]: https://crates.io/crates/ripemd160\n[`salsa20`]: https://crates.io/crates/salsa20\n[`secp256k1`]: https://crates.io/crates/secp256k1\n[`sha-1`]: https://crates.io/crates/sha-1\n[`sha2`]: https://crates.io/crates/sha2\n[`sha3`]: https://crates.io/crates/sha3\n[`x25519-dalek`]: https://crates.io/crates/x25519-dalek\n[`xsalsa20poly1305`]: https://crates.io/crates/xsalsa20poly1305\n[`orion`]: https://crates.io/crates/orion","modified":"2022-01-09T20:07:15Z","published":"2016-09-06T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rust-crypto"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2016-0005.html"},{"type":"REPORT","url":"https://github.com/DaGenix/rust-crypto/issues/440"}],"affected":[{"package":{"name":"rust-crypto","ecosystem":"crates.io","purl":"pkg:cargo/rust-crypto"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.2.37-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2016-0005.json","informational":"unmaintained","cvss":null,"categories":[]}}],"schema_version":"1.7.3"}