Security advisory for crates.io, 2020-07-14

sgrif · July 14, 2020, 7:21pm

mmmmib · July 14, 2020, 8:43pm

tl;dr - crates.io has been using an insecure RNG for generating API keys and used to store them in plaintext. Even though there's no evidence suggesting this has been expoited, all existing API keys have been revoked, so if you want to publish crates, you have to create a new one at crates.io/me.

system · October 12, 2020, 8:43pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Security advisories for April 2020: rustqlite, os_str_bytes, flatbuffers announcements	6	745	August 11, 2020
Crates.io http UI non-responsive	2	365	September 18, 2019
How safe is crates.io? community	11	1604	June 26, 2023
Question about crates.io	6	629	April 21, 2022
Introducing crypto-hashes: modular rework of rust-crypto's cryptographic hash functions	1	757	January 12, 2023

Security advisory for crates.io, 2020-07-14

Related Topics