Libsodium Audit Results

Posted on Aug 16, 2017 by PIA Team

Private Internet Access today releases the results of its Libsodium audit. Libsodium is an open source, cryptographic library that is used far and wide in projects such as Zcash as well as internal applications at Private Internet Access. Private Internet Access is proud to have another audited tool in its software suite. The Libsodium security assessment was conducted by Dr. Matthew Green of Cryptography Engineering on v1.0.12 and v1.0.13. Dr. Green previously completed the TrueCrypt audit with the Open Crypto Audit Project as well as an OpenVPN 2.4 audit on PIA’s behalf. The assessment found no critical flaws or vulnerabilities in the Libsodium library.

The author of the Cryptography Engineering Libsodium Security Report, Dr. Green, summarized the audit goals and results:

“Over the past several months we conducted a detailed audit of the libsodium cryptographic library, at the request of Private Internet Access (PIA). Our goal in this effort was to help ensure the safety of an increasing number of applications that rely on libsodium for cryptographic operations. We are pleased to report that our review did not uncover any critical flaws or vulnerabilities in the core library. Overall we believe that libsodium is a carefully-implemented, secure cryptographic library.”

The Libsodium team commented:

“We are thankful to Private Internet Access for their initiative in sponsoring security audits for crucial free and open source software around the world; they help make the internet more secure.”

The Libsodium v1.0.12 and v1.0.13 Security Assessment is available here: https://www.privateinternetaccess.com/blog

/libsodium-v1-0-12-and-v1-0-13-security-assessment