Cryptography
Jump to navigation
Jump to search
E-mail
Google
General
a mess
See also Security (to rework with)
- Crypto 101 - an introductory course on cryptography, freely available for programmers of all ages and skill levels.
- https://en.wikipedia.org/wiki/NIST
- https://en.wikipedia.org/wiki/Federal_Information_Processing_Standard
- Cryptosense Discovery - Discover and assess external-facing crypto.
- Tamarin Prover - a security protocol verification tool that supports both falsification and unbounded verification in the symbolic model. Security protocols are specified as multiset rewriting systems and analysed with respect to (temporal) first-order properties and a message theory that models Diffie-Hellman exponentiation combined with a user-defined subterm-convergent rewriting theory.
Ciphers
- https://cipherli.st/ - web server SSL cipher config recommendations [3]
- https://en.wikipedia.org/wiki/Block_cipher
- https://en.wikipedia.org/wiki/Collision-resistant
- https://en.wikipedia.org/wiki/Collision_attack
- The code monkey's guide to cryptographic hashes for content-based addressing
- Lifetimes of cryptographic hash functions
Blowfish
1993
AES
2001
- https://news.ycombinator.com/item?id=639647 https://news.ycombinator.com/item?id=8864555 https://news.ycombinator.com/item?id=1030560
Symmetric-key
DES
1977. Symmetric-key algorithm
Cryptographic hash function
- Historic Password Hashes - a collection of historic password hashing algorithms. Please do not use most of them today! Send pull request if you have more.
- https://en.wikipedia.org/wiki/Key_derivation_function - derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES. Keyed cryptographic hash functions are popular examples of pseudo-random functions used for key derivation.
- https://en.wikipedia.org/wiki/Argon2 - a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg. Argon2 is released under a Creative Commons CC0 license, and provides two related versions: Argon2d maximizes resistance to GPU cracking attacks. Argon2i is optimized to resist side-channel attacks. Both are allow specification by three parameters that control: execution time, memory required, degree of parallelism
Public-key cryptography
- http://en.wikipedia.org/wiki/Public-key_cryptography - also known as asymmetric cryptography
- https://developer.mozilla.org/en/docs/Introduction_to_Public-Key_Cryptography
- https://www.ics.uci.edu/~ics54/doc/security/pkhistory.html
- httpd://en.wikipedia.org/wiki/Public-key_infrastructure
- https://en.wikipedia.org/wiki/Public_key_certificate
- https://en.wikipedia.org/wiki/Digital_signature
- https://en.wikipedia.org/wiki/Web_of_trust
- https://en.wikipedia.org/wiki/Password-authenticated_key_agreement
Diffie-Hellman key exchange
Alice Bob
---------------------------
Sa = random
Pa = g^Sa --> Pa
Sb = random
Pb <-- Pb = g^Sb
s = Pb^Sa s = Pa^Sb
k = KDF(s) k = KDF(s)
There are several methods to use a block cipher to build a cryptographic hash function, specifically a one-way compression function. The methods resemble the block cipher modes of operation usually used for encryption. All well-known hash functions, including MD4, MD5, SHA-1 and SHA-2 are built from block-cipher-like components designed for the purpose, with feedback to ensure that the resulting function is not invertible. SHA-3 finalists included functions with block-cipher-like components (e.g., Skein, BLAKE) though the function finally selected, Keccak, was built on a cryptographic sponge instead.
Elliptic curve Diffie–Hellman
Alice Bob
---------------------------
Sa = random
Pa = Sa * G --> Pa
Sb = random
Pb <-- Pb = Sb * G
s = Sa * Pb s = Sb * Pa
k = KDF(s) k = KDF(s)
PAKE
to sort
- Community framework for electronic signatures - This Directive establishes the legal framework at European level for electronic signatures and certification services. The aim is to make electronic signatures easier to use and help them become legally recognised within the Member States.
RSA
1977, by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT
ECC
- https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
- https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
- https://en.wikipedia.org/wiki/Elliptic_Curve_DSA
- http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
- http://www.lapsedordinary.net/2013/09/23/how-the-nsa-cheated-cryptography/
NTRU
Suites
Encryption
- https://prism-break.org/ - various levels of advice
PGP / GPG
- http://tools.ietf.org/html/rfc4880 - OpenPGP Message Format
- http://tools.ietf.org/html/rfc5581 - The Camellia Cipher in OpenPGP
Guides
- Creating newer ECC keys for GnuPG - gpg2 --expert --full-gen-key
gpg --expert --full-gen-key # generate a key, expert to choose EEC gpg --list-secret-keys
Key servers
- http://superuser.com/questions/227991/where-to-upload-pgp-public-key-are-keyservers-still-surviving
- http://www.rossde.com/PGP/pgp_keyserv.html
- http://cryptome.org/2013/07/mining-pgp-keyservers.htm
- SKS Keyservers - This website provides services for the SKS keyservers used by OpenPGP. A pool of keyservers is available at hkp://pool.sks-keyservers.net Information about the other variants of the pool is found in the overview.
- http://pgp.mit.edu/ (cryptonomicon.mit.edu)
- http://sks-keyservers.net/
- https://keyserver.pgp.com/
gpg --send-keys user-id
gpg --keyserver subkeys.pgp.net --recv-keys ABAF11C65A2970B130ABE3C479BE3E4300411886 # retrieve a public key
gpg --export --armor <keyid> | awk '{ print " "$0 }'
Tools
- Sequoia-PGP - Rust implementation [13]
- http://gpg4win.org/ - Windows
- https://gpgtools.org/ - Mac
- WebPG - Browser Extensions
- Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online. The suite of Monkeysphere utilities provides a framework to transparently leverage the web of trust for authentication of TLS/SSL communications through the normal use of tools you are familiar with, such as your web browser0 or secure shell.
- http://www.biglumber.com/ - signing parties
DNS
- https://we.riseup.net/dissent+secure_communication/secure-gpg-webmail-service
- http://unix.stackexchange.com/questions/59323/what-is-a-free-open-source-webmail-software-with-pgp-support
- http://pthree.org/2011/09/17/pgpmime-versus-smime/
- http://www.tankmiche.com/tips/x-pgp-key-email-header-format/
- http://beza1e1.tuxen.de/articles/pgp_header.html
Libraries
- Penango is a web browser add-on that allows people to send and receive authenticated and encrypted messages end-to-end on the Internet with standards-based, interoperable protocols.
- gAES - Encrypt your google chats and make the NSA sad
Other
- gnupg-ecc - ECC-enabled GnuPG per RFC6637
File system
TrueCrypt
- TrueCrypt - Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux
- https://news.ycombinator.com/item?id=7140809
- https://news.ycombinator.com/item?id=7586225
- http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ [18]
- https://news.ycombinator.com/item?id=7812133
Other
- http://en.wikipedia.org/wiki/FreeOTFE - Windows only, seems dead
- LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provides secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly. While LUKS is a standard on-disk format, there is also a reference implementation. LUKS for dm-crypt is implemented in an enhanced version of cryptsetup.
- Tomb aims to be an 100% free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage files to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user.
- zuluCrypt - simple, feature rich and powerful solution for hard drives encryption. currently Linux only, does hard drive encryption and it can manage PLAIN dm-crypt volumes, LUKS encrypted volumes, TrueCrypt encrypted volumes and VeraCrypt encrypted volumes.zuluCrypt can manage encrypted volumes that are hosted in image files, lvm, mdraid, hard drives, usb sticks or any other block device.zuluCrypt can also encrypt stand alone files (zuluCrypt menu -> zC -> encrypt a file).
- EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL. As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost.
- Cryptkeeper is a Linux system tray applet that manages EncFS encrypted folders.
Other
- The Guardian Project creates easy-to-use open source apps, mobile OS security enhancements, and customized mobile devices for people around the world to help them communicate more freely, and protect themselves from intrusion and monitoring.
- Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
RNG
Homomorphic
Steganography
- https://en.wikipedia.org/wiki/Steganography - the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected," and graphein (γράφειν) meaning "writing".
- FontCode - an information embedding technique for text documents. Provided a text document with specific fonts, our method embeds user-specified information in the text by perturbing the glyphs of text characters while preserving the text content. We devise an algorithm to choose unobtrusive yet machine-recognizable glyph perturbations, leveraging a recently developed generative model that alters the glyphs of each character continuously on a font manifold. We then introduce an algorithm that embeds a user-provided message in the text document and produces an encoded document whose appearance is minimally perturbed from the original document. We also present a glyph recognition method that recovers the embedded information from an encoded document stored as a vector graphic or pixel image, or even on a printed paper. In addition, we introduce a new error-correction coding scheme that rectifies a certain number of recognition errors. Lastly, we demonstrate that our technique enables a wide array of applications, using it as a text document metadata holder, an unobtrusive optical barcode, a cryptographic message embedding scheme, and a text document signature.