diff --git a/.trivyignore.yaml b/.trivyignore.yaml index e69de29..8b13789 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -0,0 +1 @@ + diff --git a/content/learning/tls/eccpwd.md.bak b/content/learning/tls/eccpwd.md.bak new file mode 100644 index 0000000..e69de29 diff --git a/content/learning/tls/ecdh.md b/content/learning/tls/ecdh.md new file mode 100644 index 0000000..0a50c11 --- /dev/null +++ b/content/learning/tls/ecdh.md @@ -0,0 +1,38 @@ +--- +title: Elliptic Curve Diffie-Hellman (ECDH) +description: ✅ Secure key exchange +layout: learn-single + +tls_part: key-exchange + +learn_more: + - text: 'Diffie-Hellman problem' + url: https://en.wikipedia.org/wiki/Diffie–Hellman_problem + source: Wikipedia + + # - text: '' + # url: + # source: + +--- + +## Summary + +The [Diffie-Hellman] key exchange is a cryptographic method enabling two parties to establish a shared secret key over an insecure channel. The shared secret is calculated by each party using their private key and the other party’s public key, resulting in a value that is difficult to compute without knowledge of both private integers. + +This approach is the foundation of all modern-day [public-key cryptography]. It also forms the basis of [Forward secrecy] in TLS connections. + +The newer [elliptic-curve][ECC] (ECDHE) key exchange algorithms are more secure and should be strongly preferred. + +## Information + +| Field | Value | +|-----------|--------------------| +| Kind | {{% param-kind %}} | +| Invented | | +| Ephemeral | _No_ | + +[Diffie-Hellman]: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange +[ECC]: https://en.wikipedia.org/wiki/Elliptic-curve_cryptography +[Forward secrecy]: https://en.wikipedia.org/wiki/Forward_secrecy +[public-key cryptography]: https://en.wikipedia.org/wiki/Public-key_cryptography diff --git a/content/learning/tls/gost-r.md b/content/learning/tls/gost-r.md index 5281fb9..b6de8ba 100644 --- a/content/learning/tls/gost-r.md +++ b/content/learning/tls/gost-r.md @@ -1,53 +1,52 @@ --- -title: GOST R +title: GOST R (Kuznyechik, Magma) description: ❌ Insecure specification layout: learn-single -tls_part: encryption-algo +aliases: + - /learning/tls/gostr341112 + - /learning/tls/kuznyechik + - /learning/tls/magma learn_more: - - text: 'Official English-Language Camellia Homepage' - url: https://info.isl.ntt.co.jp/crypt/eng/camellia/ - source: NTT + - text: 'GOST 28147-89: Encryption, Decryption, and Message Authentication Code (MAC) Algorithms' + url: https://datatracker.ietf.org/doc/html/rfc5830 - - text: 'A Description of the Camellia Encryption Algorithm' - url: https://datatracker.ietf.org/doc/html/rfc3713 - source: IETF + - text: 'GOST R 34.12-2015: Block Cipher "Kuznyechik"' + url: https://datatracker.ietf.org/doc/html/rfc7801 - - text: 'Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)' - url: https://datatracker.ietf.org/doc/html/rfc6367 - source: IETF + - text: 'GOST R 34.12-2015: Block Cipher "Magma"' + url: https://datatracker.ietf.org/doc/html/rfc8891 - - text: 'Camellia source code' - url: https://embeddedsw.net/Cipher_Reference_Home.html#CAMELLIA + - text: 'Magma: GOST (block cipher)' + url: https://en.wikipedia.org/wiki/GOST_(block_cipher) + source: Wikipedia + + - text: 'Kuznyechik: GOST (block cipher)' + url: https://en.wikipedia.org/wiki/Kuznyechik + source: Wikipedia + + - text: 'GOST R 34.11-1994 Hash Function' + url: https://en.wikipedia.org/wiki/GOST_(hash_function) + source: Wikipedia + + - text: 'GOST R 34.11-2012 Hash Function' + url: https://en.wikipedia.org/wiki/Streebog + source: Wikipedia --- ## Summary -[Camellia] is a symmetric key block cipher developed by _Mitsubishi Electric_ and _NTT of Japan_, approved for use by [ISO/IEC][ISO 18033-3], [NESSIE], and [CRYPTREC]. +[GOST] is a set of international technical standards maintained by the Euro-Asian Council for Standardization, Metrology, and Certification. Originally developed by the Soviet Union, GOST standards cover various industries and are adopted by several CIS countries. They were declassified in 1994. -It is considered a modern, safe cipher with security levels comparable to [AES]({{% relref "AES" %}}). Camellia has been adopted in various security libraries, protocols, and applications, including TLS, IPsec, Kerberos, and OpenPGP. - -It became an international standard in [ISO 18033-3]. +[GOST R] is a set of encryption standards for use by the government of the Russian Federation, and has **NOT** been accepted as an international standard. Its security has **NOT** proven and its use is **NOT** recommended by the IETF. ## Information -| Field | Value | -|--------------|---------------------------------------------------------------| -| Kind | {{% param-kind %}} | -| Invented | 2000 | -| Cracked | - | -| Ephemeral | _Yes_ | -| Related tech | [IPsec], [Kerberos], [PGP], [PKCS #11], [S/MIME], [VeraCrypt] | - -[Camellia]: https://en.wikipedia.org/wiki/Camellia_(cipher) -[CRYPTREC]: https://en.wikipedia.org/wiki/CRYPTREC -[IPsec]: https://en.wikipedia.org/wiki/IPsec -[ISO 18033-3]: https://www.iso.org/standard/54531.html -[Kerberos]: https://en.wikipedia.org/wiki/Kerberos_(protocol) -[NESSIE]: https://en.wikipedia.org/wiki/NESSIE -[PGP]: https://pgpkeys.org/docs/pgpfaq.html#HDPK -[PKCS #11]: https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html -[S/MIME]: https://datatracker.ietf.org/doc/html/rfc8551 -[VeraCrypt]: https://en.wikipedia.org/wiki/VeraCrypt +| Field | Value | +|----------|-------| +| Invented | 1970s | + +[GOST]: https://en.wikipedia.org/wiki/GOST +[GOST R]: https://en.wikipedia.org/wiki/GOST#GOST_R diff --git a/content/learning/tls/krb5.md.bak b/content/learning/tls/krb5.md.bak new file mode 100644 index 0000000..e69de29 diff --git a/content/learning/tls/psk.md.bak b/content/learning/tls/psk.md.bak new file mode 100644 index 0000000..e69de29 diff --git a/content/learning/tls/srp.md.bak b/content/learning/tls/srp.md.bak new file mode 100644 index 0000000..e69de29 diff --git a/list.txt b/list.txt index 7ec44e7..f7ba8c2 100644 --- a/list.txt +++ b/list.txt @@ -1,26 +1,17 @@ -gost-r - # Kex -eccpwd -ecdh -ecdhe -krb5 -psk -srp - +ecdh.md +ecdhe.md # Enc -CCM -CHACHA20-POLY1305 -GCM -IDEA -KUZNYECHIK -MAGMA -SM4 +ccm.md +chacha20-poly1305.md +gcm.md +idea.md +sm4.md # Hash -MD5 -SHA -SHA256 -SHA384 -SM3 +md5.md +sha.md +sha256.md +sha384.md +sm3.md diff --git a/themes/dst2024 b/themes/dst2024 index efdc748..9d2dbe3 160000 --- a/themes/dst2024 +++ b/themes/dst2024 @@ -1 +1 @@ -Subproject commit efdc7489cd9a62fa234114ae11ab4592bc9b531a +Subproject commit 9d2dbe3771745affb237424a963ee99799c9ab31