Outlining Our First Steps Toward a Post-Quantum VPN
For those that do not know, we're working on a fork of Mullvad's post-quantum VPN deployment (using Wireguard).
There is public code posted in their repository for it (linking to Rust crates) , but unfortunately - the repository hasn't been updated since 2017.
However, that's not really an issue because the only serious update needed is to the liboqs signatures.
There have been various different implementations / redactions / changes made among the NIST post-quantum crypto competition finalists (in addition to the announcement of an entirely new round in Jan. 2019) since Mullvad originally published the code for their Rust-based fork of Wireguard.
More information can be found in our first installment here: https://libre.fail/post-quantum-vpn-setup-part-one-scratch-work
For those that do not know, we're working on a fork of Mullvad's post-quantum VPN deployment (using Wireguard).
There is public code posted in their repository for it (linking to Rust crates) , but unfortunately - the repository hasn't been updated since 2017.
However, that's not really an issue because the only serious update needed is to the liboqs signatures.
There have been various different implementations / redactions / changes made among the NIST post-quantum crypto competition finalists (in addition to the announcement of an entirely new round in Jan. 2019) since Mullvad originally published the code for their Rust-based fork of Wireguard.
More information can be found in our first installment here: https://libre.fail/post-quantum-vpn-setup-part-one-scratch-work
Librehash
Post-Quantum VPN Setup Part One: Scratch-Work
In this first installment to our post-quantum VPN roadmap series - we examine the prospect of updating Mullvad VPN's PQ fork of Wireguard as our initial step forward
Interesting statements from status.im regarding their plans to allegedly “fork” ‘Whisper’ [appears they’re referring to a co-opted version of double ratchet encryption / OTR]
Passwords / Storage / End User Security (for sysadmins ; re: latest add to this header)
1. Solid resource that details good information about secure password hashing methods = http://crackstation.net/hashing-security.htm
2. This is a really old Stackexchange answer, but it doesn't address the OP by breaking down cryptographic primitives, but rather using *sound logic* that will probably remain true until the end of time = https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846
1. Solid resource that details good information about secure password hashing methods = http://crackstation.net/hashing-security.htm
2. This is a really old Stackexchange answer, but it doesn't address the OP by breaking down cryptographic primitives, but rather using *sound logic* that will probably remain true until the end of time = https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846
crackstation.net
Secure Salted Password Hashing - How to do it Properly
How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.
*Potential Issues With SHA256 Hashing*
1. Bitcoin uses SHA256, which has created an inherent problem in using SHA256 for password hashing because there is now a thriving ecosystem (worth billions of dollars) of organizations that have developed advanced silicon chips and "ASIC" miners that are designed with the sole intention hashing SHA256 as quickly & efficiently as possible
a. proof #1 (link from Bloomberg detailing how Bitmain's valuation was north of $15 billion at one point in time = https://www.bloomberg.com/news/articles/2019-06-21/bitmain-is-said-to-revive-ipo-plan-as-bitcoin-hits-one-year-high ; Bitmain is a Bitcoin mining company)
b. proof #2 (link from Bloomberg detailing Canaan's $90 million IPO last year = https://www.bloomberg.com/news/articles/2019-11-21/bitcoin-mining-company-canaan-raises-90-million-in-u-s-ipo ; they are yet another Bitcoin mining firm)
c. live video showing an actual Bitcoin mining facility (one of many) = https://www.youtube.com/watch?v=Ri5djo3EOGI
2. SHA256 can be compromised via length extension attacks / malleability issues / side channel timing attacks
a. reference #1 ; (research paper detailing side channel attacks against SHA256 = https://ieeexplore.ieee.org/document/8210596 )
b. reference #2 ; (detailed answer exploring the issue of malleability in sha256 = https://crypto.stackexchange.com/questions/1801/what-type-of-hash-functions-provides-non-malleability-of-hash-digests )
c. reference #3 ; (detailed report explaining how length extension attacks are carried out against sha256 = https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
3. The NSA created SHA256
4. The NSA then moved away from using SHA256
1. Bitcoin uses SHA256, which has created an inherent problem in using SHA256 for password hashing because there is now a thriving ecosystem (worth billions of dollars) of organizations that have developed advanced silicon chips and "ASIC" miners that are designed with the sole intention hashing SHA256 as quickly & efficiently as possible
a. proof #1 (link from Bloomberg detailing how Bitmain's valuation was north of $15 billion at one point in time = https://www.bloomberg.com/news/articles/2019-06-21/bitmain-is-said-to-revive-ipo-plan-as-bitcoin-hits-one-year-high ; Bitmain is a Bitcoin mining company)
b. proof #2 (link from Bloomberg detailing Canaan's $90 million IPO last year = https://www.bloomberg.com/news/articles/2019-11-21/bitcoin-mining-company-canaan-raises-90-million-in-u-s-ipo ; they are yet another Bitcoin mining firm)
c. live video showing an actual Bitcoin mining facility (one of many) = https://www.youtube.com/watch?v=Ri5djo3EOGI
2. SHA256 can be compromised via length extension attacks / malleability issues / side channel timing attacks
a. reference #1 ; (research paper detailing side channel attacks against SHA256 = https://ieeexplore.ieee.org/document/8210596 )
b. reference #2 ; (detailed answer exploring the issue of malleability in sha256 = https://crypto.stackexchange.com/questions/1801/what-type-of-hash-functions-provides-non-malleability-of-hash-digests )
c. reference #3 ; (detailed report explaining how length extension attacks are carried out against sha256 = https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
3. The NSA created SHA256
4. The NSA then moved away from using SHA256
Bloomberg.com
Bitmain Revives IPO Plan as Bitcoin Hits One-Year High
Bitmain Technologies Ltd., the world’s biggest producer of cryptocurrency mining chips, is reviving plans for an initial public offering as Bitcoin climbs to a one-year high, people with knowledge of the matter said.
openssl genpkey -algorithm x448 -out cert.pem
openssl pkey -in key.pem -pubout (public key portion of the pairing)
—
OpenSSL 1.1.1 recognizes ed448 certificates
openssl pkey -in key.pem -pubout (public key portion of the pairing)
—
OpenSSL 1.1.1 recognizes ed448 certificates
End to End User Credential Protection (details can be found at this URL here): https://scotch.io/@liesware/end-to-end-user-credentials-protection
Specifically, using the Coherence server in order to leverage argon2id + SHA3_HMAC for password storage (which would be the safest & smartest option by a fucking mile)
Specifically, using the Coherence server in order to leverage argon2id + SHA3_HMAC for password storage (which would be the safest & smartest option by a fucking mile)
Scotch
End to end user credentials protection
Advanced user authentication, implement Argon2 y HMAC to secure user credentials with a Cryptoserver and HTTPS with ECC.
EVP_PKEYs = https://wiki.openssl.org/index.php/EVP
Part of what makes SCRAM SHA 512 plus possible (for Cyrus SASL with OpenLDAP as our authentication mechanism)
^^^ Still curious on how to have {CRYPT} render argon2 hashing by default (is this a noscripting issue?)
We do need to make sure that it is consistent on the platform that we're running as well as the platform that we're doing this off of.
The best way to do this would be if we were going to pull from the same API.
Either that, or we could just mask the hashes of the password & simply have an authentication process (for a 'lookup db')
Part of what makes SCRAM SHA 512 plus possible (for Cyrus SASL with OpenLDAP as our authentication mechanism)
^^^ Still curious on how to have {CRYPT} render argon2 hashing by default (is this a noscripting issue?)
We do need to make sure that it is consistent on the platform that we're running as well as the platform that we're doing this off of.
The best way to do this would be if we were going to pull from the same API.
Either that, or we could just mask the hashes of the password & simply have an authentication process (for a 'lookup db')
Minio May Be the Way to Go for Cloud Storage
1. Distributed (this is critical, because we really need to make sure that the storage is not all in one location or we're fucked) [documentation = https://docs.min.io/docs/distributed-minio-quickstart-guide.html]
2. Extraordinary Amount of Security Here for the Minio Servers = https://docs.min.io/docs/minio-kms-quickstart-guide.html
(could get really greedy here and opt for a post-quantum compiled OpenSSL in order to create exponentially stronger keys that can be used to move from location to location)
^^ This is how a true cloud solution should be deployed if you want to ensure that your users are actually kept safe [which none of these mother fuckers hold a fidelity to].
1. Distributed (this is critical, because we really need to make sure that the storage is not all in one location or we're fucked) [documentation = https://docs.min.io/docs/distributed-minio-quickstart-guide.html]
2. Extraordinary Amount of Security Here for the Minio Servers = https://docs.min.io/docs/minio-kms-quickstart-guide.html
(could get really greedy here and opt for a post-quantum compiled OpenSSL in order to create exponentially stronger keys that can be used to move from location to location)
^^ This is how a true cloud solution should be deployed if you want to ensure that your users are actually kept safe [which none of these mother fuckers hold a fidelity to].
Vault Project (could be used for integration as a backend storage for the LDAP server ; in order to ensure that we aren't keeping everything on the LDAP server)
1. https://www.vaultproject.io/docs/auth/ldap
2. Enforces access to 'secrets' (can stand in as a "mid-point" of enforcement for protecting user credentials)
(more information about how we will be storing user credentials can be found here = https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588)
1. https://www.vaultproject.io/docs/auth/ldap
2. Enforces access to 'secrets' (can stand in as a "mid-point" of enforcement for protecting user credentials)
(more information about how we will be storing user credentials can be found here = https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588)
LDAP - Auth Methods | Vault | HashiCorp Developer
The "ldap" auth method allows users to authenticate with Vault using LDAP
credentials.
credentials.
Back to Argon2 (briefly)
1. More corroboration that Argon2 uses Blake2b = https://security.stackexchange.com/questions/201714/is-there-any-advantage-to-combining-a-hash-algorithm-with-a-key-derivation-funct
2. Reminder that Argon2 is RFC approved for PHP (>7.3 ; we can implement that with Roundcube reliably now because of that) = https://wiki.php.net/rfc/argon2_password_hash_enhancements [shows their initial RFC application]
3. RFC debate with Argon2 team on PHP = https://externals.io/message/94854
4. SHA-3 Zoo = https://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo (has a comprehensive list of all the hashing algorithms)
^^^ While Blake2b is in there (and is slower than SHA512 - which may not be a bad thing ) - there is still
1. More corroboration that Argon2 uses Blake2b = https://security.stackexchange.com/questions/201714/is-there-any-advantage-to-combining-a-hash-algorithm-with-a-key-derivation-funct
2. Reminder that Argon2 is RFC approved for PHP (>7.3 ; we can implement that with Roundcube reliably now because of that) = https://wiki.php.net/rfc/argon2_password_hash_enhancements [shows their initial RFC application]
3. RFC debate with Argon2 team on PHP = https://externals.io/message/94854
4. SHA-3 Zoo = https://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo (has a comprehensive list of all the hashing algorithms)
^^^ While Blake2b is in there (and is slower than SHA512 - which may not be a bad thing ) - there is still
Information Security Stack Exchange
Is there any advantage to combining a hash algorithm with a key-derivation function?
Let's assume I would like to secure passwords using a modern KDF such as Argon2. The flow of information would look like this: $hash,$salt = argon2id($password, $salt).
Is there any advantage to f...
Is there any advantage to f...
We have to be skeptical of any and all NIST deployments (de facto) no matter what = https://mailarchive.ietf.org/arch/msg/cfrg/dtUZzdkrAFXf2Zth6WiWm3GkprM/ (and this makes that painfully clear)
This response to the 'Modern Crypto' mailing list is what personally has me a bit worried (to a certain extent) about using any NIST curves (which is why we had to swap out on our website) - but still = https://moderncrypto.org/mail-archive/curves/2015/000653.html
Schnorr DLEQ Concerns (referring to Schnorrkell) = https://moderncrypto.org/mail-archive/messaging/2020/002581.html [from moderncrypto.org]
Schnorr's has already been integrated into the $BCH blockchain (lol). Lets see how this rabbit hole goes at some point in the very near future
Schnorr's has already been integrated into the $BCH blockchain (lol). Lets see how this rabbit hole goes at some point in the very near future
Skein
1. More than likely the most secure hash function on planet earth.
2. Skein-1024 is integrated with 'Threefish' (with a threefish bit strength that matches that of the Skein implementation) ; 1024 = 1024 (ratio perfect)
2a. Addressing the concerns regarding Threefish and the alleged attacks that were found on several of its rounds (response from one of the co-authors of Threefish [as well as Skein] = https://crypto.stackexchange.com/questions/11725/has-threefish-successfully-been-attacked-practically-or-theoretically/11727
2b. Attack in question was mentioned in this paper (published by the team ) = http://www.skein-hash.info/sites/default/files/skein1.3.pdf
^^^ SHA-3 finalist (but Keccak was the hash function that won out ; Ethereum is using Keccak as we ll, but not the same iteration as w hat was submitted to the NIST)
3. Threefish McOE Mode = https://eprint.iacr.org/2011/644.pdf [exponentially more secure than the original Threefish - seems that there are *very few individuals out there right now that even know that this exists*] <— that's interesting, going to have to do more homework on this
—-
Is it possible to draw from an implementation of Skein-1024 that utilizes Threefish (1024) McOE mode?
Link that attests to the fact that SKein-1024 is the equivalent of 2^452
1. More than likely the most secure hash function on planet earth.
2. Skein-1024 is integrated with 'Threefish' (with a threefish bit strength that matches that of the Skein implementation) ; 1024 = 1024 (ratio perfect)
2a. Addressing the concerns regarding Threefish and the alleged attacks that were found on several of its rounds (response from one of the co-authors of Threefish [as well as Skein] = https://crypto.stackexchange.com/questions/11725/has-threefish-successfully-been-attacked-practically-or-theoretically/11727
2b. Attack in question was mentioned in this paper (published by the team ) = http://www.skein-hash.info/sites/default/files/skein1.3.pdf
^^^ SHA-3 finalist (but Keccak was the hash function that won out ; Ethereum is using Keccak as we ll, but not the same iteration as w hat was submitted to the NIST)
3. Threefish McOE Mode = https://eprint.iacr.org/2011/644.pdf [exponentially more secure than the original Threefish - seems that there are *very few individuals out there right now that even know that this exists*] <— that's interesting, going to have to do more homework on this
—-
Is it possible to draw from an implementation of Skein-1024 that utilizes Threefish (1024) McOE mode?
Link that attests to the fact that SKein-1024 is the equivalent of 2^452
Cryptography Stack Exchange
Has threefish successfully been attacked (practically or theoretically)?
Reading Schneier's "The Doghouse: Crypteto" dated September 30, 2009, I noticed Bruce Schneier stating:
Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 25...
Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 25...
Minio + Nextcloud (marriage) = https://autoize.ch/minio-as-nextcloud-primary-storage/
Autoize Europe
Definitive Guide to using Minio as NextCloud Primary Storage | Autoize Europe
Minio is an on-premises object storage server that can be deployed as a Minio cluster (with local storage) or as a gateway to other object storage services with their own API such as Backblaze B2, Azure Blob Storage, and Google Cloud Storage. Because Minio…
1. Blake2b Information (straight from one of the creators of the hash algorithm itself) = https://crypto.stackexchange.com/questions/31674/what-advantages-does-keccak-sha-3-have-over-blake2
2. Catalog of hardware implementations for SHA3 competitors = ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations#High-Speed_Implementations_.28ASIC.29
3. Catalog of Hash Functions = https://www.cs.rit.edu/~ark/662/module11/notes.shtml
4. Threefish McOE Mode =https://eprint.iacr.org/2011/644.pdf
5. Php Code for Implementing Argon2id = https://www.php.net/manual/en/function.password-hash.php
6. Argon2id Winner of the Password Hashing Competition =https://password-hashing.net/
Notably, password hashing is in a different category than 'regular' hash functions (for data) - like SHA-based functions.
2. Catalog of hardware implementations for SHA3 competitors = ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations#High-Speed_Implementations_.28ASIC.29
3. Catalog of Hash Functions = https://www.cs.rit.edu/~ark/662/module11/notes.shtml
4. Threefish McOE Mode =https://eprint.iacr.org/2011/644.pdf
5. Php Code for Implementing Argon2id = https://www.php.net/manual/en/function.password-hash.php
6. Argon2id Winner of the Password Hashing Competition =https://password-hashing.net/
Notably, password hashing is in a different category than 'regular' hash functions (for data) - like SHA-based functions.
Cryptography Stack Exchange
What advantages does Keccak/SHA-3 have over BLAKE2?
Keccak/SHA-3 is new NIST standard for cryptographic hash functions. However, it is much slower than BLAKE2 in software implementations. Does Keccak have compensating advantages?
Internet Routing (RPKI) = https://rpki.readthedocs.io/en/latest/rpki/bgp-routing.html [this is a solution that we want to start looking toward in the near future to simply enhance security even more (at least w our website) to ensure that *correct*, non-hijacked routes are being taken in order to visit our site)
^^^ We're quite a bit aways from obtaining such an infrastructure.
^^^ We're quite a bit aways from obtaining such an infrastructure.
(there's a surprising amount of cryptography-related information that we need to disseminate in relation to what we've been working on, on the 'personal' side of things)
So, without further ado - let's get started.
So, without further ado - let's get started.