End to End User Credential Protection (details can be found at this URL here): https://scotch.io/@liesware/end-to-end-user-credentials-protection
Specifically, using the Coherence server in order to leverage argon2id + SHA3_HMAC for password storage (which would be the safest & smartest option by a fucking mile)
Specifically, using the Coherence server in order to leverage argon2id + SHA3_HMAC for password storage (which would be the safest & smartest option by a fucking mile)
Scotch
End to end user credentials protection
Advanced user authentication, implement Argon2 y HMAC to secure user credentials with a Cryptoserver and HTTPS with ECC.
EVP_PKEYs = https://wiki.openssl.org/index.php/EVP
Part of what makes SCRAM SHA 512 plus possible (for Cyrus SASL with OpenLDAP as our authentication mechanism)
^^^ Still curious on how to have {CRYPT} render argon2 hashing by default (is this a noscripting issue?)
We do need to make sure that it is consistent on the platform that we're running as well as the platform that we're doing this off of.
The best way to do this would be if we were going to pull from the same API.
Either that, or we could just mask the hashes of the password & simply have an authentication process (for a 'lookup db')
Part of what makes SCRAM SHA 512 plus possible (for Cyrus SASL with OpenLDAP as our authentication mechanism)
^^^ Still curious on how to have {CRYPT} render argon2 hashing by default (is this a noscripting issue?)
We do need to make sure that it is consistent on the platform that we're running as well as the platform that we're doing this off of.
The best way to do this would be if we were going to pull from the same API.
Either that, or we could just mask the hashes of the password & simply have an authentication process (for a 'lookup db')
Minio May Be the Way to Go for Cloud Storage
1. Distributed (this is critical, because we really need to make sure that the storage is not all in one location or we're fucked) [documentation = https://docs.min.io/docs/distributed-minio-quickstart-guide.html]
2. Extraordinary Amount of Security Here for the Minio Servers = https://docs.min.io/docs/minio-kms-quickstart-guide.html
(could get really greedy here and opt for a post-quantum compiled OpenSSL in order to create exponentially stronger keys that can be used to move from location to location)
^^ This is how a true cloud solution should be deployed if you want to ensure that your users are actually kept safe [which none of these mother fuckers hold a fidelity to].
1. Distributed (this is critical, because we really need to make sure that the storage is not all in one location or we're fucked) [documentation = https://docs.min.io/docs/distributed-minio-quickstart-guide.html]
2. Extraordinary Amount of Security Here for the Minio Servers = https://docs.min.io/docs/minio-kms-quickstart-guide.html
(could get really greedy here and opt for a post-quantum compiled OpenSSL in order to create exponentially stronger keys that can be used to move from location to location)
^^ This is how a true cloud solution should be deployed if you want to ensure that your users are actually kept safe [which none of these mother fuckers hold a fidelity to].
Vault Project (could be used for integration as a backend storage for the LDAP server ; in order to ensure that we aren't keeping everything on the LDAP server)
1. https://www.vaultproject.io/docs/auth/ldap
2. Enforces access to 'secrets' (can stand in as a "mid-point" of enforcement for protecting user credentials)
(more information about how we will be storing user credentials can be found here = https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588)
1. https://www.vaultproject.io/docs/auth/ldap
2. Enforces access to 'secrets' (can stand in as a "mid-point" of enforcement for protecting user credentials)
(more information about how we will be storing user credentials can be found here = https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588)
LDAP - Auth Methods | Vault | HashiCorp Developer
The "ldap" auth method allows users to authenticate with Vault using LDAP
credentials.
credentials.
Back to Argon2 (briefly)
1. More corroboration that Argon2 uses Blake2b = https://security.stackexchange.com/questions/201714/is-there-any-advantage-to-combining-a-hash-algorithm-with-a-key-derivation-funct
2. Reminder that Argon2 is RFC approved for PHP (>7.3 ; we can implement that with Roundcube reliably now because of that) = https://wiki.php.net/rfc/argon2_password_hash_enhancements [shows their initial RFC application]
3. RFC debate with Argon2 team on PHP = https://externals.io/message/94854
4. SHA-3 Zoo = https://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo (has a comprehensive list of all the hashing algorithms)
^^^ While Blake2b is in there (and is slower than SHA512 - which may not be a bad thing ) - there is still
1. More corroboration that Argon2 uses Blake2b = https://security.stackexchange.com/questions/201714/is-there-any-advantage-to-combining-a-hash-algorithm-with-a-key-derivation-funct
2. Reminder that Argon2 is RFC approved for PHP (>7.3 ; we can implement that with Roundcube reliably now because of that) = https://wiki.php.net/rfc/argon2_password_hash_enhancements [shows their initial RFC application]
3. RFC debate with Argon2 team on PHP = https://externals.io/message/94854
4. SHA-3 Zoo = https://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo (has a comprehensive list of all the hashing algorithms)
^^^ While Blake2b is in there (and is slower than SHA512 - which may not be a bad thing ) - there is still
Information Security Stack Exchange
Is there any advantage to combining a hash algorithm with a key-derivation function?
Let's assume I would like to secure passwords using a modern KDF such as Argon2. The flow of information would look like this: $hash,$salt = argon2id($password, $salt).
Is there any advantage to f...
Is there any advantage to f...
We have to be skeptical of any and all NIST deployments (de facto) no matter what = https://mailarchive.ietf.org/arch/msg/cfrg/dtUZzdkrAFXf2Zth6WiWm3GkprM/ (and this makes that painfully clear)
This response to the 'Modern Crypto' mailing list is what personally has me a bit worried (to a certain extent) about using any NIST curves (which is why we had to swap out on our website) - but still = https://moderncrypto.org/mail-archive/curves/2015/000653.html
Schnorr DLEQ Concerns (referring to Schnorrkell) = https://moderncrypto.org/mail-archive/messaging/2020/002581.html [from moderncrypto.org]
Schnorr's has already been integrated into the $BCH blockchain (lol). Lets see how this rabbit hole goes at some point in the very near future
Schnorr's has already been integrated into the $BCH blockchain (lol). Lets see how this rabbit hole goes at some point in the very near future
Skein
1. More than likely the most secure hash function on planet earth.
2. Skein-1024 is integrated with 'Threefish' (with a threefish bit strength that matches that of the Skein implementation) ; 1024 = 1024 (ratio perfect)
2a. Addressing the concerns regarding Threefish and the alleged attacks that were found on several of its rounds (response from one of the co-authors of Threefish [as well as Skein] = https://crypto.stackexchange.com/questions/11725/has-threefish-successfully-been-attacked-practically-or-theoretically/11727
2b. Attack in question was mentioned in this paper (published by the team ) = http://www.skein-hash.info/sites/default/files/skein1.3.pdf
^^^ SHA-3 finalist (but Keccak was the hash function that won out ; Ethereum is using Keccak as we ll, but not the same iteration as w hat was submitted to the NIST)
3. Threefish McOE Mode = https://eprint.iacr.org/2011/644.pdf [exponentially more secure than the original Threefish - seems that there are *very few individuals out there right now that even know that this exists*] <— that's interesting, going to have to do more homework on this
—-
Is it possible to draw from an implementation of Skein-1024 that utilizes Threefish (1024) McOE mode?
Link that attests to the fact that SKein-1024 is the equivalent of 2^452
1. More than likely the most secure hash function on planet earth.
2. Skein-1024 is integrated with 'Threefish' (with a threefish bit strength that matches that of the Skein implementation) ; 1024 = 1024 (ratio perfect)
2a. Addressing the concerns regarding Threefish and the alleged attacks that were found on several of its rounds (response from one of the co-authors of Threefish [as well as Skein] = https://crypto.stackexchange.com/questions/11725/has-threefish-successfully-been-attacked-practically-or-theoretically/11727
2b. Attack in question was mentioned in this paper (published by the team ) = http://www.skein-hash.info/sites/default/files/skein1.3.pdf
^^^ SHA-3 finalist (but Keccak was the hash function that won out ; Ethereum is using Keccak as we ll, but not the same iteration as w hat was submitted to the NIST)
3. Threefish McOE Mode = https://eprint.iacr.org/2011/644.pdf [exponentially more secure than the original Threefish - seems that there are *very few individuals out there right now that even know that this exists*] <— that's interesting, going to have to do more homework on this
—-
Is it possible to draw from an implementation of Skein-1024 that utilizes Threefish (1024) McOE mode?
Link that attests to the fact that SKein-1024 is the equivalent of 2^452
Cryptography Stack Exchange
Has threefish successfully been attacked (practically or theoretically)?
Reading Schneier's "The Doghouse: Crypteto" dated September 30, 2009, I noticed Bruce Schneier stating:
Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 25...
Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 25...
Minio + Nextcloud (marriage) = https://autoize.ch/minio-as-nextcloud-primary-storage/
Autoize Europe
Definitive Guide to using Minio as NextCloud Primary Storage | Autoize Europe
Minio is an on-premises object storage server that can be deployed as a Minio cluster (with local storage) or as a gateway to other object storage services with their own API such as Backblaze B2, Azure Blob Storage, and Google Cloud Storage. Because Minio…
1. Blake2b Information (straight from one of the creators of the hash algorithm itself) = https://crypto.stackexchange.com/questions/31674/what-advantages-does-keccak-sha-3-have-over-blake2
2. Catalog of hardware implementations for SHA3 competitors = ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations#High-Speed_Implementations_.28ASIC.29
3. Catalog of Hash Functions = https://www.cs.rit.edu/~ark/662/module11/notes.shtml
4. Threefish McOE Mode =https://eprint.iacr.org/2011/644.pdf
5. Php Code for Implementing Argon2id = https://www.php.net/manual/en/function.password-hash.php
6. Argon2id Winner of the Password Hashing Competition =https://password-hashing.net/
Notably, password hashing is in a different category than 'regular' hash functions (for data) - like SHA-based functions.
2. Catalog of hardware implementations for SHA3 competitors = ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations#High-Speed_Implementations_.28ASIC.29
3. Catalog of Hash Functions = https://www.cs.rit.edu/~ark/662/module11/notes.shtml
4. Threefish McOE Mode =https://eprint.iacr.org/2011/644.pdf
5. Php Code for Implementing Argon2id = https://www.php.net/manual/en/function.password-hash.php
6. Argon2id Winner of the Password Hashing Competition =https://password-hashing.net/
Notably, password hashing is in a different category than 'regular' hash functions (for data) - like SHA-based functions.
Cryptography Stack Exchange
What advantages does Keccak/SHA-3 have over BLAKE2?
Keccak/SHA-3 is new NIST standard for cryptographic hash functions. However, it is much slower than BLAKE2 in software implementations. Does Keccak have compensating advantages?
Internet Routing (RPKI) = https://rpki.readthedocs.io/en/latest/rpki/bgp-routing.html [this is a solution that we want to start looking toward in the near future to simply enhance security even more (at least w our website) to ensure that *correct*, non-hijacked routes are being taken in order to visit our site)
^^^ We're quite a bit aways from obtaining such an infrastructure.
^^^ We're quite a bit aways from obtaining such an infrastructure.
(there's a surprising amount of cryptography-related information that we need to disseminate in relation to what we've been working on, on the 'personal' side of things)
So, without further ado - let's get started.
So, without further ado - let's get started.
PrivateBin
Many have heard o this app - but if you haven't go ahead and take a look at their website here: https://privatebin.info/jsdoc/privatebin.js.html
—
Its already pretty well designed (we've peered all through the code).
Some of the things that we're working on now, however, to enhance its efficacy:
1. Mixing in better ciphers for AEAD. While AES-256 is great, its more so for raw encryption (keeping contents private vs. authenticating information) <— not to say that AES can't do a great job at this as well.
2. In particular, since we're dealing with data streams, xchacha20-poly1305 doesn't seem like a bad option.
Pending RFC for xChaCha20-Poly1305 = https://tools.ietf.org/html/draft-arciszewski-xchacha-00
—-
3. We're also working on upgrading the hashing algorithm (preferably implementing Argon2 as a drop-in replacement or, at the very least, swapping the PBKDF-256 algo for ssha-512 instead <— this is necessary because of the proliferation of Bitcoin miners that are out here capable of mining 110TH/s
The issue here is that the code authenticates some of the web client data to the fingerprint of the deployment (there are also some Web Crypto issues as well)
^^ These are not things that cannot be worked around, but they're still issues nonetheless.
*Edit* = Relevant code can be found here - https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-the-loading-message-not-go-away
Many have heard o this app - but if you haven't go ahead and take a look at their website here: https://privatebin.info/jsdoc/privatebin.js.html
—
Its already pretty well designed (we've peered all through the code).
Some of the things that we're working on now, however, to enhance its efficacy:
1. Mixing in better ciphers for AEAD. While AES-256 is great, its more so for raw encryption (keeping contents private vs. authenticating information) <— not to say that AES can't do a great job at this as well.
2. In particular, since we're dealing with data streams, xchacha20-poly1305 doesn't seem like a bad option.
Pending RFC for xChaCha20-Poly1305 = https://tools.ietf.org/html/draft-arciszewski-xchacha-00
—-
3. We're also working on upgrading the hashing algorithm (preferably implementing Argon2 as a drop-in replacement or, at the very least, swapping the PBKDF-256 algo for ssha-512 instead <— this is necessary because of the proliferation of Bitcoin miners that are out here capable of mining 110TH/s
The issue here is that the code authenticates some of the web client data to the fingerprint of the deployment (there are also some Web Crypto issues as well)
^^ These are not things that cannot be worked around, but they're still issues nonetheless.
*Edit* = Relevant code can be found here - https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-the-loading-message-not-go-away
GitHub
FAQ
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. - PrivateBin/PrivateBin
Read Command for Linux
Somewhat outdated, but its still entirely relevant to this channel - for those of you that may be running cryptographic operations in your terminal.
Links:
1. https://medium.com/@blackode/read-command-linux-shell-ee84a45591f5
2. https://www.geeksforgeeks.org/read-command-in-linux-with-examples/
3. https://linuxhandbook.com/read-command/
4. https://www.baeldung.com/linux/read-command
^^ All of these are great resources to read up on when it comes to the Linux 'read' command.
This is what you want to use in order to pipe in passwords on the terminal (versus typing them out directly).
For most UNIX OSes, they keep a pretty robust log of all of the commands run.
Somewhat outdated, but its still entirely relevant to this channel - for those of you that may be running cryptographic operations in your terminal.
Links:
1. https://medium.com/@blackode/read-command-linux-shell-ee84a45591f5
2. https://www.geeksforgeeks.org/read-command-in-linux-with-examples/
3. https://linuxhandbook.com/read-command/
4. https://www.baeldung.com/linux/read-command
^^ All of these are great resources to read up on when it comes to the Linux 'read' command.
This is what you want to use in order to pipe in passwords on the terminal (versus typing them out directly).
For most UNIX OSes, they keep a pretty robust log of all of the commands run.
Medium
Read Command Linux Shell
Reading is a good habit.
Argon2id
We've been doing a *ton* of work with Argon2id lately!
If you're not up to date on this password bashed hashing algorithm, then we'd recommend that you read up!
^^^ That doesn't mean that the most popular alternatives (i.e., ssha512 / ssha256) are inferior as solutions to Argon2 when it comes to password based hashing (there are other things that PBKDF / HMAC-based hash functions from the SHA family are superior in, we'll get to those thigns later)
Relevant Links & Resources:
1. Argon2 Specification = https://password-hashing.net/argon2-specs.pdf
2. Password Hashing Competition Winner (yes, this is a legitimate competition) = https://password-hashing.net/
3. Official GitHub for Argon2 = https://github.com/p-h-c/phc-winner-argon2
4. Another Great Git Repo for Argon2 (if you're going to visit the other, it only makes sense to check this one out as well) = https://github.com/antelle/argon2-browser
^^ *side note*: 'Keeweb' (open source password manager, been around 10+ years - very much trusted by the community) has already implemented a version of their password vault client (100% free, as always) that incorporates the Argon2 hash + salting algo.
The relevant code for that facet of its functionality can be found here:
https://github.com/keeweb/keeweb/blob/develop/app/noscripts/util/kdbxweb/kdbxweb-init.js#L11
We've been doing a *ton* of work with Argon2id lately!
If you're not up to date on this password bashed hashing algorithm, then we'd recommend that you read up!
^^^ That doesn't mean that the most popular alternatives (i.e., ssha512 / ssha256) are inferior as solutions to Argon2 when it comes to password based hashing (there are other things that PBKDF / HMAC-based hash functions from the SHA family are superior in, we'll get to those thigns later)
Relevant Links & Resources:
1. Argon2 Specification = https://password-hashing.net/argon2-specs.pdf
2. Password Hashing Competition Winner (yes, this is a legitimate competition) = https://password-hashing.net/
3. Official GitHub for Argon2 = https://github.com/p-h-c/phc-winner-argon2
4. Another Great Git Repo for Argon2 (if you're going to visit the other, it only makes sense to check this one out as well) = https://github.com/antelle/argon2-browser
^^ *side note*: 'Keeweb' (open source password manager, been around 10+ years - very much trusted by the community) has already implemented a version of their password vault client (100% free, as always) that incorporates the Argon2 hash + salting algo.
The relevant code for that facet of its functionality can be found here:
https://github.com/keeweb/keeweb/blob/develop/app/noscripts/util/kdbxweb/kdbxweb-init.js#L11
What's the Big Deal?
Many that aren't really familiar with cryptography often confuse hashing with encryption.
There is a marked difference between the two operations. As such, both functions require entirely different operations.
The cryptographic 'primitive' that you are probably most familiar with = SHA-256 (used in Bitcoin)
To be clear, there are no native encryption mechanisms for Bitcoin - so when we dig into the cryptography laced within its protocol we're working with someone of a 'deficit' (if we're to consider a privacy a desired solution)
^^ But we digress
—
SHA-Based Hash Algorithms Are Designed or Speed
Contrary to Argon2 (which is memory-intensive to a much greater extent than 'Scrypt') - SHA-based algorithms are designed to be optimized by hardware.
This may seem counterintuitive, but when in an environment where quickly hashing & validating information is of importance (i.e., 'live-time' encryption "on the fly" where hash algorithms are needed to rapidly assess the integrity of whatever assets are being transferred / obtained /etc.)
One example of an app that we have deployed (open source) where this means of hashing (plus authenticating data) is favorable vs. Argon2id = StandardNotes (encrypted, synced notes manager)
Link = https://standardnotes.org/
Every note created on the app has its own signature & the notes are encrypted + synced constantly in live time, so its critical that an effective hash algorithm can be deployed in this situation that allows for efficient authentication / verification.
Many that aren't really familiar with cryptography often confuse hashing with encryption.
There is a marked difference between the two operations. As such, both functions require entirely different operations.
The cryptographic 'primitive' that you are probably most familiar with = SHA-256 (used in Bitcoin)
To be clear, there are no native encryption mechanisms for Bitcoin - so when we dig into the cryptography laced within its protocol we're working with someone of a 'deficit' (if we're to consider a privacy a desired solution)
^^ But we digress
—
SHA-Based Hash Algorithms Are Designed or Speed
Contrary to Argon2 (which is memory-intensive to a much greater extent than 'Scrypt') - SHA-based algorithms are designed to be optimized by hardware.
This may seem counterintuitive, but when in an environment where quickly hashing & validating information is of importance (i.e., 'live-time' encryption "on the fly" where hash algorithms are needed to rapidly assess the integrity of whatever assets are being transferred / obtained /etc.)
One example of an app that we have deployed (open source) where this means of hashing (plus authenticating data) is favorable vs. Argon2id = StandardNotes (encrypted, synced notes manager)
Link = https://standardnotes.org/
Every note created on the app has its own signature & the notes are encrypted + synced constantly in live time, so its critical that an effective hash algorithm can be deployed in this situation that allows for efficient authentication / verification.
For Password-Based Algorithms You Want to Seek the Opposite
It goes without saying, but when it comes to securely storing one's password, whatever cryptographic primitives that are used to secure it should be:
A) Memory intensive (i.e., 'Argon2id' ; this is a variation of the Argon2 hash / salt scheme we've been discussing up to this point, but we'll get to that later)
B) Extensive to hash (even i this results in somewhat of a higher load for the hardware / chip that's going to need to ultimately run the cryptographic scheme in live time) .
We need to keep in mind that we don't need to access passwords that often. And, comparatively speaking, they're very tiny pieces of data (vs. the amount of encrypted data that must be encrypted + decrypted + synced back & forth continuously when it comes to ensuring StandardNotes continued functionality).
C) Encrypt, then MAC (in that order, specifically) = https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
This is age old wisdom handed down from the OGs of cryptography and math.
Pay heed.
D) Understand **what kind of mode you should be using if you're implementing AES encryption (yes, it does matter - substantially - in terms of both performance + security).
E)
It goes without saying, but when it comes to securely storing one's password, whatever cryptographic primitives that are used to secure it should be:
A) Memory intensive (i.e., 'Argon2id' ; this is a variation of the Argon2 hash / salt scheme we've been discussing up to this point, but we'll get to that later)
B) Extensive to hash (even i this results in somewhat of a higher load for the hardware / chip that's going to need to ultimately run the cryptographic scheme in live time) .
We need to keep in mind that we don't need to access passwords that often. And, comparatively speaking, they're very tiny pieces of data (vs. the amount of encrypted data that must be encrypted + decrypted + synced back & forth continuously when it comes to ensuring StandardNotes continued functionality).
C) Encrypt, then MAC (in that order, specifically) = https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
This is age old wisdom handed down from the OGs of cryptography and math.
Pay heed.
D) Understand **what kind of mode you should be using if you're implementing AES encryption (yes, it does matter - substantially - in terms of both performance + security).
E)