crypto

Secrets from the future!

tools

gpg

tor

i2p

cryptocurrency

Signal

backdoored locally and remotely
- Intel has the SGX keys and AU is a Five Eye Country
PQXDH for post quantum key exchange
- uses fairly well known constructs

openssl

Generate a CA
- CA file "ca.pem" and CA key "privkey.pem" openssl req -out ca.pem -new -x509
Generate server certificate/key pair (no password required)
- openssl x509 -in your_ca_file.crt -text to dump file
- openssl genrsa -out server.key 1024
- openssl req -key server.key -new -out server.req
- openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem
  - contents of "file.srl" is a two digit number. eg. "00"

notes

EC
- safe curves should be rigid and parameters justified
Quantum
- SIKE broken in 4th round of NIST
- Lattice based
  - Bernstein in court against NIST for potential NSA tampering again (weak keysize?)
  - openssh added hybrid NTRU-Prime (Bernstein on team) for key exchange encryption despite NIST/NSA being against 'hybrid' schemes
    - Bernstein rebutall that hybrid is fine
  - NIST choose CRYSTALS-Kyber(side channel power attack) for KEM encryption with CRYSTALS-DILITHIUM for signatures. Falcon is alternative signature scheme
    - NTRU may be considered if the patent issues with kyber are not resolved
    - Falcon has smallest signature but needs masking for side channel attack (perf affected as it needs constant-time floating point arithmetic)
    - CRYSTALS-Kyber may change nested hashes for security to hold
      - Kyber is weaker key than advertised
- NIST choose hash based signatures SPHINCS+ as a balance to lattice based signatures
  - highest level of security assurance but large signatures of 8-50 kilobytes
Dual_EC_DRBG backdoor pushed into NIST standards from NSA
NSA coerced weak DES keysize of 56 bits
NSA coerced weak DSA keysize of 512 bits
NSA operation ORCHESTRA weakens oss projects openssl,python,CA's etc
Bernstein (EFF) v United States
- was classed as munitions in 1992 with limited key size for export controls
- Phil Zimmermann (pgp creator) published code as book (PGP Source Code and Internals) to avoid munitions export in 1994 after criminal investigation for his producing of privacy software
- ruled software code is protected under 1st amendment as free speech in 1999 (4 years in court)
FCC illegal encrypted HAM bands
Nist randomness beacon https://beacon.nist.gov/home
NIST does not recommend rotating passwords regularly
SMS 2FA is insecure with sim swapping attacks
ed25519 signatures
- batch vs single verification
- oracle pubkey attack
  - https://github.com/dalek-cryptography/ed25519-dalek/pull/205
- malleability
  - ed25519-dalek verify_strict
- blinded keys
- keygen diagram