Crypto Fun BitMessage

1. Crypto Fun BM-2cVUcKtDv7wqDXBgJD5cm35YjQ8Bq2skLu
2. Mar 7 20:15
3.  
4. Crypto Fun
5. The following seem to be commonly listed as "best practices" for doing crypto things...
6.  
7. No SSL version should be used ( SSLv1 has been known to be insecure, SSLv2 had problems, and SSLv3 had public issues like POODLE), use TLS instead
8. TLS v1.2 is the most current, and accepted practice is to use this.
9. Disable the ability to downgrade the protocol (e.g., wanted TLSv1.2, but didn't have it available, do the protocol auto-downgrades to SSLv2 for example)
10. Disable TLS compression (see public vulns like CRIME, BEAST, ...)
11. (Perfect) Forward Secrecy is a great thing. Ephemeral Keying/Ephemeral Diffie-Hellman.
12. Use of RC4 is a no-no
13. AES w/ GCM mode is commonly accepted as the go-to right now
14. Certificate Pinning is also a best practice.
15. SHA1 is a no-no
16. HTTP Compression can cause problems (see vulns TIME & BREACH)
17. Beware/Disable Session ID/Session Tickets (i.e., SSL/TLS Session Resumption) caching of key material can be bad....
18. Disabling session renegotiation is likely a good thing.
19. Diffie-Hellman parameters should be greater than RSA key size
20. For ephemeral DH (e.g., Perfect Forward Secrecy), the normal way TLS does it is that DH parameters are generated ahead of time and "belong" to the server
21. The above implies that for a "communication pair" (composed of keys and certs for a client<->listener combo), one should probably generate new parameters along with keys & certs?
22. Elliptic Curves are considered preferred, but not necessarily widespread.
23. Finding out about elliptic curve selection (e.g., specifying a curve to use) is a PITA. ECC has a "bit rating" which is equivalent to some (greater) amount of RSA-bits.
24. NIST has preferred/specified curves (e.g., P-384, P-521) which made it into a FIPS standard (186-3)
25. Standards for Efficient Cryptography (SECG) also has recommended curves (SEC-2 Recommended Elliptic Curve Domain Parameters) (e.g., secp256r1, secp521r1)
26. ANSI also has standards (e.g., X9.62, X9.63)
27. in general, one selects a 'generic' "key strength" in units of bits, then determines an equivalent key strength for elliptic curve, then selects a provided, "standard" curve (e.g., P-384)
28. So, for teh ultimateZ in fun:
29.  
30. TLS v1.2, AES-256, GCM, SHA2+, EC bits >= 256, DH Params >= 2048
31. AES-256, EC512, SHA512
32. Some useful links/references:
33.  
34. Standards for Efficient Cryptography (www.secg.org) (Version 2 was current as of this writing)
35. Applied Crypto Hardening, https://bettercrypto.org
36. Security/Server Side TLS, https://wiki.mozilla.org/Security/Server_Side_TLS
37. SSL/TLS Deployment Best Practices, https://www.ssllabs.com
38. NIST Cryptographic Toolkit, csrc.nist.gov/groups/ST/toolkit/
39. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security, rfc4492, https://tools.ietf.org/html/rfc4492
40. www.keylength.com (shows comparison for key lengths)
41. ECRYPT II, www.ecrypt.eu.org/ecrypt2 (check out the yearly reports on algorithms and key lengths)