From 455c70a40da9e734aea9c5d5f04c3ea561f6ac0b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Aug 26 2016 09:52:08 +0000 Subject: [PATCH 1/2] crypto primitives: updated section and listed recommended libraries --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index 1bafc2a..37312cd 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -12,35 +12,52 @@ RSA with 2048 bit keys and OAEP - AES-128 in CBC mode + AES-256 in CBC mode SHA-256 + SHA3-256 HMAC-SHA-256 HMAC-SHA-1 + The following encryption primitives are safe to use when combined + with a method that guarrantees unique nonces (e.g., a counter or + ECB encryption with a 64-bit cipher). + + + AES-256 in GCM mode + CHACHA20-POLY1305 + + Other cryptographic algorithms can be used if they are required for interoperability with existing software: RSA with key sizes larger than 1024 and legacy padding - AES-192 - AES-256 - 3DES (triple DES, with two or three 56 bit keys) - RC4 (but very, very strongly discouraged) + AES under CCM mode + 3DES (triple DES, with three 56 bit keys) for short data transmission SHA-1 HMAC-MD5 Important - These primitives are difficult to use in a secure way. Custom + Cryptographic primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network - transmissions, TLS should be used (). + transmissions, TLS should be used (). + + For crypto primitives, we recommend to use one of the following cryptographic libraries. + + + OpenSSL's libcrypto + GNUTLS' provided primitives (restricted to TLS-related crypto) + nettle crypto library + GnuPG's crypto library (libgcrypt) + NSS' provided primitives via the PKCS#11 API + From 5a81b08d34117a433caa619f852a97b2c273f4ce Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Aug 26 2016 09:52:11 +0000 Subject: [PATCH 2/2] crypto primitives: added text on getrandom --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index 37312cd..e4048e3 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -92,6 +92,9 @@ os.urandom in Python + The getrandom system call + + Reading from the /dev/urandom character device @@ -115,6 +118,21 @@ using these functions. + + Difficult to use API + + The getrandom system call has three-state + return values, hence requires careful error checking. + + + It was introduced in Linux kernel 3.17, but as of glibc 2.22 no API wrappers are + provided. As such one can only use it via the syscall interface + as syscall(SYS_getrandom, (void*)dest, (size_t)size, (unsigned int)0). + For portable code targetting older kernel versions one has to check + for the function being available on run-time, and switch to another + facility if the running kernel doesn't support this call. + + Other sources of randomness should be considered predictable.