Collaborate Disseminate
I understand that there are symmetric and asymmetric (public-key) cyphers. The first have the same key used for encryption and decryption, while the second use a public key for encryption and a private key for decryption.
I understand that… Continue reading How do different types of cyphers relate together?
I’m trying to find evidence of use of the associated data (authenticated cleartext associated with the encrypted and authenticated data) feature offered by AEAD (Authenticated Encryption with Associated Data) construction in a real world p… Continue reading Does any real world protocol makes use of the associated data in AEAD?
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy but it doesn’t use GCM mode and use SHA1 TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and SHA2 but it doesn’t support forward secrecy. Which one is more secure?
My test tool uses java and I need it to use TLS_DHE_RSA_WITH_AES_128_CCM.
Does standard java (Oracle) support CCM cipher suites?
I am seeing oracle links mentioning CCM but am not able to make it work.
Will any policy or setting change mak… Continue reading Java support for TLS_DHE_RSA_WITH_AES_128_CCM
I tried the settings below to remove the CBC cipher suites in Apache server,
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1… Continue reading How do I remove/disable the CBC cipher suites in Apache server?
We are using IIS on Windows 2012-R2 server to host dotnet apps. From the app, when we try connecting to an external 3rd party api we see TLS handshake failure. On running ssllabs test on that api, I see that they support only below suites…. Continue reading Can we add TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 on windows server 2012 using gpedit although not supported by windows OS by default?
I hope this question is on-topic:
Learning about the eNULL "encryption" and the related warning, I wanted to list all ciphers than include eNULL:
~> openssl ciphers -v eNULL
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any … Continue reading Why does `openssl ciphers -v eNULL` list `TLS_CHACHA20_POLY1305_SHA256` (and similar)?
The vulnerability scanner recommends for SSL/TLS on Windows 2012:
Replace the certificate in the chain with the RSA key less than 2048
bits in length with a longer key, and reissue any certificates signed
by the old certificate.
How to r… Continue reading How to Replace SSL certificate using RSA key less than 2048 bits [closed]
I am at my wits end. While looking through various editions in a major NFT project I am involved in, I started seeing many tokens minted with a similar looking code format.
XFDABCDCAEFBADCCDC
As a curious person and a lover of treasure hun… Continue reading 170 Cipher Texts found minted in an NFT project [closed]
I read in the book that you cannot use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers:
We
need some type of random number generator to derive the key stream. First, we note
that we cannot use a TRNG since, by… Continue reading Why can’t you use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers?