Collaborate Disseminate
In my case: I have an old dedicated PC which I have named "server". The ISP gives it a full dynamic IP and is very hard to update dynamic DNS constantly with my records.
The (free) certificates ask for a hostname or a fixed IP. S… Continue reading What is the problem in manually implementing the SSL handshake at app layer? [closed]
I have a small ARM M0 SoC and a smartphone as actors. Encryption keys used are Elliptic curve.
My current security is implemented such that:
the SoC has 128 bit hashes of phone public keys (vs 512 bit – due to storage space constraints)
t… Continue reading Does partial public key pre-sharing and partial public key exchange improve security vs one-sided public key sharing [migrated]
Is there anything wrong with hashing(with SHA256) the shared secret generated by ECDH that is 384 bits long and using that as the AES key? Is there a difference between that and, say, truncating the 384 bits down to 256.
Edit:
And would th… Continue reading Generating AES 256 key from ECDH P-384
I know that both algorithms are similar to the Diffie-Hellman key exchange and are used for exchanging secret keys in a group but I still cannot figure out the key differences between both algorithms.
Is the difference only in the number o… Continue reading Explanation of Burmester-Desmedt group key exchange and Ingemarsson-Tang-Wong (ITW) group key exchange algorithm [migrated]
Courses giving introduction to cryptography often refer to an example where Alice and Bob need to communicate through an evil postman, and dispose each of a lock, its key and a box in which to send the message.
The solution then given is t… Continue reading Question regarding DH/RSA/Public key cryptography [closed]
In the Server hello, I got the below Cipher suite
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Now, I know that we are using DHE for the key exchange, we are using RSA for the authentication, and AES for the encryption, and I know the complete pro… Continue reading What’s the use of HMAC or hashing in TLS or SSL inspection
When I installed the openvpn server following these instructions, the work flow was like below
Create ca.crt
Create server.key and cert
Create client.key and cert
As far as I know, when A and B are communicating with each other, A needs … Continue reading Why does the OpenVPN server need to keep client’s private key?
In TLS 1.2 the messages sent by client are encrypted under ClientWrite, and the messages send by server are encrypted under ServerWrite.
What about TLS 1.3? I don’t see any Pre-Master-Secret being generated so what’s the encryption and the… Continue reading What Keys Are Used in TLS 1.3?
I have a JBoss application running on openjdk version "1.8.0_212" where I can influence the security settings via the java.security file. However, using this line:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySiz… Continue reading disabledAlgorithms ‘DH keySize < 2048’ ignored
I want my web server to be as compatible as possible with old clients, even clients without TLSv1.2 and ECDHE support.
What ciphers should be supported for legacy clients, and in what order should they be preferred?
ssl-config.mozilla.org … Continue reading TLSv1: should DHE be enabled?