|
S2n
s2n-tls, originally named s2n, is an open-source C99 implementation of the Transport Layer Security (TLS) protocol developed by Amazon Web Services (AWS) and initially released in 2015. The goal was to make the code—about 6,000 lines long—easier to review than that of OpenSSL—with 500,000 lines, 70,000 of which are involved in processing TLS. History s2n was first released in June 2015 on GitHub. AWS said that the name "s2n" stands for signal to noise as a nod "to the almost magical act of encryption—disguising meaningful signals, like your critical data, as seemingly random noise". In 2022 AWS renamed it from s2n to s2n-tls. It has been the subject of several external reviews as well as penetration testing. Galois, Inc. has conducted formal verification of components of s2n-tls. In 2015, independent security researchers described a variant of the Lucky Thirteen attack against s2n, even though s2n included countermeasures intended to prevent timing attacks. In respon ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Lucky Thirteen Attack
A Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation, first reported in February 2013 by its developers Nadhem J. AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London. Includes list of which software versions are vulnerable. Attack It is a new variant of Serge Vaudenay's padding oracle attack that was previously thought to have been fixed, that uses a timing side-channel attack against the message authentication code (MAC) check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack. "In this sense, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, it is a truism that attacks only get better with time, and we cannot anticipate what improvements to our attacks, or entirely new attacks, may yet be discov ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Application-Layer Protocol Negotiation
Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish HTTP/2 connections without additional round trips (client and server can communicate over two ports previously assigned to HTTPS with HTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection). Support ALPN is supported by these libraries: * BSAFE Micro Edition Suite since version 5.0 * GnuTLS since version 3.2.0 released in May 2013 * MatrixSSL since version 3.7.1 released in December 2014 * Network Security Services since version 3.15.5 released in April 2014 * OpenSSL since version 1.0.2 released in January 2015 * LibreSSL since version 2.1.3 released in January 2015 * mbed TLS (previously PolarSSL) sin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Block Cipher Mode Of Operation
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV must be non-repeating, and for some modes must also be random. The initialization vector is used to ensure that distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key. Block ciphers may be capable of operating on more than one block size, but during transformation the block size is always fixed. Block cipher modes ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Diffie–Hellman Key Exchange
Diffie–Hellman (DH) key exchangeSynonyms of Diffie–Hellman key exchange include: * Diffie–Hellman–Merkle key exchange * Diffie–Hellman key agreement * Diffie–Hellman key establishment * Diffie–Hellman key negotiation * Exponential key exchange * Diffie–Hellman protocol * Diffie–Hellman handshake is a mathematical method of securely generating a symmetric cryptographic key over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a tr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Forward Secrecy
In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised, limiting damage. For TLS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys. Forward secrecy protects data on the transport layer of a network that uses common transport layer security protocols, including OpenSSL, when its long-te ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Triple DES
In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Data Encryption Standard (DES) is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power; Triple DES increases the effective security to 112 bits. A CVE released in 2016, CVE-2016-2183', disclosed a major security vulnerability in the DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of 3DES, led to NIST deprecating 3DES in 2019 and disallowing all uses (except processing already encrypted data) by the end of 2023. It has been replaced with the more secure, more robust AES. While US government and industry standards abbreviate the algorithm's name as TDES (Triple DES) and TDEA (Triple Data Encryption Algorithm), RFC 1851 referred to it as 3DES from the tim ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Galois/Counter Mode
In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources. The GCM algorithm provides both data authenticity (integrity) and confidentiality and belongs to the class of authenticated encryption with associated data (AEAD) methods. This means that as input it takes a key K, some plaintext P, and some associated data AD; it then encrypts the plaintext using the key to produce ciphertext C, and computes an authentication tag T from the ciphertext and the associated data (which remains unencrypted). A recipient with knowledge of K, upon reception of AD, C and T, can decrypt the ciphertext to recover the plaintext P and can check the tag T to ensure that neither ciphertext nor associated data were tampered with. GCM uses a block cipher with block size 128 bi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Block Cipher Mode Of Operation
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV must be non-repeating, and for some modes must also be random. The initialization vector is used to ensure that distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key. Block ciphers may be capable of operating on more than one block size, but during transformation the block size is always fixed. Block cipher modes ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant of the Rijndael block cipher developed by two Belgium, Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the Advanced Encryption Standard process, AES selection process. Rijndael is a family of ciphers with different key size, key and Block size (cryptography), block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the Federal government of the United States, U.S. government. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode is to convert information into cipher or code. In common parlance, "cipher" is synonymous with "code (cryptography), code", as they are both a set of steps that encrypt a message; however, the concepts are distinct in cryptography, especially classical cryptography. Codes generally substitute different length strings of characters in the output, while ciphers generally substitute the same number of characters as are input. A code maps one meaning with another. Words and phrases can be coded as letters or numbers. Codes typically have direct meaning from input to key. Codes primarily function to save time. Ciphers are algorithmic. The given input must follow the cipher's process to be solved. Ciphers are commonly used to encrypt written info ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Online Certificate Status Protocol
The Online Certificate Status Protocol (OCSP) is an Internet Communication protocol, protocol used for obtaining the revocation status of an X.509 digital certificate. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP Server (computing), servers being termed ''OCSP responders''. Some web browsers (e.g., Firefox) use OCSP to validate HTTPS certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration. Certificate authority, Certificate authorities (CAs) were previously required by the CA/Browser Forum to provide OCSP service, but this requirement was removed in July 2023 , making OCSP optional and CRLs required again. Let's Encrypt ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Server Name Indication
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in Background of the problem Prior to SNI, when making a TLS connection, the client had no way to specify which ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
