VirtualTam's bookmarks

1. Breaking CityHash64, MurmurHash2/3, wyhash, and more... 2024-11-03

   tags: cryptography/hash, programming/c++

   [ permalink ]

   • Hash-flooding DoS reloaded: attacks and defenses (PDF)
2. SSHFP - Secure SHell FingerPrint DNS Records 2024-10-27

   tags: cryptography/elliptic-curve, network/dns, network/dnssec, network/ssh

   [ permalink ]

   • IANA - DNS SSHFP Resource Record Parameters
   • ssh - How do I generate SSHFP records?
   • Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS
     • gehaxelt/sshfp-dns-measurement
     • APNIC - Improving SSH’s security with SSHFP DNS records

   RFCs:

   • RFC 4251 - The Secure Shell (SSH) Protocol Architecture
   • RFC 4255 - Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
3. Building a Kubernetes Home Lab on the Raspberry Pi 2024-05-28

   tags: cryptography/certificate-authority, distributed-system, linux/container, linux/container/kubernetes, network/dns, raspberry-pi, self-hosting

   [ permalink ]

   1. Architecture & Roadmap
   2. Setup Kubernetes Management Node and Private Certificate Authority
   3. Configuring a Multi-Architecture Build Process
   4. Local DNS Services
4. smallstep/certificates - A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management 2024-05-27

   tags: cryptography/certificate, cryptography/certificate-authority, network/http, network/http-server/traefik, network/reverse-proxy, network/transport-layer-security, programming/go

   [ permalink ]

   • Run a private online TLS certificate authority in a Docker container
   • Configure popular ACME clients to use a private CA with the ACME protocol
   • Run your own private CA & ACME server using step-ca
   • Build a Tiny Certificate Authority For Your Homelab
5. The Copenhagen Book - General guidelines on implementing authentication and authorization in web applications 2024-04-05

   tags: cryptography/hash, memory/cache, network/http, network/http/cookie, programming/go, security/authentication, security/authorization, security/oauth, security/password

   [ permalink ]

   • pilcrowOnPaper/copenhagen
6. Bloom Filters 2024-03-31

   tags: cryptography/hash, data-structure/bloom-filter, memory/cache, programming/javascript, visualization

   [ permalink ]

   • Akamai - Algorithmic Nuggets in Content Delivery
   • Hashing
   • samwho/visualisations
7. The Sunlight Certificate Transparency Log 2024-03-16

   tags: cryptography/certificate, cryptography/certificate-authority, data-structure/tree, data-structure/tree/merkle-tree, letsencrypt, programming/go

   [ permalink ]

   • Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost
   • Transparent Logs for Skeptical Clients
   • C2SP/C2SP - Community Cryptography Specification Project
   • FiloSottile/sunlight
   • transparency-dev/serverless-log
8. haiti - Hash Type Identifier 2024-03-14

   tags: command-line, cryptography/hash, programming/ruby

   [ permalink ]
9. We build X.509 chains so you don’t have to 2024-01-26

   tags: cryptography/certificate, programming/go, programming/python, programming/rust

   [ permalink ]

   • pyca/cryptography - src/rust/cryptography-x509-verification
   • C2SP/x509-limbo - A suite of testvectors for X.509 certificate path validation and tools for building them
10. Debian Package Repository - Instructions to connect to a third-party repository (with Ansible) 2024-01-06

    tags: configuration-management/ansible, cryptography/pgp, cryptography/pgp/gnupg, linux/debian, linux/ubuntu, packaging

    [ permalink ]

    • apt_key deprecated in Debian/Ubuntu - how to fix in Ansible
    • ansible.builtin.deb822_repository - Add and remove deb822 formatted repositories
    • ansible/ansible#78063 - ansible.builtin.apt_key adds keys to a deprecated location
    • Example usages of the new deb822_repository Ansible module
    • Ubuntu [Spec] APT deb822 sources by default
11. Sequoia-PGP - OpenPGP Implementation in Rust 2023-11-09

    tags: command-line, cryptography/encryption, cryptography/pgp, cryptography/pgp/gnupg, linux/debian, linux/fedora, programming/rust, security

    [ permalink ]

    • Talk about OpenPGP interop testing at the IETF 110
    • sequoia-pgp/sequoia - APIs for dealing with OpenPGP data
    • sequoia-pgp/sequoia-sq - the Sequoia-PGP command line tool
    • RpmSequoia
12. HAProxy - TLS Termination Setup 2023-07-24

    tags: cryptography/encryption, network/http, network/http-server/haproxy, network/reverse-proxy, network/transport-layer-security, security

    [ permalink ]

    • Traffic Routing - Rewrite Requests
    • Client IP Preservation - X-Forwarded-For
    • HAProxy & HTTP Strict Transport Security (HSTS)
    • Secure Cookies Using HAProxy Enterprise
13. passkeys - Hello passkeys! Goodbye passwords. 2023-06-11

    tags: cryptography/public-key-infrastructure, internet/browser/chrome, internet/browser/firefox, mobile/android, mobile/ios, security/authentication

    [ permalink ]

    Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing-resistant.

    • https://fidoalliance.org/passkeys/
    • Apple Developer - Passkeys Overview
    • Apple Support - About the security of passkeys
    • Google Identity - Passwordless login with passkeys
    • Google Blog - The beginning of the end of the password
    • Google Security Blog - So long passwords, thanks for all the phish
    • Chromium BLog - Introducing passkeys in Chrome
    • Tailscale doesn't want your password
    • Tailscale - Custom OIDC Providers
    • YubiKeys, passkeys and the future of modern authentication
    • A Yubico FAQ about passkeys
    • Why Passkeys Will Be Simpler and More Secure Than Passwords
    • Passkeys: A shattered dream
14. WebAuthn - An API for accessing Public Key Credentials 2023-06-11

    tags: cryptography/public-key-infrastructure, internet/browser, security/authentication

    [ permalink ]

    The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password.

    • Guide to Web Authentication
    • Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn [PDF]
    • Issue 664630: Web Authentication API for Chrome
    • Bugzilla - [meta] Update WebAuthn JS API to the L1-REC spec
    • keepassxc#1870 - Feature Request: Integration with the Web Authentication API
15. OpenSSL Cookbook 2023-05-31

    tags: cryptography/certificate, network/http, network/transport-layer-security, openssl

    [ permalink ]

    The definitive guide to using the OpenSSL command line for configuration and testing.

    Topics covered in this book include:

    • key and certificate management,
    • server configuration,
    • a step by step guide to creating a private CA,
    • testing of online services.
16. Crypto Museum - Barbie Typewriter 2023-02-18

    tags: cryptography, museum

    [ permalink ]

    • https://www.youtube.com/watch?v=7Gwhx-uG5h8
17. Debugging Certificate Errors 2023-02-18

    tags: cryptography/certificate, curl, network/http, network/transport-layer-security, openssl

    [ permalink ]

    • https://www.netmeister.org/whatsthatcert/
18. badssl.com - Memorable site for testing clients against bad SSL configs 2023-02-18

    tags: cryptography/certificate, internet/browser/chrome, network/http, network/transport-layer-security

    [ permalink ]

    • https://github.com/chromium/badssl.com
19. The Rust Rand Book - Extended documentation for Rust's Random number library 2022-12-22

    tags: cryptography, cryptography/random, programming/rust

    [ permalink ]

    • https://github.com/rust-random/rand/
    • https://github.com/rust-random/book/
    • https://crates.io/crates/rand
20. Cloudflare Research | OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks 2022-07-12

    tags: cryptography/encryption, security/authentication, security/password

    [ permalink ]

    • https://blog.cloudflare.com/opaque-oblivious-passwords/
    • OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks
    • https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-opaque
    • https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/