Christian Lawson-Perfect @christianp

0 posts0 participants0 posts today

Continued thread

**Felix Palmen** @zirias@bsd.cafe · Apr 15

About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.

I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift #PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.

Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.

arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.

**LavX News** @lavxnews@mastodon.cloud · Mar 24

Mar 24

LavX News @lavxnews@mastodon.cloud

Emerging Threat: VanHelsing Ransomware Targets Multiple Platforms with Advanced Techniques

The newly identified VanHelsing ransomware operation is making waves in the cybersecurity landscape by targeting a wide range of systems including Windows, Linux, and ESXi. With its sophisticated encr...

https://news.lavx.hu/article/emerging-threat-vanhelsing-ransomware-targets-multiple-platforms-with-advanced-techniques

#news #tech #Cybersecurity

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Feb 12, 2024

Feb 12, 2024

Kevin Karhan @kkarhan@infosec.space

@brouhaha @argv_minus_one @lispi314 @dushman @mel @lanodan @a1ba Eeyupp...

See #ChaCha20 among others...

**cynicalsecurity** @cynicalsecurity@bsd.network · Feb 13, 2023

Feb 13, 2023

cynicalsecurity @cynicalsecurity@bsd.network

research review

**Eric Puryear** @eric@ericpuryear.com · Jan 8, 2023

Jan 8, 2023

Eric Puryear @eric@ericpuryear.com

Which do you consider to be more secure?

(Yes, I understand that the symmetric cipher itself is almost never the weak point in any modern cryptosystem)

0%AES256
0%AES128
0%CHACHA20
0%All are unbreakable in practice and will remain so

#AES #CHACHA20 #infosec

**Roy Tam** @roytam1@miniwa.moe · Jun 15, 2020

Jun 15, 2020

Roy Tam @roytam1@miniwa.moe

Dropbear 2020.79 is now released. Particular thanks to Vladislav Grishenko
for adding ed25519 and chacha20-poly1305 support which have
been wanted for a while.

This release also supports rsa-sha2 signatures which will be
required by OpenSSH in the near future - rsa with sha1 will
be disabled. This doesn't require any change to
hostkey/authorized_keys files.

Required versions of libtomcrypt and libtommath have been
increased, if the system library is older Dropbear can use
its own bundled copy.

As usual downloads are at
https://matt.ucc.asn.au/dropbear/dropbear.html
https://mirror.dropbear.nl/mirror/dropbear.html

#dropbear #ssh #ed25519 #chacha20

matt.ucc.asn.auDropbear SSH

#chacha20

**r҉ustic cy͠be̸rpu̵nk** @cypnk@mastodon.social · Feb 4, 2020

Feb 4, 2020

r҉ustic cy͠be̸rpu̵nk @cypnk@mastodon.social

This is a fine year for a crypto dance party

#ChaCha20

**Shawn Webb** @lattera@bsd.network · May 23, 2019

May 23, 2019

Shawn Webb @lattera@bsd.network

#FreeBSD HEAD gains the ability to encrypt kernel crash dumps with #ChaCha20: https://svnweb.freebsd.org/changeset/base/348197

svnweb.freebsd.org[base] Revision 348197

**Stéphane Bortzmeyer** @bortzmeyer@mastodon.gougere.fr · Oct 18, 2017

Oct 18, 2017

Stéphane Bortzmeyer @bortzmeyer@mastodon.gougere.fr

Des nouveaux algorithmes pour #IPsec notamment #ChaCha20

#RFC 8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (#ESP) and Authentication Header (#AH) http://www.bortzmeyer.org/8221.html

www.bortzmeyer.org Blog Stéphane Bortzmeyer: RFC 8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)

#cryptographie

Recent searches

Search options

Administered by:

Server stats:

#chacha20