1 \section{How to read this guide}
2 \label{sec:how-read-this}
3 This guide tries to accommodate two needs: first of all, having a handy reference on how to configure the most common services' crypto settings and second of all, explain a bit of background on cryptography. This background is essential if the reader wants to chose his or her own cipher string settings.
5 System administrators who want to copy \& paste recommendations quickly without
6 spending a lot of time on background reading on cryptography or cryptanalysis
7 can do so, by simply searching for the corresponding section in chapter
8 \ref{chapter:PracticalSettings} (``Practical recommendations'').
10 It is important to know that in this guide the authors arrived at two recommendations: \textit{Cipher string A} and \textit{Cipher string B}. While the former is a hardened recommendation the latter is a weaker one but provides wider compatibility.
11 \textit{Cipher strings A and B} are described in \ref{section:recommendedciphers}.
14 %string B} covers the most common use-cases (such as running an e-commerce shop,
15 %a private homepage, a mail server, $ \ldots $).
17 However, for the quick copy \& paste approach it is important to know that this
18 guide assumes users are happy with \textit{Cipher string B}.
21 While chapter \ref{chapter:PracticalSettings} is intended to serve as a copy \& paste reference, chapter \ref{chapter:Theory} (``Theory'') explains the reasoning behind \textit{cipher string B}. In particular, section \ref{section:CipherSuites} explains how to choose individual cipher strings. We advise the reader to actually read this section and challenge our reasoning in choosing \textit{Cipher string B} and to come up with a better or localized solution.
23 %We start with some general remarks in sections \ref{section:DH},\ref{section:EllipticCurveCryptography},\ref{section:keylengths} on
24 %If you are a system administrator and want to quickly update your services, jump right to section \ref{section:PracticalSettings}. However, we recommend that you take some time and first read through the theory part (chapter \ref{chapter:Theory}), especially section \ref{section:CipherSuites} on how to choose your own cipher string and then adapt the settings in section \ref{section:PracticalSettings} to your own needs.
26 \tikzstyle{terminator} = [ellipse, draw, minimum height=2em,
27 text width=4.5em, text badly centered, inner sep=0pt]
28 \tikzstyle{decision} = [diamond, draw,aspect=2,
29 text width=10em, text badly centered, node distance=8em, inner sep=0pt]
30 \tikzstyle{block} = [rectangle, draw,inner sep=0pt,
31 text width=17em, text centered, rounded corners, minimum height=4em]
32 \tikzstyle{line} = [draw, very thick, -latex']
33 \tikzstyle{decision answer}=[near start,color=black]
34 \begin{tikzpicture}[scale=1, node distance = 6em, auto]
36 \node [terminator] (start) {Start};
37 \node [block, right of=start, text width=7em, node distance=8em] (intro) {%
38 \nameref{chapter:Intro}};
39 \node [decision, below of=intro] (evaluate) {%
40 No time, I just want to copy \& paste};
41 \node [block, right of=evaluate, node distance=20em] (practical1) {%
42 read \nameref{chapter:PracticalSettings}};
43 \node [block, below of=evaluate,node distance=8em ] (theory) {%
44 To understand why we chose certain settings, read
45 \nameref{chapter:Theory} first};
46 \node [block, right of=theory, node distance=20em] (practical2) {%
47 re-read \nameref{chapter:PracticalSettings}};
48 \node [block, below of =practical2] (appendix) {%
49 \hyperref[appendix]{Appendix}: references, links};
51 \path [line] (start) -- (intro);
52 \path [line] (intro) -- (evaluate);
53 \path [line] (evaluate) -- node [decision answer] {yes} (practical1);
54 \path [line] (evaluate) -- node [decision answer] {no} (theory);
55 \path [line] (practical1) -- (theory);
56 \path [line] (theory) -- (practical2);
57 \path [line] (practical2) -- (appendix);
62 %%% TeX-master: "applied-crypto-hardening"
git.bettercrypto.org / ach-master.git / blob