Tobias Dussa [Tue, 17 Dec 2013 21:43:00 +0000 (22:43 +0100)]
Added gitinfo stuff (non-standard packages).
Tobias Dussa [Tue, 17 Dec 2013 21:27:55 +0000 (22:27 +0100)]
Took out unused (and non-standard) LaTeX package.
Tobias Dussa [Tue, 17 Dec 2013 21:26:44 +0000 (22:26 +0100)]
Fixed include problem in howtoread.
Aaron Zauner [Tue, 17 Dec 2013 19:13:54 +0000 (20:13 +0100)]
SHA digest refers to the use of the hash function as message digest, SHA-1 is used as PRF as well in cipher suites :
Aaron Zauner [Tue, 17 Dec 2013 19:11:17 +0000 (20:11 +0100)]
rephrasing and confusion.
Aaron Zauner [Tue, 17 Dec 2013 19:04:45 +0000 (20:04 +0100)]
hence, we can get rid of this TODO here as well, i guess
Aaron Zauner [Tue, 17 Dec 2013 19:04:04 +0000 (20:04 +0100)]
mv "strong enough" -> "strong", remove comment on GCM since GCM is a option. CTR mode would actually be faster
Aaron Kaplan [Tue, 17 Dec 2013 17:28:14 +0000 (18:28 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Tue, 17 Dec 2013 17:27:47 +0000 (18:27 +0100)]
added section on SHA by Florian Mendel. Thank you
cm [Tue, 17 Dec 2013 15:57:06 +0000 (16:57 +0100)]
reference for IPSEC PSK lenght
Aaron Zauner [Tue, 17 Dec 2013 15:48:24 +0000 (16:48 +0100)]
unified text on testing ssh KEX setup
Aaron Zauner [Tue, 17 Dec 2013 15:42:50 +0000 (16:42 +0100)]
added Cisco ASA and IOS SSH section written by kasten iwen. thanks!
Aaron Kaplan [Tue, 17 Dec 2013 15:01:51 +0000 (16:01 +0100)]
typo die die die
Aaron Zauner [Tue, 17 Dec 2013 13:56:27 +0000 (14:56 +0100)]
remove explicit mention of ssllabs since ssltest and sslyze can also be used as well as other tools
Aaron Zauner [Tue, 17 Dec 2013 13:51:13 +0000 (14:51 +0100)]
add CIPHERSTRINGB to imapd.conf
Aaron Zauner [Tue, 17 Dec 2013 13:46:59 +0000 (14:46 +0100)]
PKI: CA.pl is debian/ubuntu. specific, no such thing on RHEL or SLES or EL
Aaron Zauner [Tue, 17 Dec 2013 13:38:29 +0000 (14:38 +0100)]
ensure \newpage for reviewers and further research section, add label
Aaron Zauner [Tue, 17 Dec 2013 13:23:18 +0000 (14:23 +0100)]
clarify incorrect issuing by CAs
Aaron Zauner [Tue, 17 Dec 2013 13:20:32 +0000 (14:20 +0100)]
extended and corrected part on PKI/PKI hardening, added further research and references
Aaron Zauner [Tue, 17 Dec 2013 12:50:18 +0000 (13:50 +0100)]
forgot "::
Aaron Zauner [Tue, 17 Dec 2013 12:49:16 +0000 (13:49 +0100)]
modify pound config to exclude SSLv3 but include our cipherstringb
Aaron Zauner [Tue, 17 Dec 2013 12:46:15 +0000 (13:46 +0100)]
s/choices/options + \n
Aaron Zauner [Tue, 17 Dec 2013 12:44:57 +0000 (13:44 +0100)]
reworked proxy section, rephrased and added content
Aaron Zauner [Tue, 17 Dec 2013 12:34:09 +0000 (13:34 +0100)]
get rid of group 24 in ASA config
Aaron Zauner [Tue, 17 Dec 2013 12:26:25 +0000 (13:26 +0100)]
+for
Aaron Zauner [Tue, 17 Dec 2013 12:25:52 +0000 (13:25 +0100)]
mv AES-GCM AEAD
Aaron Zauner [Tue, 17 Dec 2013 12:24:26 +0000 (13:24 +0100)]
group 24 is also a NIST curve :(
Aaron Zauner [Tue, 17 Dec 2013 12:23:32 +0000 (13:23 +0100)]
get rid of EC groups
Aaron Zauner [Tue, 17 Dec 2013 12:18:47 +0000 (13:18 +0100)]
get rid of comment to generate dh groups
Aaron Zauner [Tue, 17 Dec 2013 12:17:36 +0000 (13:17 +0100)]
get rid of DH group 5 in ASA IKE policies
Aaron Zauner [Tue, 17 Dec 2013 12:13:08 +0000 (13:13 +0100)]
get rid of GMAC in VPN section
Aaron Zauner [Tue, 17 Dec 2013 12:08:28 +0000 (13:08 +0100)]
added cipherstring keyword to webserver section
Aaron Zauner [Tue, 17 Dec 2013 10:09:12 +0000 (11:09 +0100)]
change sentence as recommended by karsten iwen
Aaron Kaplan [Tue, 17 Dec 2013 09:51:59 +0000 (10:51 +0100)]
move the "Ne boltai" picture to page 2.
Aaron Kaplan [Tue, 17 Dec 2013 08:47:10 +0000 (09:47 +0100)]
add Ulrich Poeschl to author list, thanks for the section on proxies
Aaron Kaplan [Tue, 17 Dec 2013 03:01:57 +0000 (04:01 +0100)]
okay, we have some text on PKis now
Aaron Kaplan [Tue, 17 Dec 2013 02:48:30 +0000 (03:48 +0100)]
typo
Aaron Kaplan [Tue, 17 Dec 2013 02:47:25 +0000 (03:47 +0100)]
no such thing as complete information assurance
Aaron Kaplan [Tue, 17 Dec 2013 02:46:26 +0000 (03:46 +0100)]
slight change of format / size in the how to read section
Aaron Kaplan [Tue, 17 Dec 2013 02:45:44 +0000 (03:45 +0100)]
epigraph is nice but IMHO does not fit here
Aaron Kaplan [Tue, 17 Dec 2013 02:38:50 +0000 (03:38 +0100)]
fixed formatting of the flow graph
Aaron Kaplan [Tue, 17 Dec 2013 02:02:39 +0000 (03:02 +0100)]
update reality in TODO.txt
Aaron Kaplan [Tue, 17 Dec 2013 02:01:32 +0000 (03:01 +0100)]
add items from our TODO.txt list to the further research section.
This way, readers can know what we are still missing and where they could help out with the documentation
Aaron Kaplan [Tue, 17 Dec 2013 01:11:45 +0000 (02:11 +0100)]
comment out empty section
Aaron Kaplan [Tue, 17 Dec 2013 01:09:41 +0000 (02:09 +0100)]
proof of my mail signature. No claim without proof or reference!
Aaron Zauner [Mon, 16 Dec 2013 23:42:18 +0000 (00:42 +0100)]
add comment on RSA keys to asa section
Aaron Zauner [Mon, 16 Dec 2013 23:41:15 +0000 (00:41 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 16 Dec 2013 23:41:11 +0000 (00:41 +0100)]
add references and suggestions as recommended by karsten iwen to the Cisco ASA section
cm [Mon, 16 Dec 2013 23:19:51 +0000 (00:19 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Mon, 16 Dec 2013 23:19:45 +0000 (00:19 +0100)]
usepackage{longtable} for cipher suite name table
Aaron Zauner [Mon, 16 Dec 2013 23:17:21 +0000 (00:17 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 16 Dec 2013 23:17:17 +0000 (00:17 +0100)]
more debug output for testing openssh
Aaron Zauner [Mon, 16 Dec 2013 23:10:54 +0000 (00:10 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 16 Dec 2013 23:10:50 +0000 (00:10 +0100)]
add postels law as quote to propaganda page :)
cm [Mon, 16 Dec 2013 23:10:07 +0000 (00:10 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Mon, 16 Dec 2013 23:07:55 +0000 (00:07 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Mon, 16 Dec 2013 23:07:22 +0000 (00:07 +0100)]
added cipher suite name appendix
Aaron Kaplan [Mon, 16 Dec 2013 23:03:54 +0000 (00:03 +0100)]
remove \newline
Aaron Kaplan [Mon, 16 Dec 2013 23:03:33 +0000 (00:03 +0100)]
how to read flow graph
Aaron Kaplan [Mon, 16 Dec 2013 23:02:41 +0000 (00:02 +0100)]
typos
Aaron Zauner [Mon, 16 Dec 2013 23:00:52 +0000 (00:00 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 16 Dec 2013 23:00:47 +0000 (00:00 +0100)]
added openssh version
Aaron Kaplan [Mon, 16 Dec 2013 23:00:40 +0000 (00:00 +0100)]
typo
Aaron Kaplan [Mon, 16 Dec 2013 22:59:57 +0000 (23:59 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 16 Dec 2013 22:56:37 +0000 (23:56 +0100)]
remove \newpage
Aaron Kaplan [Mon, 16 Dec 2013 22:56:18 +0000 (23:56 +0100)]
remove \newpages
Aaron Kaplan [Mon, 16 Dec 2013 22:55:47 +0000 (23:55 +0100)]
minor formatting. Dont need to escape % in listings
Aaron Zauner [Mon, 16 Dec 2013 22:53:01 +0000 (23:53 +0100)]
added WP links for malleability and CTS
Adi Kriegisch [Mon, 16 Dec 2013 22:52:34 +0000 (23:52 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Adi Kriegisch [Mon, 16 Dec 2013 22:52:19 +0000 (23:52 +0100)]
added section about authentication
Aaron Kaplan [Mon, 16 Dec 2013 22:52:05 +0000 (23:52 +0100)]
add flowchart
Aaron Kaplan [Mon, 16 Dec 2013 22:51:52 +0000 (23:51 +0100)]
add flow chart
Aaron Zauner [Mon, 16 Dec 2013 22:51:24 +0000 (23:51 +0100)]
added links on RNGs and TLS attacks
Adi Kriegisch [Mon, 16 Dec 2013 22:35:20 +0000 (23:35 +0100)]
fixed some wording in key exchange
Thomas Schreck [Mon, 16 Dec 2013 22:04:06 +0000 (23:04 +0100)]
url in ref
Thomas Schreck [Mon, 16 Dec 2013 21:58:42 +0000 (22:58 +0100)]
bug in PKI section
Thomas Schreck [Mon, 16 Dec 2013 21:45:37 +0000 (22:45 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Thomas Schreck [Mon, 16 Dec 2013 21:45:12 +0000 (22:45 +0100)]
some changes to PKI
cm [Mon, 16 Dec 2013 21:43:27 +0000 (22:43 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Mon, 16 Dec 2013 21:43:21 +0000 (22:43 +0100)]
put cite references to RFCs
Aaron Kaplan [Mon, 16 Dec 2013 21:43:08 +0000 (22:43 +0100)]
clean generated tex files
Aaron Kaplan [Mon, 16 Dec 2013 21:29:09 +0000 (22:29 +0100)]
add Thomas Schreck as co-author. Thanks for the great PKI section!
Aaron Kaplan [Mon, 16 Dec 2013 21:17:11 +0000 (22:17 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 16 Dec 2013 21:16:55 +0000 (22:16 +0100)]
fix structure. Add test in nginx
Thomas Schreck [Mon, 16 Dec 2013 21:14:28 +0000 (22:14 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Thomas Schreck [Mon, 16 Dec 2013 21:14:18 +0000 (22:14 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Conflicts:
src/PKIs.tex
Aaron Kaplan [Mon, 16 Dec 2013 21:11:25 +0000 (22:11 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 16 Dec 2013 21:11:15 +0000 (22:11 +0100)]
damn you perl
Adi Kriegisch [Mon, 16 Dec 2013 21:07:00 +0000 (22:07 +0100)]
todo removed (already done)
Adi Kriegisch [Mon, 16 Dec 2013 21:05:31 +0000 (22:05 +0100)]
fixed typo
Adi Kriegisch [Mon, 16 Dec 2013 21:02:46 +0000 (22:02 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Adi Kriegisch [Mon, 16 Dec 2013 21:02:36 +0000 (22:02 +0100)]
ssllibs done for the moment
Thomas Schreck [Mon, 16 Dec 2013 20:58:42 +0000 (21:58 +0100)]
new text
Aaron Kaplan [Mon, 16 Dec 2013 20:54:28 +0000 (21:54 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 16 Dec 2013 20:54:03 +0000 (21:54 +0100)]
Merge github.com:BetterCrypto/Applied-Crypto-Hardening
Conflicts:
src/practical_settings/DBs.tex
cm [Mon, 16 Dec 2013 20:50:27 +0000 (21:50 +0100)]
recommend IKE DH groups
Aaron Kaplan [Mon, 16 Dec 2013 20:48:49 +0000 (21:48 +0100)]
restructure into subsections - since we now use the report style
Aaron Kaplan [Mon, 16 Dec 2013 20:48:13 +0000 (21:48 +0100)]
include latest changes from Berg
Aaron Kaplan [Mon, 16 Dec 2013 20:45:36 +0000 (21:45 +0100)]
automatically generate the _template.tex files ... also in the Makefile
Aaron Kaplan [Mon, 16 Dec 2013 20:45:03 +0000 (21:45 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
git.bettercrypto.org / ach-master.git / log