ach-master.git
6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Wed, 12 Feb 2014 10:49:55 +0000 (11:49 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoadd some notes
Aaron Kaplan [Wed, 12 Feb 2014 10:49:45 +0000 (11:49 +0100)]
add some notes

6 years agoMerge pull request #53 from hansenerd/master
Aaron Zauner [Wed, 12 Feb 2014 08:26:03 +0000 (09:26 +0100)]
Merge pull request #53 from hansenerd/master

fix nginx Strict-Transport-Security example directive.

6 years agofix nginx Strict-Transport-Security example directive.
Christoph Gebhardt [Tue, 11 Feb 2014 23:02:28 +0000 (00:02 +0100)]
fix nginx Strict-Transport-Security example directive.

6 years agoAdded more details to the OpenVPN warnings.
Pepi Zawodsky [Tue, 11 Feb 2014 19:26:56 +0000 (20:26 +0100)]
Added more details to the OpenVPN warnings.

6 years agoAdded bug report by @bong0 for OpenVPN 2.3.2
Pepi Zawodsky [Tue, 11 Feb 2014 18:41:42 +0000 (19:41 +0100)]
Added bug report by @bong0 for OpenVPN 2.3.2

6 years agomore URLs converted to https
Viktor Szakats [Wed, 5 Feb 2014 20:04:30 +0000 (21:04 +0100)]
more URLs converted to https
removed duplicate link to http://checktls.com in command-line tool section
openssl.net -> openssl.org + https

6 years agoadded 'SSLStrictSNIVHostCheck off' to Apache SNI trick section
Adi Kriegisch [Mon, 3 Feb 2014 22:59:35 +0000 (23:59 +0100)]
added 'SSLStrictSNIVHostCheck off' to Apache SNI trick section

6 years agofix 'typo'
Adi Kriegisch [Mon, 3 Feb 2014 22:45:08 +0000 (23:45 +0100)]
fix 'typo'

6 years agoadded SNI trick to catch old browsers (apache)
Adi Kriegisch [Mon, 3 Feb 2014 22:36:48 +0000 (23:36 +0100)]
added SNI trick to catch old browsers (apache)

6 years agoadded SNI trick to catch old browsers (nginx)
Adi Kriegisch [Mon, 3 Feb 2014 21:30:20 +0000 (22:30 +0100)]
added SNI trick to catch old browsers (nginx)

6 years agoadded tinc as per push request on GitHub by VanNostrand - reformatted to our TeX...
Aaron Zauner [Mon, 3 Feb 2014 11:06:03 +0000 (12:06 +0100)]
added tinc as per push request on GitHub by VanNostrand - reformatted to our TeX layout, got rid of text that won\'t make sense in the paper (openssl stuff, already mentioned a lot in the paper)

6 years agoMerge pull request #48 from vszakats/use-more-https-urls
Aaron Zauner [Mon, 3 Feb 2014 10:36:27 +0000 (02:36 -0800)]
Merge pull request #48 from vszakats/use-more-https-urls

use https for all IETF URLs

6 years agoMerge pull request #49 from berq/master
Aaron Zauner [Mon, 3 Feb 2014 10:33:41 +0000 (02:33 -0800)]
Merge pull request #49 from berq/master

DBs.tex TODO

6 years agos/IMB/IBM/
berq [Thu, 30 Jan 2014 19:02:39 +0000 (20:02 +0100)]
s/IMB/IBM/

6 years agoDone the things in the todo.md
berq [Thu, 30 Jan 2014 18:58:37 +0000 (19:58 +0100)]
Done the things in the todo.md

6 years agouse https for all IETF URLs
Viktor Szakats [Thu, 30 Jan 2014 13:19:29 +0000 (14:19 +0100)]
use https for all IETF URLs

6 years agoAdded task for improving the wording of the mailing list site
Pepi Zawodsky [Wed, 29 Jan 2014 20:09:52 +0000 (21:09 +0100)]
Added task for improving the wording of the mailing list site

6 years agoexclude ICS systems
Aaron Kaplan [Mon, 27 Jan 2014 09:09:15 +0000 (10:09 +0100)]
exclude ICS systems

6 years agoTODO Bugfix: Apache should recommend redirect instead of rewrite.
Pepi Zawodsky [Tue, 21 Jan 2014 23:58:04 +0000 (00:58 +0100)]
TODO Bugfix: Apache should recommend redirect instead of rewrite.

6 years agorm -f is as good as if [ -f ... ] ; then rm ...
Aaron Kaplan [Tue, 21 Jan 2014 00:29:26 +0000 (01:29 +0100)]
rm -f is as good as if [ -f ... ] ; then rm ...

6 years agoMerge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master
Aaron Kaplan [Mon, 20 Jan 2014 23:26:54 +0000 (00:26 +0100)]
Merge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master

6 years agoRevert "Updated make clean to prevent incorrect failures"
Aaron Kaplan [Mon, 20 Jan 2014 23:23:52 +0000 (00:23 +0100)]
Revert "Updated make clean to prevent incorrect failures"

This reverts commit 4a5f09431ac311fd13a553e03cf534903467daee.

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 23:21:10 +0000 (00:21 +0100)]
notes

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 20 Jan 2014 22:21:23 +0000 (23:21 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 22:21:11 +0000 (23:21 +0100)]
notes

6 years agoUpdated make clean to prevent incorrect failures
Pepi Zawodsky [Mon, 20 Jan 2014 21:03:16 +0000 (22:03 +0100)]
Updated make clean to prevent incorrect failures

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 20:38:05 +0000 (21:38 +0100)]
notes

6 years agokeep notes
Aaron Kaplan [Mon, 20 Jan 2014 20:21:33 +0000 (21:21 +0100)]
keep notes

6 years agodon't forget things we said during the meeting. put it into TODO.md
Aaron Kaplan [Mon, 20 Jan 2014 19:25:29 +0000 (20:25 +0100)]
don't forget things we said during the meeting. put it into TODO.md

6 years agoadd feedback by Tobias pape
Aaron Kaplan [Mon, 20 Jan 2014 18:53:16 +0000 (19:53 +0100)]
add feedback by Tobias pape

6 years agoSpell checking (used aspell, and dict.cc and wikipedia for reference)
sebix [Mon, 20 Jan 2014 17:44:08 +0000 (18:44 +0100)]
Spell checking (used aspell, and dict.cc and wikipedia for reference)

6 years agowarning in SSH-section about connection problems (has also been requested on mailinglist)
sebix [Mon, 20 Jan 2014 17:41:57 +0000 (18:41 +0100)]
warning in SSH-section about connection problems (has also been requested on mailinglist)

6 years agoAdjusting listing box margin, was too for using texlive 2013, I had 2012
sebix [Sat, 18 Jan 2014 21:22:06 +0000 (22:22 +0100)]
Adjusting listing box margin, was too for using texlive 2013, I had 2012

6 years agoRevert paragraphDiamond
sebix [Fri, 17 Jan 2014 21:53:37 +0000 (22:53 +0100)]
Revert paragraphDiamond

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Fri, 17 Jan 2014 11:02:48 +0000 (12:02 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
and adjust the LaTeX code

Conflicts:
src/practical_settings/mailserver.tex
src/practical_settings/vpn.tex

6 years agoMerge pull request #46 from oglueck/master
Aaron Zauner [Fri, 17 Jan 2014 10:09:05 +0000 (02:09 -0800)]
Merge pull request #46 from oglueck/master

add Openswan

6 years agoadd Openswan
Ortwin Glück [Thu, 16 Jan 2014 16:16:09 +0000 (17:16 +0100)]
add Openswan

6 years agopostfix: docs are wrong, loglevel must be >= 1
cm [Thu, 16 Jan 2014 14:09:57 +0000 (15:09 +0100)]
postfix: docs are wrong, loglevel must be >= 1

6 years agoAdd information on ECDH-params for lighttpd
sebix [Sat, 11 Jan 2014 21:43:03 +0000 (22:43 +0100)]
Add information on ECDH-params for lighttpd

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 21:41:58 +0000 (22:41 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

6 years agominor change
Aaron Kaplan [Sat, 11 Jan 2014 21:11:44 +0000 (22:11 +0100)]
minor change

6 years agorename TODO.txt to TODO.md so that it is easier to read on github
Aaron Kaplan [Sat, 11 Jan 2014 21:10:33 +0000 (22:10 +0100)]
rename TODO.txt to TODO.md so that it is easier to read on github

6 years agoCorrect merge Error: nginx: "as long as they are > 1024 bits"
sebix [Sat, 11 Jan 2014 21:03:56 +0000 (22:03 +0100)]
Correct merge Error: nginx: "as long as they are > 1024 bits"

6 years agoMerge remote-tracking branch 'upstream/master'
sebix [Sat, 11 Jan 2014 20:24:55 +0000 (21:24 +0100)]
Merge remote-tracking branch 'upstream/master'

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sat, 11 Jan 2014 19:03:57 +0000 (20:03 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonote about feedback: explain compression
Aaron Kaplan [Sat, 11 Jan 2014 19:03:35 +0000 (20:03 +0100)]
note about feedback: explain compression

6 years agolast small typographical corrections
sebix [Sat, 11 Jan 2014 18:07:07 +0000 (19:07 +0100)]
last small typographical corrections
paragraphs and empty lines

6 years agoPKI Self-Signing: add a command to create a cert and self-sign it
sebix [Sat, 11 Jan 2014 17:48:27 +0000 (18:48 +0100)]
PKI Self-Signing: add a command to create a cert and self-sign it

6 years agouse the order Tested > Settings > References everywhere, corrected
sebix [Sat, 11 Jan 2014 17:36:01 +0000 (18:36 +0100)]
use the order Tested > Settings > References everywhere, corrected
some typographic issues with paragraphDiamond and paragraph

6 years agoUse compact lists of mdwlist, save space
sebix [Sat, 11 Jan 2014 17:20:45 +0000 (18:20 +0100)]
Use compact lists of mdwlist, save space

6 years agoRemove Heading (scrheadings), Aaron's wish
sebix [Sat, 11 Jan 2014 17:09:40 +0000 (18:09 +0100)]
Remove Heading (scrheadings), Aaron's wish

6 years agoMakefile: "make once" runs pdflatex once; .txt only removed if
sebix [Sat, 11 Jan 2014 17:00:24 +0000 (18:00 +0100)]
Makefile: "make once" runs pdflatex once; .txt only removed if
existing (make otherwise throws an error)

6 years agoLaTeX-Code cleanup, syntax uniformed and correct typography, new
sebix [Sat, 11 Jan 2014 16:57:13 +0000 (17:57 +0100)]
LaTeX-Code cleanup, syntax uniformed and correct typography, new
command: \paragraphDiamond{heading}
it makes a paragraph and afterwards displays a \diamond, should be
used when you need something below \subsubsection. It is more
space-saving than \paragraph{heading}\mbox{}\\

6 years agoUse UTF-8 for umlauts, copying them out of the PDF does now work,
sebix [Sat, 11 Jan 2014 14:05:35 +0000 (15:05 +0100)]
Use UTF-8 for umlauts, copying them out of the PDF does now work,
corrected some HTML-Umlauts

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 13:54:28 +0000 (14:54 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

Conflicts:
src/acknowledgements.tex
src/applied-crypto-hardening.tex
src/cipherStringB.txt
src/disclaimer.tex
src/perlify.pl
src/practical_settings.tex
src/practical_settings/DBs.tex
src/practical_settings/GPG.tex
src/practical_settings/im.tex
src/practical_settings/mailserver.tex
src/practical_settings/ssh.tex
src/practical_settings/vpn.tex
src/practical_settings/webserver.tex
src/reviewers.tex

6 years agoAdded very experimental TXT export
Pepi Zawodsky [Fri, 10 Jan 2014 18:39:17 +0000 (19:39 +0100)]
Added very experimental TXT export

6 years agoAdded a tools to check for mixed SSL on your website
Pepi Zawodsky [Fri, 10 Jan 2014 18:38:11 +0000 (19:38 +0100)]
Added a tools to check for mixed SSL on your website

6 years agocorrection for F.Mendel's association: it is A-Sit and IAIK.
Aaron Kaplan [Thu, 9 Jan 2014 14:51:36 +0000 (15:51 +0100)]
correction for F.Mendel's association: it is A-Sit and IAIK.

6 years agoMerge pull request #44 from mathisdt/master
Aaron Zauner [Wed, 8 Jan 2014 20:01:12 +0000 (12:01 -0800)]
Merge pull request #44 from mathisdt/master

added tested versions and harmonized references to Debian Versions

6 years agoadded tested versions and harmonized references to Debian Versions (Wheezy makes...
Mathis Dirksen-Thedens [Wed, 8 Jan 2014 18:32:14 +0000 (19:32 +0100)]
added tested versions and harmonized references to Debian Versions (Wheezy makes more sense than 7.0 or 7.3)

6 years agothe last _ fix did not fix it. Add a \url and escape #
Aaron Kaplan [Tue, 7 Jan 2014 23:15:18 +0000 (00:15 +0100)]
the last _ fix did not fix it. Add a \url and escape #

6 years agofixed underscore in url
Adi Kriegisch [Tue, 7 Jan 2014 22:11:16 +0000 (23:11 +0100)]
fixed underscore in url

6 years agoadded todo to lighttpd (ec curve selection and dh parameters file)
Adi Kriegisch [Tue, 7 Jan 2014 22:08:04 +0000 (23:08 +0100)]
added todo to lighttpd (ec curve selection and dh parameters file)

6 years agoDBs.tex still had a hardcoded cipherstring B text and no @@@CIPHERSTRINGB@@@ macro!
Aaron Kaplan [Tue, 7 Jan 2014 22:05:18 +0000 (23:05 +0100)]
DBs.tex still had a hardcoded cipherstring B text and no @@@CIPHERSTRINGB@@@ macro!
This was wrong. If we decide to use cipherstring B everywhere, then we need to also do it here.

6 years agoRNGs.tex already had moved to src/theory/ . Remove outdated version in src/
Aaron Kaplan [Tue, 7 Jan 2014 21:57:27 +0000 (22:57 +0100)]
RNGs.tex already had moved to src/theory/ . Remove outdated version in src/

6 years agoremember topics we said in the meeting
Aaron Kaplan [Tue, 7 Jan 2014 21:36:08 +0000 (22:36 +0100)]
remember topics we said in the meeting

6 years agofix intendation in openssh section
Aaron Zauner [Tue, 7 Jan 2014 20:36:18 +0000 (21:36 +0100)]
fix intendation in openssh section

6 years agoadd openssh section for debian wheezy/openssh6.0
Aaron Zauner [Tue, 7 Jan 2014 20:18:37 +0000 (21:18 +0100)]
add openssh section for debian wheezy/openssh6.0

6 years agoMerge pull request #43 from ax3l/fix-openSSH64kex
Aaron Zauner [Tue, 7 Jan 2014 19:50:56 +0000 (11:50 -0800)]
Merge pull request #43 from ax3l/fix-openSSH64kex

Remove curve25519-sha256@libssh.org for now

6 years agoRemove curve25519-sha256@libssh.org for now
Axel Huebl [Tue, 7 Jan 2014 19:41:26 +0000 (20:41 +0100)]
Remove curve25519-sha256@libssh.org for now

It did not make it in the last OpenSSH release,
we will re-add it with the next release, together with
chacha20-poly1305@openssh.com, ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com and others.

6 years agoMerge pull request #39 from fxkr/openssh-permitrootlogin-without-password
Aaron Zauner [Tue, 7 Jan 2014 19:27:40 +0000 (11:27 -0800)]
Merge pull request #39 from fxkr/openssh-permitrootlogin-without-password

openssh: PermitRootLogin: no -> without-password

6 years agoLaTeX comment on how to remove the draft watermark
Aaron Kaplan [Tue, 7 Jan 2014 19:03:27 +0000 (20:03 +0100)]
LaTeX comment on how to remove the draft watermark

6 years agoupdated/fixed keylength recommendations based on Ecrypt Paper
Adi Kriegisch [Tue, 7 Jan 2014 19:00:06 +0000 (20:00 +0100)]
updated/fixed keylength recommendations based on Ecrypt Paper

6 years agoadd IACR cryptoDB BibTeX entries for ALL THE PUBLICATIONS!
Aaron Zauner [Tue, 7 Jan 2014 18:57:38 +0000 (19:57 +0100)]
add IACR cryptoDB BibTeX entries for ALL THE PUBLICATIONS!

6 years agoforgot to commit a comment in TODO.txt
Aaron Kaplan [Tue, 7 Jan 2014 18:55:02 +0000 (19:55 +0100)]
forgot to commit a comment in TODO.txt

6 years agoMerge branch 'krono/draft-enhanchement' of https://github.com/krono/Applied-Crypto...
Aaron Kaplan [Tue, 7 Jan 2014 18:54:46 +0000 (19:54 +0100)]
Merge branch 'krono/draft-enhanchement' of https://github.com/krono/Applied-Crypto-Hardening

6 years agoRe-enable SRP.
Aaron Kaplan [Tue, 7 Jan 2014 18:45:39 +0000 (19:45 +0100)]
Re-enable SRP.

Reasoning:

1) feedback on the mailing lists requested removal of "!SRP".
2) first of all, sysadmins need to configure SRP manually anyway.
This means, disabling SRP in our cipher string will just lock it out anyway but not specifiying SRP will not disable it for an already configured SRP system
3) SRP seems to be a good protocol

Relevant mailing list posts:
http://lists.cert.at/pipermail/ach/2013-December/thread.html#616

6 years agoadd howmyssl.com
Aaron Zauner [Tue, 7 Jan 2014 18:35:37 +0000 (19:35 +0100)]
add howmyssl.com

6 years agorename
Aaron Kaplan [Tue, 7 Jan 2014 17:21:21 +0000 (18:21 +0100)]
rename

6 years agocollect more feedback
Aaron Kaplan [Tue, 7 Jan 2014 17:05:36 +0000 (18:05 +0100)]
collect more feedback

6 years agoupdate feedback list
Aaron Kaplan [Tue, 7 Jan 2014 16:28:42 +0000 (17:28 +0100)]
update feedback list

6 years agofeedback on 2k RSA keys
Aaron Kaplan [Tue, 7 Jan 2014 16:27:38 +0000 (17:27 +0100)]
feedback on 2k RSA keys

6 years agoproperly reference the debian howto on PGP settings
Aaron Kaplan [Tue, 7 Jan 2014 15:26:14 +0000 (16:26 +0100)]
properly reference the debian howto on PGP settings

6 years agotry to find the most important points
Aaron Kaplan [Tue, 7 Jan 2014 15:00:59 +0000 (16:00 +0100)]
try to find the most important points

6 years agolist feedback items which must be reviewed
Aaron Kaplan [Tue, 7 Jan 2014 14:46:43 +0000 (15:46 +0100)]
list feedback items which must be reviewed

6 years agoplace to collect feedback
Aaron Kaplan [Tue, 7 Jan 2014 14:40:12 +0000 (15:40 +0100)]
place to collect feedback

6 years agoRe-enable draft
Tobias Pape [Tue, 7 Jan 2014 14:28:23 +0000 (15:28 +0100)]
Re-enable draft

6 years agoRevert "Revert "Merge pull request #36 from krono/krono/draft-enhanchement""
Tobias Pape [Tue, 7 Jan 2014 14:21:56 +0000 (15:21 +0100)]
Revert "Revert "Merge pull request #36 from krono/krono/draft-enhanchement""

This reverts commit be7a9f46ca468be59644fc770ed01015f4c2042c.

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Tue, 7 Jan 2014 12:28:24 +0000 (13:28 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

merge of a conflict. @Azet: please always - when pulling in change requests from github.com - also sync these against the main repo.
(git push origin master)

Thanks :)

Conflicts:
src/practical_settings/ssh.tex

6 years agoopenssh: PermitRootLogin: without-password comment
Felix Kaiser [Mon, 6 Jan 2014 14:50:03 +0000 (15:50 +0100)]
openssh: PermitRootLogin: without-password comment

It's useful, but we still default to the more secure "no".

6 years agoMerge pull request #38 from fxkr/readme--reviewers.tex-was-renamed
Aaron Zauner [Mon, 6 Jan 2014 15:32:09 +0000 (07:32 -0800)]
Merge pull request #38 from fxkr/readme--reviewers.tex-was-renamed

readme/faq: reviewers.tex -> acknowledgements.tex

6 years agoreadme/faq: reviewers.tex -> acknowledgements.tex
Felix Kaiser [Mon, 6 Jan 2014 14:45:30 +0000 (15:45 +0100)]
readme/faq: reviewers.tex -> acknowledgements.tex

6 years agono OpenSSH upstream support of DJB curves as of today
Aaron Zauner [Sun, 5 Jan 2014 22:18:55 +0000 (23:18 +0100)]
no OpenSSH upstream support of DJB curves as of today

6 years agoMerge pull request #32 from ax3l/ssh-moreEtmMacs
Aaron Zauner [Sun, 5 Jan 2014 20:28:45 +0000 (12:28 -0800)]
Merge pull request #32 from ax3l/ssh-moreEtmMacs

SSHd: add ETM MACs for SHA2

6 years agoOnly advertise OpenSSH 6.4
Axel Huebl [Sun, 5 Jan 2014 20:16:25 +0000 (21:16 +0100)]
Only advertise OpenSSH 6.4

GCM, UMAC and ETM added in 6.2, but due to a memory corruption vulnerability
in 6.2 and 6.3 by an insecure GCM implementation
  http://www.openssh.com/txt/gcmrekey.adv
we only recommend OpenSSH 6.4+
  http://www.openssh.com/txt/release-6.4

6 years agoETM for SSH2 was introduced in OpenSSH 6.2
Axel Huebl [Sun, 5 Jan 2014 20:01:30 +0000 (21:01 +0100)]
ETM for SSH2 was introduced in OpenSSH 6.2

I tested the settings for OpenSSH 6.4.
Release log for OpenSSH 6.2: http://www.openssh.com/txt/release-6.2

6 years agoRemove aes-192 for now
Axel Huebl [Sun, 5 Jan 2014 19:42:54 +0000 (20:42 +0100)]
Remove aes-192 for now

6 years agoMerge pull request #37 from Intichar/master
Aaron Zauner [Sun, 5 Jan 2014 19:33:14 +0000 (11:33 -0800)]
Merge pull request #37 from Intichar/master

Minor changes in IOS section

6 years agoRemove AllowUsers
Axel Huebl [Sun, 5 Jan 2014 10:53:48 +0000 (11:53 +0100)]
Remove AllowUsers

Too specific. Thanks to @azet for the feedback!