/tech/ - Technology★

Source: https://crocs.fi.muni.cz/public/papers/rsa_ccs17

Stallman was right. Whether it is sofware or hardware, any form of proprietary is built with cancer.

>Check Your Pubkey Now!

All my pubkeys are Ed25519. Eat shit you legacy-fetishizing faggot

>current year

>still using rsa

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

>>806530

Anon... I

Don't think you should use eleptic curve based algorithms because the not secret agency backdoored their implementations long ago. Try again.

Shor's algorithm already obsoletes RSA anyway.

guys post private keys!

>>806601

>safecurves

>safe

Sounds legit.

>>806484 (OP)

>rsa is alphabet soup shitware

Gee it's not like this has been known since Sn*wden or even earlier

>>806601

>made by a (((american college)))

Totally legit. Nope. No n-s-yayyy-kun here at all.

>>806629

>>806649

You retarded don't even know who is this fucking Daniel J. Bernstein? And you have no idea of his research, do you? Okay if you know nothing about crypto and think DJB is a kike sockpuppet manipulating cryptography, I have nothing to say, keep using the potentially backdoored (((NIST elliptic curves))).

Or if you do have some clues, do some reading and start using DJB's Curve25519.

>Security dangers of the NIST curves, Daniel J. Bernstein et al.

>https://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf

>>806629

>safecurves, safe, sounds legit.

The author of the research actually went much further than you.

Read a paper.

>How to manipulate curve standards: a white paper for the black hat, Daniel J. Bernstein et al.

>https://bada55.cr.yp.to/bada55-20150927.pdf

>>806658

Mind uploading the papers straight to /tech/ so we don't have to click on your links?

>>806543

>he doesn't know about curve 25519

>>806670

T.cianigger A.I who autogenerates URL's and websites on the fly using (((let's encrap))) and digicert domain certificates

Fuck off.

>>806667

Thanks for uploading them.

>>806673

Where should one get their ssl certificate? I'd just self sign but that makes you very vulnerable to mitm attacks.

>>806684

Use GNUnet+IPFS+tor. Tor gets you a backbone to spread encrypted information looking like https traffic via obfs4 so ISP's can't block you as easily. GNUnet gets you semi-shitty web servers you can access over a webbrowser which means video streaming and pictures/text viewing without DNS servers. IPFS gets you a file sharing service that can't be destroyed easily. GNUnet supports encryption as does tor. But IPFS doesn't so the only layer protecting information is TOR for it.

What someone needs to do is make a *nix or *bsd distro with all of this in one package together. Along with libreSSL as the openssl implementation and icecat or palemoon as the webbrowser. Then make it stupid proof for normies. With a server edition for power users and server operators.

If you use the current SSL cert + DNS infrastructure you are fucked long term if kikes don't like you. Along with traffic blocking if you used one of the above alone. But together you get a interesting blocker to snooping on traffic or blocking it. It's still possible, but the entry to snooping is much much fucking higher.

>>806686

Yeah, I meant as someone hosting a website on the clearnet.

>>806673

>T.cianigger A.I who autogenerates URL's and websites on the fly using (((let's encrap))) and digicert domain certificates

inb4 I get called a cianigger/agent fud/whatever, but holy shit people are this autistic? I mean, I use Gentoo and ungoogled my life etc. but still, this sounds like pure autism. Do you go outside?

>>806696

You didn't answer my question at all. Also, what exactly is wrong with let's encrypt?

>>806699

He meant the censorship.

Anyway, censorship is more or less an issue. WWW in current year can be pretty secure, but still not very resistance to censorship if major infrastructure providers decided to kick you out, like your web hosting and domain registrar. (((CA))) can abuse and revoke your legitimate certificate to render your website useless though never heard that ever happened. DNSSEC can also be potentially abused to DoS a ton of domain names. But the information transferred on the wire is protected by TLS and secure if used correctly... Don't even talk about the Great Cloudwall controlling 30% percent of the traffic on the Internet, oops, 8ch.net uses CloudFlare.

All the PoVs above are valid and important, but >>806700 here is pretty absurd.

>Don't use digicert certificates because they are compromised

It's pointless. The whole CA system is broken, any well-known authorities can issue any certificates to any websites, no matter what you use. So why bother choosing, if the security is the same anyway? Just pick a low hanging fruit is enough. Further attempts are worthless.

If some feds decided to go after you and your users, they need to forge a valid certificate (cooperate with or compromise any one of the authorities from the default trusted list) and intercepts all the traffic towards your server, which is not easy to implement and leave evidence to the whole Internet, and can be partially defeated by Public Key Pinning. And if that is still not enough for you, what is the point to host your website for the general public on WWW anyway? This is what the level of security WWW can provide as for now, don't give overrated credit and then start shitposting about Let's Encrypt. If you just host something for your and your circlejerks, certificate whitelisting + /etc/hosts, or things like Tor/GNUNet/IPFS work exceptionally well. In the end, a certificate is required to make a public website on WWW more secure, regardless of which certificate you use.

>>806670

>preferring arbitrary pdf files uploaded by anonymous users instead of static files served over HTTPS from a well known domain

This. If you know Internet cryptography you should know there's a personal website called

cr.py.to

>>806686

>Tor gets you a backbone

Something the mentally ill inbreeds in this thread sorely lack.

>replying to the epic (((t. cianigger))) (((n-s-yayyy-kun))) larper

sage

>>806684

>I'd just self sign but that makes you very vulnerable to mitm attacks.

It only makes you vulnerable if you mindlessly ignore the browser warnings and accept everything. If your users have the means to properly check and verify the certificate fingerprint, then self-singed is perfectly ok.

It also have an advantage because unless you have your own IP space, you can only make self-signed certificates for IP addresses.

>>806699

Nothing is wrong with Let's Encrypt. They are the only CA which you don't have to worry about being compromised and being able to decrypt all of your traffic (because your private keys don't get transferred to them).

>>806700

>Don't use digicert certificates because they are compromised by pic related.

compromised by pic related? How? What exactly is "wrong" with your pic?