Mario – Welcome to my world

Reasons for TR-03116-4 for ciphers and curves from Bundesamts für Sicherheit in der Informationstechnik (BSI)

Posted on 19.02.2025 by mario

What is the reason that the BSI does not allow Chacha20 / Poly 1305?

The BSI does not allow ChaCha20/Poly1305 in its technical guidelines such as TR-03116-4 because it is primarily based on the NSA’s Suites-B specification and established European or German standards. There are several reasons the Focus is on AES-GCM and CNSA Suites.

1. The BSI relies on AES (Advanced Encryption Standard), especially in AES-GCM (Galois/Counter Mode), because this algorithm is recommended by both the NSA and European standardization bodies such as ENISA and ISO/IEC. AES is highly optimized for modern hardware (e.g. AES-NI in x86 processors), which makes it efficient and secure to implement.

2. FIPS and Common Criteria certification. The BSI prefers algorithms that are certified according to FIPS 140-2/3 or Common Criteria (CC). ChaCha20/Poly1305 is less widely used in these circles than AES, especially for government applications.

3. AES has dedicated hardware acceleration (e.g. AES-NI on Intel/AMD or ARMv8-A Cryptography Extensions), while ChaCha20 was primarily intended for software-side implementations on CPUs without AES hardware. In modern environments, AES-GCM with hardware acceleration is usually faster than ChaCha20.

4. Assessment of security properties. Although ChaCha20 is considered secure, there is less formal security analysis and certification than for AES.
Poly1305 is an efficient MAC (Message Authentication Code), but the BSI prefers GCM because it is already closely coupled with AES.

5. Interoperability and long-term strategy. Government IT infrastructures rely on long-term support. AES has a clearly defined future (e.g. through the CNSA Suite 2.0), while ChaCha20 is not treated equally in official European crypto standards. Future migrations to post-quantum cryptography (PQC) are likely to build on AES-based hybrid approaches.

But why is there an algorithm with CBC? As far as I know, CBC is vulnerable to attacks.

Yes, you are right: CBC (Cipher Block Chaining) has known weaknesses, especially padding oracle attacks, which is why many security guidelines (e.g. TLS 1.3) have abolished it. The BSI continues to list AES-CBC in TR-03116-4 for the following reasons:

Backward compatibility with existing systems. Many older or security-critical systems (e.g. in administration or industry) are based on AES-CBC because it was the standard for a long time. A complete switch to AES-GCM is difficult in some environments because not all systems support GCM (e.g. smart cards or older hardware). AES-CBC is still widely used in IPsec, S/MIME, OpenPGP and other protocols. In some scenarios, CBC can be used safely if additional protection mechanisms are in place (e.g. Encrypt-then-MAC (EtM) instead of MAC-then-Encrypt).
In TLS 1.3, CBC was removed because padding oracle attacks were particularly critical there.
In other applications, especially for offline encryption or fixed protocols, CBC can remain secure under certain conditions.
If the BSI allows AES-CBC, then only with HMAC protection (Encrypt-then-MAC) or in precisely defined areas of use. Usually there are strict guidelines for IV handling and padding checking to prevent attacks.

What is the reason for specifying the brainpoolP256r1 curve?

The BSI’s specification of the brainpoolP256r1 curve (also known as brainpoolP256r1, more precisely brainpoolP256t1 or brainpoolP256r1) has several security and strategic reasons. Here are the most important: Alternative to NIST curves (e.g. secp256r1 / P-256) The NIST curves (e.g. secp256r1, also known as P-256) are widely used, but there has been distrust of the origin of the parameters for years. It is speculated that the choice of parameters for the NIST curves was influenced by the NSA, so that backdoors could possibly exist. Brainpool curves, on the other hand, were developed independently (by the ECC Brainpool group led by German cryptographers). Brainpool curves were designed specifically for European security standards and are preferred by the BSI in German government projects. They are specified in various BSI guidelines, e.g. TR-03111 (Cryptographic specifications for eID applications).
For NIST curves, the parameters are published, but their derivation is unclear. The parameters of the Brainpool curves were generated using an open, traceable process.
Brainpool curves are specified in many European protocols, including eIDAS (electronic identities and signatures in the EU), German smart cards, TR-03110 (security of electronic identities). Brainpool curves were chosen to make certain timing and side-channel attacks more difficult, especially in hardware-based implementations. Their structure is intended to prevent implementation errors from leading to vulnerabilities.

Regex Robocopy Logfile Filter

Posted on 19.02.202519.02.2025 by mario

Robocopy Log Dateien filter with Regex in Notepad++

REM Zeilen, die FEHLER enthalten
REM ^(.*)FEHLER
REM
REM Zeilen mit neuen Dateien
REM ^(.*)EXTRA Datei(.*)$
REM
REM Zeilen mit neuen Verzeichnissen
REM ^(.*)ZUS\. Verz(.*)$
REM
REM Doppelte Zeilen
REM ^(.*?)$\s+?^(?=.*^\1$)
REM
REM Leere Zeilen
REM ^\s*$

TR-03116-4 Apache config from Bundesamts für Sicherheit in der Informationstechnik (BSI)

Posted on 18.02.202519.02.2025 by mario

I wonder why the Germany’s BSI, the Federal Office for Information Security requires The brainpool P256r1 curve. Also the must-have ECDHE-ECDSA-AES128-SHA256 aka TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 required by the BSI is a weak cipher. ALso They don’t allow Chacha 2.0 aka POLY 1305 ciphers

Here it comes.

SSLEngine On
SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
# The must have ECDHE-ECDSA-AES128-SHA256 aka TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 required by the BSI is a weak cipher
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384

SSLCertificateFile /etc/letsencrypt/live/tr-03116-4.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tr-03116-4.example.com/privkey.pem
SSLOpenSSLConfCmd ECDHParameters secp521r1
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:brainpoolP256r1
SSLOpenSSLConfCmd SignatureAlgorithms "ECDSA+SHA512:ECDSA+SHA384:ECDSA+SHA256:RSA+SHA512:RSA+SHA384:RSA+SHA256:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:rsa_pss_rsae_sha256"

In order to test compliance, tls-check.de may be used. In the test results, look at “TLS Parameters and Algorithms (TLS 1.2)” in the “Supported Signature Algorithms” sections.

Windows remote rename (AD) computers

Posted on 14.02.202513.02.2025 by mario

# oldname, newname
$Computers = import-csv .\Rename.csv
$adminUser = Get-Credential
# "PREFIX- +" "+ $SerNum"
$Computers = Import-Csv ServerNames.csv -Header OldName, NewName
Foreach ( $Computer in $Computers ) 
{
	Rename-Computer -ComputerName $Computer.OldName -NewName $Computer.NewName -DomainCredential $adminUser -Force -PassThru
}

Windows Update Error 0x80073712

Posted on 04.02.202504.02.2025 by mario

Run the DISM tool

tap Search.
Enter command prompt in the search box.
In the list of results, swipe down on or right-click Command Prompt, and then tap or click Run as administrator.
In the Administrator: Command Prompt window, type the following commands. Press the Enter key after each command:

DISM.exe /Online /Cleanup-image /Scanhealth
DISM.exe /Online /Cleanup-image /Restorehealth

To close the Administrator: Command prompt window, type Exit, and then press Enter.
Run Windows Update again.

Ceph Cruch Map

Posted on 23.01.202507.01.2025 by mario

crunch map

ceph osd crush add-bucket left rack
ceph osd crush add-bucket right rack

ceph osd crush move left root=default
ceph osd crush move right root=default

ceph osd crush move node-1 rack=right
ceph osd crush move node-2 rack=right
ceph osd crush move node-3 rack=right

ceph osd crush move node-4 rack=left
ceph osd crush move node-5 rack=left
ceph osd crush move node-6 rack=left

ceph osd tree

revert changes to default

ceph osd crush move node-1 root=default
ceph osd crush move node-2 root=default
ceph osd crush move node-3 root=default
ceph osd crush move node-4 root=default
ceph osd crush move node-5 root=default
ceph osd crush move node-6 root=default

Git Reset Last Commit

Posted on 23.01.202507.01.2025 by mario

nobody pulled yet

git reset --hard <commit-hash-one-before-the-bad-commit>
git push --force

someone already pulled

git revert <bad-commit-hash>
git push

Git on Windows chmod +x

Posted on 15.01.202507.01.2025 by mario

git update-index --chmod=+x script.sh

Add an alias to git config

git config --global alias.chmod "update-index --chmod"

List All Crontabs

Posted on 12.01.202507.01.2025 by mario

getent passwd | awk -F: '{ print $1 }' | sudo xargs -n1 crontab -l -u | grep -v '^#' | grep -v '^no crontab for'

Journalctl Tricks

Posted on 08.01.202508.01.2025 by mario

journalctl command

vacuum / clean

journalctl --disk-usage
journalctl --vacuum-size=1G

--vacuum-size=BYTES   Reduce disk usage below specified size
--vacuum-files=INT    Leave only the specified number of journal files
--vacuum-time=TIME    Remove journal files older than specified time

read old journal

journcalctl --file /var/log/.../dsdsdsdsdsdsdsds.journal~

goto end of log

sudo journalctl -e

journalctl -e -u certbot.service
journalctl -xeu redis-server.service

list old boots

journalctl --list-boots

Alle Meldungen mit Kennzeichnung error, critical, alert oder emergency anzeigen

journalctl -p err -b

kernel messages only

journalctl -k -e

systemctl list-unit-files

systemctl --failed
# or
systemctl list-units --state=failed

journalctl -xb