Posts Tagged crypt

Finding the right ciphers with 256 bit alias crypto wars part nine

Finding a good cipher for your web server is not an easy task. openssl ciphers -v ALL:COMPLEMENTOFALL lists all the available ciphers on your system.
What we don’t want

  • SSLv3 that is no longer secure.
  • 128 bit encryption is too weak
  • no encrytion cipther ;)
  • DSS cipher for key auth
  • DHE-RSA-AES256-SHA is no longer secure
  • TLSv1 no longer secure
  • PSK ( pre shared key) cipher
  • CAMELLIA
  • CBC cipher because of the BEAST attack
  • RSA because of FREAK and SMACK and ROBOT
  • Au=None
  • AESCCM it is also a Cipher Block Chaining (CBC)

That gives us:

openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "SSLv3" | grep -v "(128)" | grep -v "Enc=None" | \
 grep -v "Au=DSS" | grep -v "DHE-RSA-AES256-SHA" | grep -v "TLSv1 " | grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | \
 grep -v "CAMELLIA" | grep -v "CBC" | grep -v "Au=RSA" | grep -v "Au=None" | grep -v "Enc=AESCCM"

now choose your poison.

Tags: , , , , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part five A+ at SSL Test

At Qualys SLL Test labs tests I never had 100% for Key Exchange. Even adding a 4096 Diffie Hellman key did not do the trick.

Now I found adding

SSLOpenSSLConfCmd ECDHParameters secp384r1

to the config from Part 4 does the trick!

Now I can have all your bars on Qualys SSL Test at 100% without having an insane config no client can connect to.

Tags: , , , , , , ,

PHP crypt command line

crypt

#!/usr/bin/php
< ?php
require "crypt.php";

$type = $argv['1'];
$string = $argv['2'];
$key = $argv['3'];
if($type !='' &&  $string != '' && $key != ''){
        if($type=="e"){
                echo encrypt($string,$key);
                echo "\n";
        }
        elseif($type=="d")
        {
                echo decrypt($string,$key);
                echo "\n";
        }
        else
        {
                die('WRONG TYPE');
        }
}
else
{
        echo 'crypt TYPE STRING KEY';
        echo "\n\n";
        echo "TYPE:\n";
        echo "e encrypt\n";
        echo "d decrypt\n";
        echo "\n\n";
        echo "STRING Your string\n";
        echo "KEY Crypt key\n\n";
}
?>

crypt.php

< ?php
/**
 * encrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $retrun
 */
function encrypt($string, $key){

        $result = '';
        $lentgh = strlen($string);
        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) + ord($keychar));
                $result .= $char;
        }

        return base64_encode($result);
}

/**
 * decrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $return
 */
function decrypt($string, $key){

        $result = '';
        $string = base64_decode($string);
        $lentgh = strlen($string);

        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) - ord($keychar));
                $result .= $char;
        }

        return $result;
}
?>

Tags: , , , , ,

Archives by Subject:

Archives by Month: