-
The lakers-python package suffered some regressions (or unnoticed API changes) between 8e926b0fe331575f86087219eabac180460bc62b (good) and aa6eca5ababcc7ac64d67874c08f905e63953b29 (bad). Commits inbet…
-
Right now the library only supports Cipher Suite 2: AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256.
We should support more cipher suites, and also enable negotiation of cip…
-
There are many cases in which crypto agility is desirable, including PQC and certain kinds regulated usages. Supporting it would be very powerful, but also complicated. In this issue, we'll work towar…
-
As the Quantum Cryptography train moves at a faster pace, I think it prudent we rethink https://github.com/OWASP/ASVS/blob/master/5.0/en/0x14-V6-Cryptography.md to include Post Quantum Cryptography, t…
-
this is not urgent, but Securing Mechanisms section could be organized clearer I think. some thoughts:
- I think sd-bls uses data integrity, so should be moved to embedded
- would really encourage…
-
It would be good (and best practice) to explicitly encode the signing algorithm into the payload to be signed. See JOSE or COSE
I also suggest to spell out , in your description of BendyButt, the s…
-
Currently, Section 8.1 only considers support for the SHA-256 hash. algorithm:
"If algorithm of fpr is equal to "sha-256", and value of fpr is equal to ref_fpr, the certificate is valid. Return t…
aboba updated
7 months ago
-
Currently crypto_credential_agility says:
The project MUST support storing authentication credentials
(such as passwords and dynamic tokens) and private cryptographic
…
-
What algorithms for key exchange, encryption (and signing) do we use? How is crypto agility achieved?
-
There's a new collision attack that appears to be devastating to 3DES and Blowfish. See: https://threatpost.com/new-collision-attacks-against-3des-blowfish-allow-for-cookie-decryption/120087/
Our cu…