Open timkuijsten opened 9 years ago
After some research it shows that NaCl might be the right choice [1,2,3,4]. This allows for direct encryption and authentication of both sides, using some simple, modern and fast ciphers.
By not choosing TLS we can avoid using OpenSSL, X.509 and ASN.1 code (which is a lot of code)[5] and require users to only generate one long standing Ed25519 key. These keys are faster and because of the limited size more portable than RSA keys. Furthermore this design choice shortcuts the whole CA system and all trouble and trust that comes with it.
Protocol synopsis:
This simple protocol is forward secure [6] and protects against replay attacks
[1] https://github.com/jedisct1/libsodium.js/issues/21 [2] http://cr.yp.to/highspeed/coolnacl-20120725.pdf [3] http://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf [4] https://www.imperialviolet.org/2015/05/16/aeads.html [5] http://www.daemonology.net/blog/2009-09-28-securing-https.html [6] http://crypto.stackexchange.com/questions/16276/perfect-forward-secrecy-with-nacl
read: https://cryptojedi.org/peter/data/span-20091204.pdf http://lwn.net/Articles/579044/ http://engineering.bittorrent.com/2014/12/11/authentication-and-forward-secrecy-in-bleep/ http://blog.weave.works/author/awharrison/ http://rdist.root.org/2009/07/14/nacl-djbs-new-crypto-library/ http://blog.cryptographyengineering.com/2013/07/tweetnacl.html http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf
to read: https://threema.ch/press-files/cryptography_whitepaper.pdf https://tools.ietf.org/html/rfc4253 The Secure Shell (SSH) Transport Layer Protocol http://cr.yp.to/highspeed/naclcrypto-20090310.pdf http://nacl.cr.yp.to/securing-communication.pdf https://whispersystems.org/blog/advanced-ratcheting/ https://tlswg.github.io/tls13-spec/ https://pond.imperialviolet.org/tech.html https://codesinchaos.wordpress.com/tag/curvecp/ https://download.libsodium.org/doc/public-key_cryptography/authenticated_encryption.html https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly http://www.daemonology.net/blog/2009-09-04-complexity-is-insecurity.html
Unfortunately LibreSSL isn't going to be included anytime soon (see https://github.com/iojs/io.js/issues/428). But maybe an integrated ssh client (i.e. using https://www.npmjs.com/package/ssh2) is an easier to setup and more secure alternative then a nodejs SSL server.