CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan - - PowerPoint PPT Presentation
CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from Nadia Heninger, Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS
to symmetric key.
to symmetric key.
to symmetric key.
separate channel, or “trust on first use” (TOFU).
nadiah$ ssh portal.cs.princeton.edu @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for portal.cs.princeton.edu has changed, and the key for the corresponding IP address 128.112.155.171 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:9yBBea9Z0ER6asvvtNf6fRXVra6LOQ3OVZLtYKVpNc8. Please contact your system administrator.
separate channel, or “trust on first use” (TOFU).
intermediary.
intermediary.
choice.
nadiah$ gpg --edit-key rivest@csail.mit.edu gpg> trust pub 1024D/567B4BAD created: 2010-12-19 expires: never usage: SC trust: unknown validity: unknown sub 1024g/EFE31B86 created: 2010-12-19 expires: never usage: E [ unknown] (1). Ronald L Rivest <rivest@csail.mit.edu> Please decide how far you trust this user to correctly verify other users’ keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don’t know or won’t say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision?
some random unique values (“nonces”)
Cipher suites: list of options like: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 This says to use
Cipher suites: list of options like: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Server cipher suite configuration can be confusing and difficult for
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_NULL_WITH_NULL_NULL Subtle protocol errors around cipher suite negotiation.
messages encrypted to you
attack against Iran.
attack against Iran.
attack against Iran.
fraudulent certs.
KDF(g ab, random) → kmc, kms, ke KDF(g ab, random) → kmc, kms, ke
KDF(g ab, random) → kmc, kms, ke KDF(g ab, random) → kmc, kms, ke
KDF(g ab, random) → kmc, kms, ke KDF(g ab, random) → kmc, kms, ke
KDF(pms, random) → kmc, kms, ke KDF(pms, random) → kmc, kms, ke
KDF(pms, random) → kmc, kms, ke KDF(pms, random) → kmc, kms, ke
KDF(pms, random) → kmc, kms, ke KDF(pms, random) → kmc, kms, ke
""0 t 10 (!WI. 01!()9) S:.tbpocna 10 Tcst!1'y aelb:e, G~ Jury
TO: DaHas, TX 75204
Eastern District of Virginia
SUBPOENA TO TESTIFY BEFORE THE GR,.-\ND JURY YOU ARECQMMA.,'lDED 1 0 appear and testify before !be Uoited States district court at the time, date.;me place shown below to lesify before the court's grand jury. When you arrive, you must remain at the C::Ill" until the
judge or II court offioer allows yO\! to leave. Pltte: UNITED ST A YES DlSTRlCT COURT
~Dl
COllrthouseSqulrf
II: tnd Time:
July lG, lUll
________________
__
You mUll also brin& with)'O\l the folJowill& docume:1ts. clctroni~!y l10red lnformu ion. or objecu (bll!!'.K ifr.Ol "?plica.bl,,): 9:30 AM In .. ddifion to your !,l:"l'SunHI"flpear"nce,you arc direeled to b ring 1 0 the grano jury the public lind private encryptiun I;c)'5 used by l:.Ivabil.CQn. in any SSl.. (Seeorl! S<:>ekel L:.I,,<!r) or TLS (Tr:u"pon Secllrlty I...'lyer) session$, inciudln: HTrrS :I<~iOM with dients usin: the !lIvabil.com web site lind enl"rYflled SMTP
~"Omu n ieation~
(or Imcrnct '.:omUn
iC2 {iQn~ u~ing
mail lCrvCr.;; Any utt:cr in form:Hlon necessary to ~compl!$fl tht insu ll2t1on :lncl use of tile ptnltrap device ordered by Jud?;e BIlc;h"nnn 011 June 28, 2013, unubtrusively :o nd wiln minimum ;ntenerenl:"t to the serviee" th2t arc >lctorded persons with respect 10 whom Ihe inst:lllati(ln and use illo take place;
If such information i3 electronically slof'1:d or unable to ~
physically transported to the ;:rand jury, you mtty provide ~ co fly of tbe information to the Feder
... l BurtllU of [nv~tig<ltion.
Provi$ion of tlds illformalion to tile FBr doc~ nOt excuse your personal appellnlnce.
Julv (I 2013
CL£RJ( ·f'!.c n&me, lId=, email.Md!el-:phonenu.mbecofthcUr.ill:d StIIleS ~lo
m
ey,
United Stu~y'who requests this s~bpoal;l,
tL"t':
"
. 1'I0~n.)'JU.Ul1 W. Wi1li" m$l;"ittd Sr",r~
Attonu,.'s SII,hljn:
] [00 J\lm
l '~un,\Venlle ,\ll· .
,
Vlq~;r.i~ 131~
p03} 299·nOO
.'
..
,., .. i
'.'. , ,.4.>:" "',1\ " t :'.",
,~ fl' : :~" 1
, I.t ... , ....r',' ,.f. .
; ',
':i,'~
" '., ;..... ,(, ... ;
'-r:'- ~ .'." ." ;,:' j • .- .~I ~ ".,. , .... :"
,1 1 ,~1 ~ ,""""1;:,,:-,
\,\~"H,.. , ,,,,,,.;, "';
<.i:"'~:i.'.'.lJ."
\ · J:I.;:~(t,',1:,1'1-..".,,,,,,'.,,:_,,. i;, -.:"
',~
. },;,,",I;' 'j'::"'.
,'" '.,,:. ', )1' , .. ; .",;,,,,,,.; 1\. · ·
f· c.;~...
f-'~.·"~ ' · ! .~'-...
"'
.....
~,' .. , . .... ':,' ".1 .:.\.1. ,,:,'''(;,
~.1 '.-, ' -'
... '.1 .• ; .... '!:.. ' '.
. '. ~'
., . ' ",.!> ,.. ,.,: .".I.,.;r,:. 'J. ;';.1.,,': .
i~, '\O.);"v ~
,:; :_-'-' ,) .... , . . '.,'. ; ; .,'. ('.:
,.,;. ~/.J~
i . \"l:, ,;'
"' . ~"1~ ·; · .~." : . :. ' ..
' " ;, .
~'- "j
;.-" ,: ro',' .
: ...
" ' ~" ~f,~' '~I~· f ." : ,~.-;-,.. ; ! , I;.;
1">" l<;; '~",f:'"
.. ~:
"-'~ .
I,\'-1".;' .• ,,:, .. \.
":"~1
.'
;'~'"""'"-'''''
~
,! ". ,. ,' .,j'''' '; ''''''' ' 1,,1."" :;, ...
~t
..
,i.-, .',~. ' ;.'1'- ' , ./.", .- ',,:
.: ' ..
".
,~
.: ... ,:1',.,"'... !~; \f_.',,-, ~tl ";
:''IW"~
' " .. ,;,.~".
,; ;:
__ L~i ' \ : . ; / ;~'.:~;~;~i;~:
· ·~·;i;<·~ : ~ ; ~) .~ '; :);r,; ~'·
:
~;:;:
,:~ '.~,.~J.;:;.~
i
~.;:"'~:~ ;t\;:.!.;.;:-'"g';.~·;
· ~/:;'~";l\~
!" :;·.~r
.' ' ..: •
'" ; ,~. , .,," . , , . ',- '," ", " .
.-.~;' "'''.''''. ;J'
..
:' ..
'" -·t:.· ;,', '. ,;,
". :,~,; ...
,:,-,._;,;~,.. ",, "': ,: .•...
,
; .. .,. ,. "" ,,""t' ", 1.:' ! '.;
. ~:. ;:.'. " \ "i-",' ,_, ." "" ,':, ,
.::" .", ' r.· '. \:-: . '<, '." ~".':,~;·r!:.". .. ;.
(~ ;'
': . .....
f :: . '.' ';,",:" '!,. '.', .,: , .. ~.' . '"
r" . :, ";
~.,~...
:.
'." .
,J ,., '.-,.' • •
, ; ,~' ... ",..-' " •...
k·
. . ' t- .;1\,.1.".",: .(·t · '.-
,:'
, ..
~f'",' ..
. : >;.: ... ~ ',;
, .
' ." : ' ...... ,.
::. "., :.,,-,' : ....
:{.~;,;
' : ,1',,, :.;::;:: X .. ' _ ." ~
'l._.
, ... c' ... ; ':';i". }'." ' .' 'l'<', , _,;;'. ~!-
"
!"o ':r" ' . '~\o " ;·.,'·v'
.''-10 .. ·0
b.~
' r b·': · :'·",y,"," ;:I~ , ')l.4;'"'. _:~. ;l,
. . ' ' , __ ,-":.-•.. ; .,,"::;'''.' ~";,-
: ""'
: ,~,;:';., ;,'.>(,' :
,~. 1;,·',I,: :"
." c
. .... , .. ;'",",) .. ,·
"t "':
.
:'! .'~J
,'" ,:,>:("";u ""n,. ".<, ....
lI.;.~:!'~ ", .:' "~,~,;,
~"-\;)
'- ".k', ,, .. i:io-<: .. ,,,,l"'.:'
1
.I'l',~ :! .~"
.r; . ' ..
~(;.;
'}; ', .. ''- .,.",~"
~\.,_ '."~:A.\':~;" ~'~ 'f!(. '. <'.'" " . , .";~, .•
_~\.,:-'; '.-, l :'"
"~'. I- -" ,' ~ ! .).1 .• •.~
. f' ,J .-I:fo
':-<~"1
~ ~.",'
,..t _,.,1: I .•
: • ; ! ·.jOt:", ... ~
~',"' ~ " ~ .(.;.~..
':I" ! ~";
"J~
',",
'(:~,
".
.. .
'~"
.t.~'i-"', : .~' , .::: -":~, ' . -... ,.,., .V ,~ ••i'"' i .'
<"", .4'1 .••
,"~..
; '.,.:,r.:~ .," .. ' "}"'~" ...
7·.;>{,, : (.".,(."".
,.,~."· ." .. ' v·:-:. '.,-'. ,~, :' ' ,,.., ,.',\'·'I>"'.t
.....
ll
,r
.~"..... , ... 1.<' .~ , ..
1 >'
.~,.'-'" \', ·'11 " ....
,-,. ;~,.,
"~,"
' . : t,:i , I ,.;.;,
' .~\,...... , •. ; .. t,
.~'- '. ;::.-. ':,'!.-" ..
" ..... ,
i;,,> .. ',Ii" r'''''' '1'l.\ I ' ...... -. .
~ r. ., ..... ...~ ;.:".,
. . : ';.!'! :. : " ,
j .: ..
~.". ,.:, ~:
;1t.<l:,J'.
~ '.,.\' \'. ~ ' ... '; ~
",' ,~I' .. :
'!' t: · 'j',
,_~ .. ,;. ' ~,;·'sl~)~·
,-!'"h
:\ ',.~\/.!
· ;,' ·. >,!I>, ,',. I X ..
~",.".. ;
. '~d1,1-.[-" ,':' :.lr.:.)l, ~t>
'" J
.. ' , J;.:',~", ..... , 'N
........ ;
'_"'_' . ~n
,' ,~" .'
!.I'.'
,
" .,.,:,~..
~ ,:.Ii; ">'-'," . I>"':',~' . : «>""'"
'1 ~ ' '
'- ·' , ~: , ' 1';'W/s"'J ~.:-t"'.; ",;.;
" '~"-':~'"
' '-'I;.i';C
," '<$. '" ',.', . " .'
.•
0,
t';:"XV'~
.~ " :'~ ",'I: ...
;~,:;.,,: 1<.';~I)t-(.':,
h\<.': ••
..... :, ,;.',"1';<1" 1.;'.\, ri.>' ;""'1" .•. "'1 ,.; ......
'~· ' 1.:'r!,', ,.,.,., :".~ ,',
';;,
'
.. "".';,,, ~.-
' ~",;,o,'~J;: , ,-,",·
.... In·'.
"'·, .'; .•. ,.
>1\,",,'''''.>
~)~ " "h"
· X •.\,
~'.f. . \ ., ::., ,~: , :,1,'> ;t
.~,';;;"; =,' , n·, ,. :'>0:;' :l~
, h' ~'"rf'.';·'<'!II).'" t='
:' (',1~' '.J~j,,; .. ':" , '.' . ' ,.t.~.! ..... ,, : ~ "I ~."
i ...
.,.~'.~·l1-"," ·'~' · ," " I,;;0: "" •. ,
t ·,,· , ;,
. ~<"0 T
; '~'.:" "" .. , .<-1';';". '~. '; ' ,";:":'
.~"~
' ~';'~ " , ~ '.'; ,"
.:
'.\ , "I
;'
.. I.'oj.:.,,;, .. ,,",
l~ q'.,,; I;
J-! \.;, •
(. ~. ,"c,,',':'" .:' < :~« , ) ; ~ .• , ' ~ \',.,... \~, --,,·,,··t· .;~":";,
' . ':',"; 1.';-
, .·f,.':·.' .. , .• ~ ,"( '1'
. ~'.-~;:'.t:
·~.r ."\1.~:1',', . '.' .... <
' .• "
. , ..
,~,-';""'.-:,; '-" ,
~ •.,,,. < .. ' ,. "'- \"0( ;.' ~
..
..
,~,-<
....
1.;_ " .• ' , .. ,., •. " ...
..>.,.. .... :., . ....
"h~
, · ;,f · i .' .'".~.. ,.,
...
~"'
....
~" ..
;''''..".,'¥ •. ,,' ._ .' . .
'!.' ~.- . : ·"','l·."' · .,.~n '~.~,"' ·, 't:~,: " ~1 s:;~,1~:r: ' . ';"~'J\'-;!'! ,bV:,~·
I>
,~.,
'
.•
~
' .' ",~,\,
, ':,'.\' ,," ,,::.,,.,.1," ','.' ', ~'~.'I<"r.
! :., ..... : ·~<.';. M · ". ',: "·"",,"t ':1". ·'·,., Vo.! ~\';>'<
: '·-;·I.~(.: · ;.'"j.· · n,',,: .'~
," ,:,:.
,; ,. ~ . ",''''.v.,'
~·s ;. i<~ ; ~_ :·!,.,)'..
_ , !'I,~,·~
,;., . \.,,, ,~
; ,',· .' .:'-':', : . ~.: 'I) ; ~.
; .;: -. ' : ,'I, ,:;_ .,j'~,-,1''::1.) oIl) :
.; ~.",", ; :.,~
., .. '
'., ,,:'" :,
~:.'"'.
, 'I.;". , ~
"~l"."\':":,.' ,-;-. ". :,'. ,:,,,',, ',-.. " ' : '., \,
.. ':,
.• .• ' )' '" ,:,:'".,;' , .
"'~r:;
" ....
·. ·. ~ ..""A',""; ,
..
\ .... " ' .~;.
, .;' ,.,;, I.; ,,"
"~:.'~·1, ; ;-" ' .~)J' :': :01> H! .... .- ;
"-~
' .•:: .,
.. "":, .• '->\ "' ; f'~I'·'·'."I!"
; "·~';:'~i.·!.·",, .. ,,:{. ~';"
.. ' , .f·' _··\'.v
" ' ~',f,· ' ,.~,:,. , '·I.;'; < ' ·';':' , · . " , .-.!.-n '., :", ...
",:",
'-,~ ·,:.0::;;" '.;;
.
,'.-.! .'.,
'I:'~"'''''r "";-""''''' .'';'
.
.,;~.~, " .' N' ,.. ,.
""' , ~
~
',:'
i ,'; ,~ I; " ,-: '''';' ~'."-" l~I d.1
),o'!~;';.'" . ..... , .•• ".,_~ ..... , • :'," :'.- ':." ,_.
~ -".). .. ·"c':,; '.' " .... , r ~
.:.;~;",'{,:-.'1
.. ; .•
,'"
. ~.· '.-- _ ... ." ·;·'~'\;";
r"'; ,~,:'I-(),-w,"o1,'$· ..
~:n .~ ':"· ,"'"
;'.::,";". t .1
'.:',"'
',.: '" I.':' ,t:
::':"i
"~"' :'
' ' ' t.. (. V.,;: ....
,~ ,\,. l.-;\f'-'.-r;,,;.,; Y,
....
~ : _." ".: ,:-;\: -. "~:
_ :'",' :.' ';0 r.'';' .1,,,
.... ,
.' •. :;,... ..
~'>Y'V'.! ~":,;
. : ...;. I~,~·;
~.,· :;~,.y,',":..
~ i."" 1'.# ."":"": ·.
i··
.. ' ~'-
i ~'-'." : i:.; ,f'-{
"<i
~. ",'" n,:·~ . '~ ':·:t.1'~I·'. ,.:'
.~ ., 0:" :;.~. .. " •
~ '"
\"
" '"
: '.,:; ,. 1 .... . ··,'1
... ·',·
., ',' .. _' "',.,; ",'
'~.' ~ ., ' .~ . ' ~I'_'.:!'v.
', .>.t
~."
:,. ,(.~"., ::.
'_
,', '_.' '. ~
. , I ~. " ",!,·,. ;' 'Nor,', .; (1..
·"'h.O",
, ~ , li",... , I
.I.' ,;,0 :fJ
<~ ~ " .' . : · ~ ":i't.~
.. · ...
l,~' , ,~; " j)'( ' ' . ~ k·,,,.,.:I, 11!! ~ ..,! ••
,~ ; . ~!;"1 " ~,
~ . :,.
..,: r. ,~:
:'.: ; ; ,.·::..l'....
<·,~:;.~:;lI'"'~HX:J:... f.f.' ....... '-l.U"
'10"
,<' '. ~, r _
!."1_ ":'\J',V; !,:i
~ '.~ :J
.I. 'I:.o'!.~('ll
/.;, .: :.:
.~, :; :':-t , N~'.'" U;':,.:i';";'"ri!l:,t.:K.
:.Jo . ,\'7<_ ~ " ,~. H>'; "in';, ,,.,,;1(> ,;; , .. ; .. "\ .•
~,"h ·_,·),'.'1I!.t !I"
, , ' ' ' '~ ~ / , ,......
!";¥-nt)) :_ ~>"
"¥
· '.~"'.;H,"~.
~
·. ;'"I.~i . V; i.'I;~·~!.... ,~.W'Q"
\ ' 't",~,I;,>"I ." ~" ' ~>J. . ~,;~<),"W')"r:,,',
' ~) ~ ~' ...... ;''';1'. '.:;' .II;:"': :M '. "'
':< ' jJ ! >~Il~.~cr:, ~'.d";',;>)0:.:;.,
.,~ , " . '.~:·'~
·:'\:.Ic',. , oJ .' ,\.)I
~X
' t_,1\"t'"',"'.,'
.• , ....
~
Y ,. :; .,";' ;.). ~ .' . .., "'·."I~,~,
'.';'I." , '1.;~-(: . ' ,"'~l,
. ~0:11,1 ,'~
. ~ .•,
:.~;..:
":~I
.•.. : ... , .,~1tT-;~t,: , :.:L'
.~i' ,-,( , '"' :!
·.~ 'I ~. : r:t.·... ,':·
'C::.
{,~,..
::" r~'
,.,:, ~ I ,\~"'.• , ;>1_ .... ,'
.... ,\ .,"",-:
:>':' ....
,,",
~"'
, •',,' ;.,. ~ " . 'r",,, ..
:'1 ;"tii ~
>Jo ,~,~:,~:~):·.;~ '·I:.c:'l':~'
l' :t{ t ' ' '·:f'(~'';"r
'~i.<1_ l'<tI'h« ~ :>r."1 !"II ~
:'C);"I!,_" :
. ,j"
~'l: ' '~,j'~;' f :~:
',J;;
.~ ;. ;~... '. "" !~.:~":
' '(.~J),'C, . "tl. ' ' ' . ' ¥ J~J
, ~':-'~";'-
>0:'.' "
:
.",(': ' ~T:~ ",«; ~,;
.f . :.~:
, '. , ; '.'~ ·); . · ~r,'" ,,..,,,
:1ti ''~ ' :f! .':>'I.,,:J
~.r.:.7.:,
t:r''':,,:;,t :if, I ' '<:;."'. ,. '_'." [;: "~ I" "
f-<! ; ~1;0,
..
:"""; "'<:"" .•
~' ;;. ,~!
1'" "
'.
~, : ",'",;0,
... :<>1' "
,~ ..., 1,!,J.';-;'~'
" ~. ;:;, .:';!
' .: . :· · .~ ·, ~,!".:, l : ".k:.'t}"<'J"...:/o":<:.'
.•
VI-;'''')';-''
"""
: /:;,:, ..
~".:,.~.;>/-,.. :, •. , W;,";,'_~,(f",-,{(,~
.•
, .,
:,' .. _' ., "
""'~\
r :_.~
. , 1";" : .t,';.t~'" \<~>. .
I-;_~I',":., .'; , ' .
~ ,
'~ ;n'
[;.~.,,:/
Yo, ' ~"/
'~'J' ~:".l<,';!'
.... " k' : ."'~
. ,<,-",,, ~"'\'\ ,11';:. "", .c,:, ·l:.f;'·· ;. ~
. ' ..,,:.,s.; " .) ';~'
' ... '1~I';' ·:Il; ~' :~· ': , ' ~" '.~ ' ;.'.,,':;;,.'.;.' '
:r.· Xi':'M!~·"
': :'~"'~'h~~ J"-;A\" I,.~,
.:.,.!,'"f." 111
:A'Y. ::--': :' .).""
"""';"',i" "'c'" 'i
. ~.';I, ..
~·
.... '
,0:, ' . 'tN ;,,!,< .'~i'
'" .' ~,:,.:. ' ~".'"
_,;~ " ~. ~"'f~":-"~) ,~· ..
·""r ,',,, ,I",
.,' ~ ... ",. \', "
" " • "I' t ·, .'''1>'.',
· 1,;.~., .....
,,: .•
1 '.1-1'
~\- '~',;:.'.'''''.' ...... ' ..
, .~ _ ':,'f·_" i .......
·;., : ..
..:.,:-._%,:, ',';'\1" t\o'I'I'~;
',1. ;
.J,,":I
..
·~"~I,Y.
, ,-,"~:tJ"-, , .1~'v'1 .-l '·'"~'·, .•..
H;l:;~r',
';< 'N".' W·"~ .. , ' J"'~:":;t'~"r>:._,>.r
";
;'.' ..
", ," ..
... '
.,." ,~
, ¥o'; ' <, .... / ,-~,r. · .•I':,o.,) .) IJ •• , .' 1<' ~:'
..
_
~ ,.'1 " ~\·.I\'h.V:·"' ' ~ ,: .••,
l·~;:~", . ,· , 1},flI:I.' ......
)"'.'1 'fflr ';
"~w.,
,=,..
: .
::.
.... r . •
.-::, .- .: ';'
··"l-:'''.'fI ,.~.
,1 :::';,(h;o,.' r.u
..
..-,I J.;,o~"1
C(" '}.:(:;.;"
l l~':
..
r'",: ., '",:
..
\",.~, ", . '<':': ." ':' .i'I:~'-:!h
: "': l · i'¥t~ ~ ~".v,;£.i'l,·.. ·.>"'I':I:'
,-'
"' ., ~ " ~",-"'.,;~ :v, .~,'I,LJI ': O!
. ; ",., ." ~"I'>i:" ~ \."9J '1";":~" '~I~rt,f. )~ , ,." ~ ,{(. "ii ~>.u
I,1,:I<:n.....
, »r·'I';-,\~v?o!r.~;~"~
', •.. : ,(,(,.,.1';:".\,,: "!x
.,? ,"
' ;li'lvlf"' : "';lJl!;"'_·'\l"~-'I': W.';'O,·
· .>' , , ~;. ' ';,; .. ,:, :1', _,,,: ~'
; h':"."'~:;"':" ; '·.":;.' iltl1 : ,tc · \: 'I'N'::,': '.-:-
,.'.'
I; '~
. ~';"., .....
!~J"I:-( N
~,!...
:~<,-,; .y~1
,-.~: · .
...
iv" ·
"' _ /W"" /, '.>:;,
';-' ' :. : '_'~' ' ; 'j:J., ."'"
......
u;; (". , I"".,;,
tI·, I,;' ft ' .': ' ~ ."
, ,}I\'·'-"'1':" :" ,;- , · .<Il~>
. ,r;.! · ~ :';:'",-, ,:,'':-';\">r
. '. ~-h · ;· ; , .:), ''',<'': ,'. ; ,h.J.!f.' "(r.,;,:.".].' ; I .'",n~,"';':."» mf,,'!'J I.
"
I,",'-.:.,';:~iX
.. ',.':" ,.:;.. ·'t.
' .l.·:·i~
',' · " ('r..". , , .....
~;. "~:"' ! ' M i , .:-.: ,I~,"l,~,:1<.', :-:.:"'; : ... ",-, \": •. "'~;"'!.
; ; .
; ;'- ; ',
~'.\.~,"
' 1-.; ;' .. :():
.1:.-;\';"1; ,;·
.
..... r-r::,J;;t.+
..
,i:.,.~( j 'J':<;I, ".; ,) ·,_'i~,'.f ..
\",:,>.,(' ; ;'c:i',· . "~! . ,:·"'.";_' <; : '>'~ '-:,
>, .•.. '1 .'\.' ~. :
~I.;· " ·:' ; "'·;r.. '.'~'v:;M';"'~?~·:
, ." \ "~'
..,.-.. ! 1';-, .. ··, :;o,:;
· ';,~
.\·N'-'.r:'"f"·,,.:, '.'
'} .
:";-.. ' ,. "'.!' ,1 ,-.~ I
.,~:, ' I-v~", .~, r .. (...
~ r;:;:,~,"~
1;.'.1, ," ; ' .:J '
...
, .•
~.~,~., . A.1"'. .-.. , ..
~ ...
.,. ...
·,:":
....
:."
._ ;: ... ,.::
....
,' i
· i · '·;':.).·~":\,"1:;: " "'·;"'·"' · ' ~ '~ ,~"~"
.. 'c'''''':(
~ .... ,.,~
' WI.n<':''>:1'<)o ~
;'l<>:1m',"
,,' ',.~.'
;~'
. ~1" · "-;.... "'·,n''-·:'1
?>~. ' ~:;
' ~·':'-':· : I:l~" !'-r.,~,\,"'(
,~-:_,... ,'d
X'1.';'. - , :':; ;~;~:'
"'"
·l'a":r-if.' ;-'.'H. t~f"'~i
~ "
';. 0
, .'.: ';
"l ~"' . ;,~:" \,·,.r·' .1'.'
'~.;':'.,";':. , r.:"~.'~"l-:'r,.F.:iV, ~n:~':'>
;'
:,::;"," .-,
~ .. , ,"" ,(' "!f .,t.. r:,,· :::. i: !r!
:!;~:';:;':'"
\ l1i l(:3<h
.< ~u.;: ' ·W :lw
" , :,.;- ._ ,~," ...... , ,
..
,
~"!
~ •• '~ ' ;' , ,;:.;,:..,, _
r·,
': ;~' .•I,"·""·
. .~,. " •
.'.'
.•. ~'; ... (") I .~
,·,;. .,.'~?"
., . .
';
.~;... " ..
~ . , "('.1 ,' , .•
: ." .,,,;
:l ,~
~ v,_!.; : ,l1',~....
Y.',;~ . , '.",..
~i
, ,,;'... r".:'.;Jt ":;
' ,~,." . ," ..
~ .... ;0:; ,·"
1 ,
... . ~
" . ;.. ( ';'.,,<, .'~:"'-'~'~
'.:':,"'·¥ 'As",.C ;\:<"
. ;",;· , . J "'(~i;1.'-; i'( ' ~!,..
:."'" 1'- ': ~ ....·r', ,I
",;':
'l'"' ,'.1" . !;lt":~ ~·".";"-·i.< .. '"r; ..
10.
, .. / :' t.'iH:.l.:!. "1'; , '
.. ;
'. ~.
,~,.. ' .• ;',," ... ,
,~,:. ~ ,~;'.l ': ":('.' ~ , : , •. ~( ~ . :->~.-,.0-,.-," __
'!',-".'
.~ , .'.\I>'.. , . ."
'.-"l"/"',' ..
.... ', .. ,. i->«I,",j' ".r."" ,
..
,,,' .. .•
~,;. : , ,-r.: .; ~ '~I'-':·k',.,>.(~, ;_, 'i' , ~ .""(.-::..
>1 ";-;''''' .
. ;, .. i " • ,-,.,." '" " '::-. " ..
"'so) .,j, : ...
:,,,,, , .•
~ ,,;
.
.,~ . i: " t'f,l~. ~.,., ," .;' .. : :N,\
; '-': . ~"-1' J'o1 : ~ ' J,''':''''''':,(/' •.~
. ;);.~.,:".''''(J;"> -" '" I "
,;', .~;
'.~-:~; :. :
:
..
.t;~
~
,~
~';4:~ > ;~:t;:;~: :~
;~
~':i;,;~:~"
, .... ' " ' . . ;-:. ,_./: .; .•
·"9!.·~ ' I:i""""."t:l :" ., ~",-: .r·'
,,- ;',:
;.
""'c',
,,:, ". _ _ :·1. ':'.' ;::1. :r . '. "
~, ,_ , , , ,;',;!
https://xkcd.com/538/
“Actual actual reality: nobody cares about his secrets. Also, I would be hard-pressed to find that wrench for $5.”
parameters.
eavesdropper.
insecure versions.
April 1, 1992 version
Category XIII--Auxiliary Military Equipment ... (b) Information Security Systems and equipment, cryptographic devices, software, and components specifically designed or modified therefore, including: (1) Cryptographic (including key management) systems, equipment, assemblies, modules, integrated circuits, components or software with the capability of maintaining secrecy or confidentiality of information or information systems, except cryptographic equipment and software as follows: (i) Restricted to decryption functions specifically designed to allow the execution of copy protected software, provided the decryption functions are not user-accessible. (ii) Specially designed, developed or modified for use in machines for banking or money transactions, and restricted to use only in such
teller machines, self-service statement printers, point of sale terminals
...
(May 23, 2019 version) a.1.a. A symmetric algorithm employing a key length in excess of 56-bits; not including parity bits; or a.1.b. An asymmetric algorithm where the security of the algorithm is based on any of the following: a.1.b.1. Factorization of integers in excess of 512 bits (e.g., RSA); a.1.b.2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie- Hellman over Z/pZ); or a.1.b.3. Discrete logarithms in a group other than mentioned in 5A002.a.1.b.2 in excess of 112 bits (e.g., Diffie-Hellman
...
(May 23, 2019 version) 2.c. An ‘‘asymmetric algorithm’’ where the security of the algorithm is based on any of the following: 2.c.1. Shortest vector or closest vector problems associated with lattices (e.g., NewHope, Frodo, NTRUEncrypt, Kyber, Titanium); 2.c.2. Finding isogenies between Supersingular elliptic curves (e.g., Supersingular Isogeny Key Encapsulation); or 2.c.3. Decoding random codes (e.g., McEliece, Niederreiter). Technical Note: An algorithm described by Technical Note 2.c. may be referred to as being post-quantum, quantum-safe or quantum-resistant.