Lmst
Login

#techjournalist

derPUPEderPUPE@chaos.social
2023-02-27

What great Idea of these @rosenpass Post-Quantum #VPN KeyExchange Crew:

Introduction Page with:

"Exlain me like ..

a) .. I´m five years
b) .. I´m a #techjournalist
c) .. I´m a #developer
d) .. I´m a #chryptographer

Dear #Rosenpass great idea

Explain it to me like I'm five: Cryptographers are people who work on making your phone, tablet, or laptop more secure. They create calculations that are so complicated to undo that they can be used to create envelopes for messages that cannot be opened unless you have the key. These envelopes can be created by any computer; your phone, tablet or laptop is probably creating many of these right at the moment. This technology has been working very well for years, but when somebody manages to build a quantum computer they may be able to open up these envelopes without the key. Quantum computers use properties of the smallest things that exist - components of atoms - to perform calculations. These new computers are difficult to use and good at few things, but they happen to be very good at opening most of the envelopes created by cryptographers. There are many ways to create envelopes that cannot be opened by quantum computers. Cryptographers have been holding competitions to find out whose envelopes are the best. Some winners were found, and now cryptographers are working hard to allow all computers — including yours — to create these envelopes that cannot be opened by quantum computers. Rosenpass is a part of this effort. We want to allow a program called WireGuard to create these envelopes. Our program called Rosenpass joins WireGuard; they work together to protect network messages better than either could on their own.Explain it like I am a tech journalist: Rosenpass provides a complement to the well-recognised WireGuard standard, adding quantum-hardened cryptography and key exchange while keeping the established WireGuard-standard encryption security. Therefore, Rosenpass is not just an add-on or a plug-in, but a coprocessing software that interacts with WireGuard at exactly one point, enhancing WireGuards predefined key generation and exchange process with Post Quantum Secure (PQS) cryptography, based on the McEliece cryptosystem. Rosenpass is Free and Open Source Software, publically reviewable and adaptable, published under Apache and MIT licenses. See the License section for detailed information. Rosenpass is formally verifiable, state-of-the-art Post Quantum Cryptography, groundbreakingly improving the security of a cornerstone to the Internet. Project Rosenpass is run by a team of cryptographers, researchers, open source developers, hackers and designers; with focus on verifiable security improvement, usability and user advantage. It comes as a small package at a Github repository, easy to install and maintain with your WireGuard installation. At present, a new repository installation/addition is required, as the software is not packaged by standard yet. ...Explain like i am a devepoper: Rosenpass implements a post-quantum-secure key exchange in the spirit of a Noise protocol. The motivating use case is integrating with the WireGuard VPN: In this mode, the key generated by Rosenpass is supplied to WireGuard as its pre-shared symmetric key (PSK). This results in a WireGuard VPN connection with hybrid post-quantum security. While Rosenpass is designed with WireGuard in mind, it can be used as a stand-alone tool to exchange keys. Using this mode, it can be used to secure other protocols against attacks from quantum computers, given that they offer using a PSK, and that a secure PSK is sufficient for security of the protocol. To use this mode, the rosenpass binary must be used together with the outfile <FILE> parameter. Then, Rosenpass will write a key to the given file every two minutes, and print a message on standard out to notify the user or the calling script that the key has changed. The implementation is written in Rust but uses libsodium and libogs — both of which are C libraries. This does not result in pretty code everywhere, but enables some advanced security features such as using libsodium’s sodium_malloc. We use a couple of techniques to make sure the code is secure: We use variable colouring (gating use of a secret value through a .secret () method), and the code zeroizes all key material.Explain it like I'm a cryptographer: Rosenpass protocol provides a post-quantum-secure authenticated key exchange, based on the work “Post-quantum WireGuard” (PQWG) by Hiilsing, Ning, Schwabe, Weber, and Zimmermann *. Apart from some tweaks to the protocol internals, we provide security against what we call state disruption attacks as a major contribution. Both the classic WireGuard protocol (WG)Z and PQWG rely on a timestamp to protect against replay of the first protocol message. By setting the system time to a future date, an attacker can trick the initiator into generating a kill-packet that can be used to inhibit future handshakes without special access; this renders the initiator’s static key pair practically useless. Requiring the ability to modify the system time is a realistic assumption due to the use of the insecure NTP protocol on many systems, as described in WireGuard CVE-2021-46873. Instead of attempting to protect against replay of the first protocol message, Rosenpass uses a stateless responder, so replay of the first messagde leads to no attack. To achieve this, we move the responder state into an encrypted cookie and have the responder include it with their message. The initiator returns this cookie in their reply so the responder can restore it before processing the reply. ...
Camcam@androiddev.social
2022-11-20

Oh, is it #introduction time? Cool.

I'm a #techjournalist turned #contentmarketer. I've written for outlets like Android Police, How-to Geek, and Review Geek. I've been quoted in the NYT and published in print magazines.

Now I spend my days talking about #Android device management. I love it.

I lost a bunch of weight riding bikes, and in the proudest moment of my life, I donated a kidney to my youngest son who had kidney failure at 3.

I love cereal and post about it often. #AMA!

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst