Light

bettercrypto / applied-crypto-hardening Goto Github PK

View Code? Open in Web Editor NEW

705.0 86.0 101.0 125.6 MB

Best Current Practices regarding secure online communication and configuration of services using cryptography.

Home Page: https://bettercrypto.org

PostScript 2.34% Makefile 0.12% TeX 82.92% Shell 0.02% Lua 0.07% HTML 13.12% Perl 1.27% Erlang 0.13%

cryptography applied-cryptography documentation best-practices

applied-crypto-hardening's Introduction

WARNING: This document has some outdated content and should be used with care.

There may be a new version of this document in the future. However at the moment the recommendations in this document do not in all cases reflect up to date crypto configuration examples and do include some recommendations that can weaken security.

First off: you are welcome to help us! Every reviewer, committer and person interested in discussing our document and changes is a valuable addition to the project. Everybody is invited to work on this document and share their experience and expertise with us or ask questions if something isn't clear to them. Please read CONTRIBUTING document for more information.

HOW TO USE THIS

git.bettercrypto.org

Anonymous (read-only) git cloning:

$ git clone https://git.bettercrypto.org/ach-master.git

As a registered user:

$ git clone https://<myuser>@git.bettercrypto.org/ach-master.git

Where <myuser> is your username on the server. Ask for write permissions if you need them.

Committing changes you made (from within repo-directory):

$ git commit -a
$ git push origin master

Receive latest updates for a previously cloned repository (from within repo-directory):

$ git pull

GitHub

Fork and issue pull requests. Those will be reviewed and if accepted pushed to the main repository hosted on git.bettercrypto.org.

MacTeX

MacTeX misses mweights.sty and may cause a compile error.

sudo tlmgr install mweights

IRC

channel: #bettercrypto network: freenode

IMPORTANT

If you reviewed the document and/or made some changes, please add your name to src/acknowledgements.tex (the list of names is sorted alphabetically by last name).
Send many smaller commits (pull requests) and not one big one! Big ones tend to be delayed. It's hard to process a huge commit. We need to review everything, please remember.
Please also read the FAQ!!

applied-crypto-hardening's People

Contributors

Stargazers

Watchers

Forkers

berqavos sebix mbartosch qbi vzsze roa ax3l neingeist arwarw intichar fxkr janfrode bong0 nagua erictchin olafz shotty1 martin-rublik stasic elsanchez sion65 masegaloeh c-steindl ubiratanbraga gavioto ktwombley jluebbe dignative chdorb bunam cudeso julianladisch malexmave oej gmlanzi choth02 doyke zephrfish gerberus kostyll schue30 tdelmas pedrosa-t csubben dahlberg-fkie gunnarhaslinger doantranhoang hippotized jschlyter j0s3f nagyistoce anthchirp bahtiyarb-torba ocramleznem gvsurenderreddy maartenvhb paragonie-scott iammyr ypid a12o geor-g florianbeer burghardt tbleier magnologan humang33k rdxmb fraang 0rbadvent polynamaude cert-bund mikalv cstrotm hartwork aaronkaplan aschosser andreasschulze mschiff patrickbenkoetter joendres misch42 rays4 joergzimmermann 2001db8 martinberg212 ryru tsappo ziegenberg 5l1v3r1 balc3r kenman79 paulmenzel zaraquer mlestoquoy blurks 7valikmumu shutupthio

applied-crypto-hardening's Issues

Adapt citation notation for kerberos.adoc

Pandoc did not convert references to citations. The targets remain the same, but you need to adapt the AsciiDoc command name that will call the macro, which will do the magic.

Add all the people who helped on Dec 20 to the relevant files

acknowledgements.adoc
reviewers.txt

Port neboltai.adoc

Verify external links for kerberos.adoc

Some links are outdated today. Check they still exist. If not open a ticket and we will decide how to handle.

Verify and fix internal links (references) for kerberos.adoc

The internal link targets got lost. We need to create new ones and you need to point existing references to the new names.

Port RNGs.adoc

migrate chapter mailservers to asciidoc

migrate to asciidoc and fix all rendering errors

drop support for oracle databases

the current text in src/best_practice/database.adoc mention a document from Deutsche Telekom AG that is no longer available. As this was the only information I suggest to drop the paragraph

Date VPN

SSH: add configuration for SSH in Windows Server

the upcoming version of Windows Server will include native SSH support

Fix link into nginx wiki in webservers.adoc

http://wiki.nginx.org/HttpSslModule is gone

Verify and fix internal links (references) for webserver

The internal link targets got lost. We need to create new ones and you need to point

Fix external links for webserver

Pandoc did not convert all Links correctly. Verify they meet AsciiDoc notation.

Update 3DES status

src/theory/keylengths mention 3DES.

by https://tools.ietf.org/html/rfc8429 3DES is deprecated at least in kerberos. So the text should be updated

migrate chapter databases to adoc

migrate VPN to adoc

convert the VPN chapter to asciidoc.

Port missing content for Webservers

Proofread your Webservers.adoc file comparing it against the corresponding Webservers.tex. Port content that is missing from tex -> adoc.

Port Title

Port Introduction

Fix formatting for kerberos.adoc

Add two (2) newlines before a new section.
Add one (1) newline before each paragraph, code or annotation block
Add one (1) newline at the end of your chapter (Important for rendering)

port cipher_suites.adoc

port theory/ciphersuites/compatibility

Port suggested_reading.adoc

migrate chapter SSH to adoc

Port PGP

Should reference card "Port PGP" but maybe i lack permissions.

port tools.adoc

Fix formatting for webserver

Add two (2) newlines before a new section.
Add one (1) newline before each paragraph, code or annotation block
Add one (1) newline at the end of your chapter (Important for rendering)

Port DH.adoc

proxy_solutions and bluecoat

src/best_practice/proxy_solutions.tex mention bluecoat
that company no longer exist. was aquired by symatec in 2016

references to bluecoat cannot be verified now and must be reviewed

Fill link text for kerberos.adoc

Some links only contain the URL as link text. Add the URLs page title as link text.

Port Abstract & neboltai

Fill link text for webservers

Some links only contain the URL as link text. Add the URLs page title as link text.

Port Webserver

SHA1: remove configurations with SHA-1

the text mentions TLS configurations including SHA1. These should now be obsolete and should be removed

Dockerfile for asciidoctor toolchain container

Hi,

it might be helpful for new contributors to provide a Dockerfile to be able to create a docker container containing a full asciidoctor toolchain.

Port missing content for kerberos.adoc

Proofread your kerberos.adoc.adoc file comparing it against the corresponding kerberos.adoc.tex. Port content that is missing from tex -> adoc.

SSH: add configuration for dropbear SSH

dropbear SSH is a popular open source implementation for resource constrained and embedded devices
https://matt.ucc.asn.au/dropbear/dropbear.html

Verify external links for webservers

Some links are outdated today. Check they still exist. If not open a ticket and we will decide how to handle.

SSH: dead link to Cisco IOS SSH documentation

Link is broken:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell.html

Port instant_messaging.adoc

Port further_research.adoc

Port seclayer_tcp.adoc

Fix external links for kerberos.adoc

Pandoc did not convert all Links correctly. Verify they meet AsciiDoc notation.

Port TLS

See https://github.com/BetterCrypto/Applied-Crypto-Hardening/projects/1#card-15933528

LICENSE file is missing in the github repo

We had the license mentioned on the www.bettercrypto.org website but not on the github page.
So far we used: https://creativecommons.org/licenses/by-sa/3.0/

Configure Travis CI

Wanted:

Build HTML and PDF
~~Check external links~~ — not practical with >8000 links
Upload results using SSH

Fix Linebreak in webserver.adoc

Port neboltai.adoc

Adapt citation notation for webservers

Pandoc did not convert references to citations. The targets remain the same, but you need to adapt the AsciiDoc command name that will call the macro, which will do the magic.

Check image width in webservers

I removed the LaTeX width scaling from the image in webservers.adoc. If that creates a rendering problem, add appropriate scaling.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.