| diff --git a/cacert-2019-08-28.pem b/cacert-2019-10-16.pem | |
| index 65be218..edc5090 100755 | |
| --- a/cacert-2019-08-28.pem | |
| +++ b/cacert-2019-10-16.pem | |
| @@ -1,7 +1,7 @@ | |
| ## | |
| ## Bundle of CA Root Certificates | |
| ## | |
| -## Certificate data from Mozilla as of: Wed Aug 28 03:12:10 2019 GMT | |
| +## Certificate data from Mozilla as of: Wed Oct 16 03:12:09 2019 GMT |
Just for fun, let's encrypt some stuff in client-side JavaScript and have a PHP server decrypt it. Note that this will never replace TLS (HTTPS).
You'll want the latest release of sodium-plus for this. (As of this writing, it's version 0.4.0.)
<script
src="/static/js/sodium-plus.min.js"
integrity="sha384-lv7SVE0eb0bXA3fgK6PwlhViiUwG6tBuMAhS8XX7RvBvyRcdEdJ8HKtFgs4vHTUh"
| diff --git a/cacert-2019-01-23.pem b/cacert-2019-05-15.pem | |
| index 09b4ce1..8e92f77 100755 | |
| --- a/cacert-2019-01-23.pem | |
| +++ b/cacert-2019-05-15.pem | |
| @@ -1,7 +1,7 @@ | |
| ## | |
| ## Bundle of CA Root Certificates | |
| ## | |
| -## Certificate data from Mozilla as of: Wed Jan 23 04:12:09 2019 GMT | |
| +## Certificate data from Mozilla as of: Wed May 15 03:12:09 2019 GMT |
| diff --git a/original.txt b/translated.txt | |
| index 3ad4249..9cf4d1f 100755 | |
| --- a/original.txt | |
| +++ b/translated.txt | |
| @@ -1,151 +1,151 @@ | |
| import random | |
| tests = [ | |
| - 'example', | |
| - 'gcddegree', |
| <?php | |
| function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) | |
| { | |
| // Number of blocks needed to create the derived key | |
| $blocks = ceil($length / strlen(hash($algorithm, null, true))); | |
| $digest = ''; | |
| $length = strlen(hash($algorithm, '', true)); | |
| if (strlen($password) > $length) { | |
| $password = hash($algorithm, $password, true); | |
| } |
| <?php | |
| define('BENCH_ROUNDS', 200); | |
| $start = $stop = 0.0; | |
| $salt = random_bytes(32); | |
| $short = str_repeat("A", 16); | |
| $medium = str_repeat("A", 65); | |
| $long = str_repeat("A", 1 << 20); | |
| $start = microtime(true); |
| <?php | |
| define('BENCH_ROUNDS', 200); | |
| $start = $stop = 0.0; | |
| $short = str_repeat("A", 16); | |
| $long = str_repeat("A", 1 << 20); | |
| $start = microtime(true); | |
| for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
| sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
| <?php | |
| define('BENCH_ROUNDS', 100); | |
| $start = $stop = 0.0; | |
| $short = str_repeat("A", 16); | |
| $long = str_repeat("A", 65535); | |
| $start = microtime(true); | |
| for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
| sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
scott@paragonie-test:~/dotnet$ php program.php
Time: 11.9136 seconds.
Doesn't build on Windows:
C:\Users\Scott\.nuget\packages\peachpie.net.sdk\0.9.0-ci00687\build\Peachpie.NET.Core.Sdk.targets(148,5): error MSB3073: The command "dotnet compile-php @obj\Debug\netcoreapp2.0\compile-php-args.rsp" exited with code -532462766. [D:\dotnet\dotnet.msbuildproj]
As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement
for libsodium's crypto_box_seal() functionality. That is: Anonymous public-key encryption.
An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.
An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.