Skip to content

Instantly share code, notes, and snippets.

Scott paragonie-scott

Block or report user

Report or block paragonie-scott

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@paragonie-scott
paragonie-scott / cacert-2019-10-16.diff
Created Oct 23, 2019
Diff between cacert-2019-08-28.diff and cacert-2019-10-16.pem
View cacert-2019-10-16.diff
diff --git a/cacert-2019-08-28.pem b/cacert-2019-10-16.pem
index 65be218..edc5090 100755
--- a/cacert-2019-08-28.pem
+++ b/cacert-2019-10-16.pem
@@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
-## Certificate data from Mozilla as of: Wed Aug 28 03:12:10 2019 GMT
+## Certificate data from Mozilla as of: Wed Oct 16 03:12:09 2019 GMT
@paragonie-scott
paragonie-scott / js-php-encrypt.md
Last active Oct 22, 2019
String Encryption in JavaScript and PHP
View js-php-encrypt.md

Just for fun, let's encrypt some stuff in client-side JavaScript and have a PHP server decrypt it. Note that this will never replace TLS (HTTPS).

JavaScript Encryption with Sodium-Plus

You'll want the latest release of sodium-plus for this. (As of this writing, it's version 0.4.0.)

<script
  src="/static/js/sodium-plus.min.js"
  integrity="sha384-lv7SVE0eb0bXA3fgK6PwlhViiUwG6tBuMAhS8XX7RvBvyRcdEdJ8HKtFgs4vHTUh"
@paragonie-scott
paragonie-scott / cacert-2019-05-15.diff
Created May 15, 2019
Difference between cacert-2019-01-29.pem and cacert-2019-05-15.pem
View cacert-2019-05-15.diff
diff --git a/cacert-2019-01-23.pem b/cacert-2019-05-15.pem
index 09b4ce1..8e92f77 100755
--- a/cacert-2019-01-23.pem
+++ b/cacert-2019-05-15.pem
@@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
-## Certificate data from Mozilla as of: Wed Jan 23 04:12:09 2019 GMT
+## Certificate data from Mozilla as of: Wed May 15 03:12:09 2019 GMT
@paragonie-scott
paragonie-scott / google.diff
Created Mar 5, 2019
Very helpful, Google Chrome...
View google.diff
diff --git a/original.txt b/translated.txt
index 3ad4249..9cf4d1f 100755
--- a/original.txt
+++ b/translated.txt
@@ -1,151 +1,151 @@
import random
tests = [
- 'example',
- 'gcddegree',
@paragonie-scott
paragonie-scott / pbkdf2-symfony-polyfill.php
Created Oct 11, 2018 — forked from spaze/pbkdf2-symfony-polyfill.php
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
View pbkdf2-symfony-polyfill.php
<?php
function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
{
// Number of blocks needed to create the derived key
$blocks = ceil($length / strlen(hash($algorithm, null, true)));
$digest = '';
$length = strlen(hash($algorithm, '', true));
if (strlen($password) > $length) {
$password = hash($algorithm, $password, true);
}
View pbkdf2bench.php
<?php
define('BENCH_ROUNDS', 200);
$start = $stop = 0.0;
$salt = random_bytes(32);
$short = str_repeat("A", 16);
$medium = str_repeat("A", 65);
$long = str_repeat("A", 1 << 20);
$start = microtime(true);
@paragonie-scott
paragonie-scott / argon2id-bench.php
Created Oct 11, 2018
Updated argon2id-bench.php
View argon2id-bench.php
<?php
define('BENCH_ROUNDS', 200);
$start = $stop = 0.0;
$short = str_repeat("A", 16);
$long = str_repeat("A", 1 << 20);
$start = microtime(true);
for ($i = 0; $i < BENCH_ROUNDS; ++$i) {
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
View argon2id-bench.php
<?php
define('BENCH_ROUNDS', 100);
$start = $stop = 0.0;
$short = str_repeat("A", 16);
$long = str_repeat("A", 65535);
$start = microtime(true);
for ($i = 0; $i < BENCH_ROUNDS; ++$i) {
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
@paragonie-scott
paragonie-scott / README.md
Last active Jan 24, 2018
Peachpie Sodium_compat test/benchmarking scripts
View README.md
scott@paragonie-test:~/dotnet$ php program.php 
Time: 11.9136 seconds.

Doesn't build on Windows:

C:\Users\Scott\.nuget\packages\peachpie.net.sdk\0.9.0-ci00687\build\Peachpie.NET.Core.Sdk.targets(148,5): error MSB3073: The command "dotnet compile-php @obj\Debug\netcoreapp2.0\compile-php-args.rsp" exited with code -532462766. [D:\dotnet\dotnet.msbuildproj]
View sidh-seal.md

As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement for libsodium's crypto_box_seal() functionality. That is: Anonymous public-key encryption.

An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.

An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.

You can’t perform that action at this time.