Skip to content

Instantly share code, notes, and snippets.

Scott paragonie-scott

View GitHub Profile
@paragonie-scott
paragonie-scott / google.diff
Created Mar 5, 2019
Very helpful, Google Chrome...
View google.diff
diff --git a/original.txt b/translated.txt
index 3ad4249..9cf4d1f 100755
--- a/original.txt
+++ b/translated.txt
@@ -1,151 +1,151 @@
import random
tests = [
- 'example',
- 'gcddegree',
@paragonie-scott
paragonie-scott / pbkdf2-symfony-polyfill.php
Created Oct 11, 2018 — forked from spaze/pbkdf2-symfony-polyfill.php
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
View pbkdf2-symfony-polyfill.php
<?php
function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
{
// Number of blocks needed to create the derived key
$blocks = ceil($length / strlen(hash($algorithm, null, true)));
$digest = '';
$length = strlen(hash($algorithm, '', true));
if (strlen($password) > $length) {
$password = hash($algorithm, $password, true);
}
View pbkdf2bench.php
<?php
define('BENCH_ROUNDS', 200);
$start = $stop = 0.0;
$salt = random_bytes(32);
$short = str_repeat("A", 16);
$medium = str_repeat("A", 65);
$long = str_repeat("A", 1 << 20);
$start = microtime(true);
@paragonie-scott
paragonie-scott / argon2id-bench.php
Created Oct 11, 2018
Updated argon2id-bench.php
View argon2id-bench.php
<?php
define('BENCH_ROUNDS', 200);
$start = $stop = 0.0;
$short = str_repeat("A", 16);
$long = str_repeat("A", 1 << 20);
$start = microtime(true);
for ($i = 0; $i < BENCH_ROUNDS; ++$i) {
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
View argon2id-bench.php
<?php
define('BENCH_ROUNDS', 100);
$start = $stop = 0.0;
$short = str_repeat("A", 16);
$long = str_repeat("A", 65535);
$start = microtime(true);
for ($i = 0; $i < BENCH_ROUNDS; ++$i) {
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
@paragonie-scott
paragonie-scott / README.md
Last active Jan 24, 2018
Peachpie Sodium_compat test/benchmarking scripts
View README.md
scott@paragonie-test:~/dotnet$ php program.php 
Time: 11.9136 seconds.

Doesn't build on Windows:

C:\Users\Scott\.nuget\packages\peachpie.net.sdk\0.9.0-ci00687\build\Peachpie.NET.Core.Sdk.targets(148,5): error MSB3073: The command "dotnet compile-php @obj\Debug\netcoreapp2.0\compile-php-args.rsp" exited with code -532462766. [D:\dotnet\dotnet.msbuildproj]
View sidh-seal.md

As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement for libsodium's crypto_box_seal() functionality. That is: Anonymous public-key encryption.

An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.

An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.

@paragonie-scott
paragonie-scott / client.php
Last active Nov 18, 2017
Chronicle Test Client
View client.php
<?php
namespace ChronicleClient;
use GuzzleHttp\Client;
use ParagonIE\Chronicle\Chronicle;
use ParagonIE\ConstantTime\Base64UrlSafe;
use ParagonIE\Sapient\Adapter\Guzzle;
use ParagonIE\Sapient\CryptographyKeys\{
SigningPublicKey,
SigningSecretKey
@paragonie-scott
paragonie-scott / rsa-mult.php
Created May 24, 2017
RSA Encryption Homomorphism
View rsa-mult.php
<?php
/* Key generation */
$keypair = openssl_pkey_new([
"digest_alg" => "sha512",
"private_key_type" => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 1024
]);
$secret = null;
if (!openssl_pkey_export($keypair, $secret)) {
@paragonie-scott
paragonie-scott / autoload.php
Created May 14, 2017
defuse/php-encryption autoloader
View autoload.php
<?php
define('DEFUSE_CRYPTO_BASEDIR', __DIR__.'/src/');
/**
* PSR-4 compatible autoloader
*
*/
\spl_autoload_register(function ($class) {
// Project-specific namespace prefix
You can’t perform that action at this time.