Scott paragonie-scott

## crypto-wrong-answers.md

      
              1 file
            
          
              28 forks
            
          
              13 comments
            
          
              485 stars
            
          
                paragonie-scott
                / crypto-wrong-answers.md
            
            
              Last active
              April 21, 2024 23:48
            
              
                An Open Letter to Developers Everywhere (About Cryptography)
              
          
    Hello software developers,
Please check your code to ensure you're not making one of the following mistakes related to cryptography.
I. General Mistakes


Writing your own home-grown cryptography primitives (For example: Mifare Classic)

Exception: For the sake of learning, but don't deploy it in production.


Using a fast hash function (e.g. MD5, SHA256) for storing passwords. Use bcrypt instead.
Not using a cryptographically secure random number generator


## js-php-encrypt.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              5 stars
            
          
                paragonie-scott
                / js-php-encrypt.md
            
            
              Last active
              September 14, 2022 22:04
            
              
                String Encryption in JavaScript and PHP
              
          
    Just for fun, let's encrypt some stuff in client-side JavaScript and have a PHP server decrypt it. Note that this will never replace TLS (HTTPS).
JavaScript Encryption with Sodium-Plus

You'll want the latest release of sodium-plus for this. (As of this writing, it's version 0.4.0.)
<script
  src="/static/js/sodium-plus.min.js"
 integrity="sha384-lv7SVE0eb0bXA3fgK6PwlhViiUwG6tBuMAhS8XX7RvBvyRcdEdJ8HKtFgs4vHTUh"


## autoload.php
<?php

define('DEFUSE_CRYPTO_BASEDIR', __DIR__.'/src/');

/**
 * PSR-4 compatible autoloader
 *
 */
\spl_autoload_register(function ($class) {
    // Project-specific namespace prefix

## rsa-encrypt.php
<?php

$publicKey = openssl_pkey_get_public('
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7o9A47JuO3wgZ/lbOIOs
Xc6cVSiCMsrglvORM/54StFRvcrxMi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xO
hgTmdMJcBWolQ85acfAdWpTpCW29YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQm
HiTG/+bYaegSXzV3YN+Ej+ZcocubUpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwg
TTxU/B8xmvMsToBQpAbe+Cv130tEHsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mS
UbUYN6PmMry35wCaFCfQoyTDUxBfxTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8d

## jose-security.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              10 stars
            
          
                paragonie-scott
                / jose-security.md
            
            
              Last active
              June 12, 2020 11:32
            
              
                Suggestions for a Secure JOSE Alternative (or Protocol Upgrade)
              
          
    Changes to JOSE that will prevent insecurity

Deletions

JWS and JWE

Drop the alg header

Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.

  
## gist:c7a73fd0f759e451cf07
function secure_rand(min, max) {
    var rval = 0;
    var range = max - min;
    if (range < 2) {
        return min;
    }

    var bits_needed = Math.ceil(Math.log2(range));
    if (bits_needed > 53) {
      throw new Exception("We cannot generate numbers larger than 53 bits.");

## SVG Fails.md

      
              1 file
            
          
              0 forks
            
          
              5 comments
            
          
              5 stars
            
          
                paragonie-scott
                / SVG Fails.md
            
            
              Last active
              May 8, 2020 03:49
            
              
                image/svg+xml considered harmful: an open letter to member-svg-media-type@w3.org
              
          
    Update

Filed an issue to address this particular concern.
Thanks joepie91 for finding the folks responsible and getting the conversation started.

Currently, SVG is a security foot-cannon that allows attackers to upload a Stored XSS payload when a user views the image directly. Example.

  
## cacert-2019-10-16.diff
diff --git a/cacert-2019-08-28.pem b/cacert-2019-10-16.pem
index 65be218..edc5090 100755
--- a/cacert-2019-08-28.pem
+++ b/cacert-2019-10-16.pem
@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Wed Aug 28 03:12:10 2019 GMT
+## Certificate data from Mozilla as of: Wed Oct 16 03:12:09 2019 GMT

## JWTKiller.php
<?php
declare(strict_types=1);

use ParagonIE\ConstantTime\Base64UrlSafe;

class JWTKiller
{
    public static function sign(string $message, Key $key): string
    {
        $mac = sodium_crypto_auth($message, $key->getRaw());

## cacert-2019-05-15.diff
diff --git a/cacert-2019-01-23.pem b/cacert-2019-05-15.pem
index 09b4ce1..8e92f77 100755
--- a/cacert-2019-01-23.pem
+++ b/cacert-2019-05-15.pem
@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Wed Jan 23 04:12:09 2019 GMT
+## Certificate data from Mozilla as of: Wed May 15 03:12:09 2019 GMT
	<?php

	define('DEFUSE_CRYPTO_BASEDIR', __DIR__.'/src/');

	/**
	* PSR-4 compatible autoloader
	*
	*/
	\spl_autoload_register(function ($class) {
	// Project-specific namespace prefix
	<?php

	$publicKey = openssl_pkey_get_public('
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7o9A47JuO3wgZ/lbOIOs
	Xc6cVSiCMsrglvORM/54StFRvcrxMi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xO
	hgTmdMJcBWolQ85acfAdWpTpCW29YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQm
	HiTG/+bYaegSXzV3YN+Ej+ZcocubUpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwg
	TTxU/B8xmvMsToBQpAbe+Cv130tEHsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mS
	UbUYN6PmMry35wCaFCfQoyTDUxBfxTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8d
	function secure_rand(min, max) {
	var rval = 0;
	var range = max - min;
	if (range < 2) {
	return min;
	}

	var bits_needed = Math.ceil(Math.log2(range));
	if (bits_needed > 53) {
	throw new Exception("We cannot generate numbers larger than 53 bits.");
	diff --git a/cacert-2019-08-28.pem b/cacert-2019-10-16.pem
	index 65be218..edc5090 100755
	--- a/cacert-2019-08-28.pem
	+++ b/cacert-2019-10-16.pem
	@@ -1,7 +1,7 @@
	##
	## Bundle of CA Root Certificates
	##
	-## Certificate data from Mozilla as of: Wed Aug 28 03:12:10 2019 GMT
	+## Certificate data from Mozilla as of: Wed Oct 16 03:12:09 2019 GMT
	<?php
	declare(strict_types=1);

	use ParagonIE\ConstantTime\Base64UrlSafe;

	class JWTKiller
	{
	public static function sign(string $message, Key $key): string
	{
	$mac = sodium_crypto_auth($message, $key->getRaw());
	diff --git a/cacert-2019-01-23.pem b/cacert-2019-05-15.pem
	index 09b4ce1..8e92f77 100755
	--- a/cacert-2019-01-23.pem
	+++ b/cacert-2019-05-15.pem
	@@ -1,7 +1,7 @@
	##
	## Bundle of CA Root Certificates
	##
	-## Certificate data from Mozilla as of: Wed Jan 23 04:12:09 2019 GMT
	+## Certificate data from Mozilla as of: Wed May 15 03:12:09 2019 GMT