Outils pour utilisateurs

Outils du site


informatique:crypto

Cryptographie

For asymmetric encryption, use elliptical curve cryptography (ECC) with a secure curve such as Curve25519 as a preferred algorithm. If ECC is not available and RSA must be used, then ensure that the key is at least 2048 bits. Lire plus sur Cryptographic Storage Cheat Sheet de l'OWASP.

Comparaison des longueurs de clés entre algo symétriques et asymétriques:

Symmetric key algorithm Comparable RSA key length Comparable hash function Bits of security
2TDEA* 1 024 SHA-1 80
3TDEA 2 048 SHA-224 112
AES-128 3 072 SHA-256 128
AES-192 7 680 SHA-384 192
AES-256 15 360 SHA-512 256

* 2TDEA is 2-key triple DES

Logarithme discret: Digital Signature Algorithm (DSA), Schnorr, ElGamal.

Recommandations:

  • Utiliser un algorithme reconnu et sûr selon la CNIL (consulté le 2023-08-06)
    • SHA-256, SHA-512 ou SHA-3 comme fonction de hachage ;
    • HMAC utilisant SHA-256, bcrypt, scrypt ou PBKDF2 pour stocker les mots de passe;
    • AES ou AES-CBC pour le chiffrement symétrique ;
      • clé >= 128 bits
    • RSA-OAEP comme défini dans PKCS#1 v2.1 pour le chiffrement asymétrique ;
      • clés >= 2048 bits
    • enfin, pour les signatures, RSA-SSA-PSS comme spécifié dans PKCS#1 v2.1.
  • Préférer un mode opératoire avec authentification
    • AES-GCM : Le mode Galois/compteur (GCM) combine le mode de chiffrement de compteur avec le mode d'authentification Galois.
    • AES-CBC-MAC

Outil qui présente les recommandations de différentes organisations internationales: https://www.keylength.com/

Tools

Softwares

Keepass

Another open source password manager, this looks like one to watch : /informatique/KeePass.

Picocrypt

https://github.com/HACKERALERT/Picocrypt

Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files.

Libraries

Web Crypto API

Implémente 4 algorithmes:

  • Asymétrique
    • RSA OAEP (Optimal Asymmetric Encryption Padding)
  • Symétrique
    • AES-CTR (Counter Mode)
    • AES-CBC (Cipher Block Chaining)
    • AES-GCM (Galois/Counter Mode)
      • GCM is an “authenticated” mode, which means that it includes checks that the ciphertext has not been modified by an attacker.
  • ECDSA, HMAC ??? pas dans le sommaire mais trouvé sur certaines pages.

Ne fonctionne pas en HTTP, seulement en HTTPS.

Web Crypto API Browser compatibility. Compatible avec tous les navigateurs depuis 2013-2017 selon les fonctions.

Implémentation en Vanilla JS:

Javascript Crypto Library

http://sourceforge.net/projects/clipperzlib/, http://www.clipperz.com/open_source/javascript_crypto_library

The Javascript Crypto Library presently includes:

  • the fastest AES-256;
  • the only available Javascript implementation of:
    • Fortuna, a strong pseudo-random number generator;
    • SRP, the verifier-based authentication protocol;
  • a robust and efficient SHA-2 hash function.

Tom Wu

CryptoJS

https://cryptojs.gitbook.io/docs/

https://github.com/sytelus/CryptoJS : This repo is straight unmodified-in-any-way copy of Google Code hosted CryptoJS project at https://code.google.com/p/crypto-js/ .

DigitalBazaar

https://github.com/digitalbazaar/forge/blob/master/README

AES, MD5, SHA1, SHA256, HMAC, pkcs5.pbkdf2, PRNG, ASN.1 DER encoding and decoding, X509 encoding & decoding, TLS, and more …

(en vrac) Preferred Encryption and Password Protection - 2005 Member Choice

http://www.dslreports.com/faq/13217

(Archived) Preferred Encryption and Password Protection - 2005 Member Choice (#13217)

A poll recently conducted in our Software Forum yielded these results:

• One of the more common options for encryption, and our number one choice is to use the resources that are already available to you. Some operating systems such as Windows XP Professional have an encrypting file system built right in. Linux and Unixes can also do this as well, though doing so is beyond the scope of this FAQ entry and you should consult resources related to those systems.

A simple guide for users of Windows XP Professional is available. Here: »www.practicalpc.co.uk/computing/···ypt1.htm

Microsoft TechNet has some excellent resources related to the Encrypting File System built into Windows XP Professional and above. Here: »www.microsoft.com/technet/prodte···tfs.mspx

Another popular solution available on multiple platforms is PGP and applications that can handle it. You should be able to find software that handles PGP regardless of what operating system you're running.

•PGP Desktop and other PGP products »www.pgp.com/

• GNUPG

From the website: »www.gnupg.org/

GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

»macgpg.sourceforge.net/ - Mac GPG

• CTC

Seems to be a collection of libraries, may be of use to developers out there.

From the website: CTC is a collection freeware PGP-interoperable encryption software package developed by Ian Miller and Mr. Tines. CTC does not stand for anything; it is Rot13(“PGP”).

»www.bifroest.demon.co.uk/ctc/

•Secure Data Manager (SDM)

»sdm.sourceforge.net/

The SDM application was created to help you manage your passwords and other private information for web sites, computers, contacts, and other programs within one secure application. A fully functional, open source, free, password manager! No limit or restrictions to the application. We are currently using SunJCE crypto (specifically DES 56-bit encryption with a 1024 bit MD5 hash algorithm)

•Password Generator

Many of these are available including some on the web, you are recommended using on of these to prevent against brute force attacks. Some of these include:

»www.winguides.com/security/password.php »www.multicians.org/thvv/gpw.html »www.angel.net/~nic/passwd.html »www.adel.nursat.kz/apg/ »www.buttuglysoftware.com/

• AxCrypt

»axcrypt.sourceforge.net/

AxCrypt File Encryption Software - Free Personal Privacy and Security for Windows 95/98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application.

• Windows Privacy Tools

»winpt.sourceforge.net/en/

Windows Privacy Tools (WinPT) is a collection of multilingual applications for easy digital encryption and signing of content.

• SecureIT

Protect all your files individually. Secure IT is an easy to use, feature packed, file encryption program based on 448-bit strong encryption using the Blowfish algorithm. It includes a powerful, customizable file shredder, and the ability to generate self decrypting email attachments, allowing the user to send encrypted email to anyone - the recipient does not need to have a copy of the program.

»www.cypherix.co.uk/secureit2000/ »www.cypherix.co.uk/prods.htm

• TrueCrypt

»www.truecrypt.org/

Free open-source disk encryption software for Windows XP/2000/2003 Main Features:

* It can create a virtual encrypted disk within a file and mount it as a real disk.

* It can encrypt an entire hard disk partition or a device, such as USB memory stick, floppy disk, etc.

• CompuSec at Home

Website was unavailable at the time of this writing, if it is up in the future a free version of Compusec should be available on the following page.

»www.ce-infosys.com.sg/CeiNews_Fr···uSec.asp

• Blowfish Advanced CS

»www.lassekolb.info/bfacs.htm

• BcArchive

»www.jetico.com/index.htm

• Zero Footprint Crypt

»www.snapfiles.com/get/zerofoot.html

•Cryptainer LE

Creates an encrypted container (vault) to store any type of data.

»www.cypherix.com/cryptainerle/

• Password Depot

Commercial password manager, looks rather interesting.

»www.password-depot.com/

• Password Safe

Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). An older (but fully functional) version is available for PocketPC. Linux/Unix clones that use the same database format have also been written.

»passwordsafe.sourceforge.net/

• Max Crypt

»www.kinocode.com/maxcrypt.htm

• Private Disk Light »www.dekart.com/products/file&dis···k_light/

• Any Password

Another free password manager

»www.romanlab.com/apw/

• Fine Crypt

»www.finecrypt.net/

•Crypto-lock

Crypto-Lock is a File Protector that allows you to restrict access to your executable files (programs) and other type of files as well. The program uses the SHA-1 and Blowfish algorithms and can produce either self-decrypting files or encrypted modules. You can optionally select to create a backup copy of the original file.

»www.snapfiles.com/get/cryptolock.html

• Cryptosuite

CryptoSuite is an easy to use, but extremely secure encryption software package for Windows operating systems (Windows 98/ME/2000/XP/2003).

»www.ghostsecurity.com/index.php?···ptosuite

• Oubliette

Oubliette is easily one of the most feature-packed password managers available. »www.tranglos.com/free/oubliette.html

• Cryptext

Sometimes you'd just rather not share your files with anyone. Install this freeware, right-click on any file, and encrypt it using a 160-bit key. It uses a combination of SHA-1 and RC4 cryptographic algorithms to encrypt files, and generates a value to ensure that no two files are encrypted with the same keystream. This shell extension is available in English, French, German, Spanish, and Portuguese versions.

» www.pcworld.com/downloads/file_d···1,00.asp

• Archiving tools

Archiving tools can provide a moderate amount of data protection but one should be aware that they are not in generally safe and there are tools that exist to break the passwords.

»www.rarlab.com/ »www.winzip.com »www.elcomsoft.com/azpr.html »www.elcomsoft.com/arpr.html

• Roboform

Roboform is the top-rated Password Manager and Web Form Filler that completely automates password entering and form filling. RoboForm was named PC Magazine Editor's Choice, and CNET Download.com's Software of the Year.

• DriveCrypt

1344 bit hard disk encryption software. It uses virtual container as well as partition encryption and can hide data into music files.

»www.securstar.com/

• eWallet

»www.iliumsoft.com/site/ew/ewallet.htm

• Steganos Security Suite

How does Steganos Security Suite work?

Steganos Security Suite is a perfectly integrated package based on security programs developed over time.

From the user-friendly central monitoring area you can access all programs by clicking the mouse. And naturally Steganos Security Suite is as simple to use as all other Steganos programs.

»www.steganos.com

*Note: All links verified as of 09/30/05

informatique/crypto.txt · Dernière modification : 06/08/2023 14:40 de cyrille

Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki