informatique:crypto
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteProchaine révisionLes deux révisions suivantes | ||
informatique:crypto [02/05/2011 22:32] – [Cryptographie] cyrille | informatique:crypto [06/08/2023 14:25] – [Cryptographie] cyrille | ||
---|---|---|---|
Ligne 2: | Ligne 2: | ||
* [[http:// | * [[http:// | ||
- | * [[/ | + | * Php & openssl benchmark https:// |
+ | * RSA: [[/ | ||
+ | * DSA: [[/ | ||
+ | * Schnorr: [[/ | ||
* [[/ | * [[/ | ||
* [[/ | * [[/ | ||
- | ===== RSA ===== | + | For asymmetric encryption, use elliptical curve cryptography (ECC) with a secure curve such as Curve25519 as a preferred algorithm. If ECC is not available and RSA must be used, then ensure that the key is at least 2048 bits. Lire plus sur [[https:// |
- | * di-mgt.com.au, | + | Comparaison des longueurs |
- | * cryptosec.org, | + | ^ Symmetric key algorithm ^ Comparable |
+ | | 2TDEA* | 1 024 | SHA-1 | 80 | | ||
+ | | 3TDEA | 2 048 | SHA-224 | | ||
+ | | AES-128 | | ||
+ | | AES-192 | | ||
+ | | AES-256 | | ||
+ | //***** 2TDEA is 2-key triple DES// | ||
- | ==== RSA en Javascript ==== | + | Logarithme discret: Digital Signature Algorithm (DSA), Schnorr, ElGamal. |
- | Implémentation du BigInt et RSA : | + | **Recommandations:** |
- | * [[http://www-cs-students.stanford.edu/~tjw/jsbn/|Tom Wu]] ({{: | + | * Utiliser un algorithme reconnu et sûr selon la [[https://www.cnil.fr/fr/securite-chiffrer-garantir-lintegrite-ou-signer|CNIL]] (//consulté le 2023-08-06//) |
- | * [[http://ohdave.com/rsa/|Dave Shapiro]] ({{: | + | * SHA-256, SHA-512 ou SHA-3 comme fonction de hachage ; |
+ | * HMAC utilisant SHA-256, bcrypt, scrypt ou PBKDF2 pour stocker les mots de passe; | ||
+ | * AES ou AES-CBC pour le chiffrement symétrique ; | ||
+ | * clé >= 128 bits | ||
+ | * RSA-OAEP comme défini dans PKCS#1 v2.1 pour le chiffrement asymétrique ; | ||
+ | * clés >= 2048 bits | ||
+ | * enfin, pour les signatures, RSA-SSA-PSS comme spécifié dans PKCS#1 v2.1. | ||
+ | * Préférer un mode opératoire avec authentification | ||
+ | * AES-GCM : Le mode [[https://fr.wikipedia.org/wiki/Mode_d%27op%C3%A9ration_(cryptographie)# | ||
+ | * AES-CBC-MAC | ||
- | ==== .Net RSA Parameters | + | ===== Tools ===== |
- | RSAParameters Structure ([[http:// | + | ==== Softwares ==== |
- | ^ RSAParameters field ^ Contains ^ Corresponding PKCS #1 field ^ | + | |
- | | D | d, the private exponent | privateExponent | | + | |
- | | DP | d mod (p - 1) | exponent1 | | + | |
- | | DQ | d mod (q - 1) | exponent2 | | + | |
- | | Exponent | e, the public exponent | publicExponent | | + | |
- | | InverseQ | (InverseQ)(q) | + | |
- | | Modulus | n | modulus | | + | |
- | | P | p | prime1 | | + | |
- | | Q | q | prime2 | | + | |
+ | === Keepass === | ||
- | <code csharp> | + | Another open source password manager, this looks like one to watch : [[/informatique/ |
- | int dwKeySize = 384 ; | + | |
- | bool exportPrivateKey = true ; | + | |
- | RSACryptoServiceProvider rsa = new RSACryptoServiceProvider( dwKeySize ); | + | |
- | using( StreamWriter sw = new StreamWriter( " | + | |
- | { | + | |
- | | + | |
- | | + | |
- | } | + | |
- | </code> | + | |
- | Format .Net System.Security.Cryptography.RSACryptoServiceProvider.ToXmlString() : | + | === Picocrypt === |
- | Private: | + | https://github.com/HACKERALERT/Picocrypt |
- | <code xml> | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | </ | + | |
- | </ | + | |
- | Public only: | + | |
- | <code xml> | + | |
- | < | + | |
- | < | + | |
- | < | + | |
- | </ | + | |
- | </ | + | |
- | ===== Preferred Encryption and Password Protection - 2005 Member Choice | + | Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. |
+ | |||
+ | ==== Libraries | ||
+ | |||
+ | === Web Crypto API === | ||
+ | |||
+ | Implémente 4 algorithmes: | ||
+ | * Asymétrique | ||
+ | * RSA OAEP (Optimal Asymmetric Encryption Padding) | ||
+ | * Symétrique | ||
+ | * AES-CTR (Counter Mode) | ||
+ | * AES-CBC (Cipher Block Chaining) | ||
+ | * AES-GCM (Galois/ | ||
+ | * **GCM is an " | ||
+ | |||
+ | **Ne fonctionne pas en HTTP**, seulement en HTTPS. | ||
+ | |||
+ | Web Crypto API [[https:// | ||
+ | |||
+ | Implémentation en Vanilla JS: | ||
+ | * https:// | ||
+ | * lire "Known issues" | ||
+ | |||
+ | === Javascript Crypto Library === | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | The Javascript Crypto Library presently includes: | ||
+ | |||
+ | * the fastest AES-256; | ||
+ | * the only available Javascript implementation of: | ||
+ | * Fortuna, a strong pseudo-random number generator; | ||
+ | * SRP, the verifier-based authentication protocol; | ||
+ | * a robust and efficient SHA-2 hash function. | ||
+ | |||
+ | === Tom Wu === | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | BigInteger & RSA | ||
+ | |||
+ | === CryptoJS === | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | === DigitalBazaar === | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | AES, MD5, SHA1, SHA256, HMAC, pkcs5.pbkdf2, | ||
+ | |||
+ | |||
+ | ==== (en vrac) Preferred Encryption and Password Protection - 2005 Member Choice ==== | ||
http:// | http:// | ||
Ligne 162: | Ligne 197: | ||
»www.jetico.com/ | »www.jetico.com/ | ||
- | • PicoCrypt | ||
- | |||
- | It is a small and extremely fast encryption utility that uses Blowfish encryption algorithm in CBC mode. It is easy to use and support multiple files drag-and-drop. In addition, it is portable, you can put it on your USB memory stick and run it anywhere you go! Very useful for users who want to keep their document secure on their computer or transfer over Internet using unsecure channel. | ||
- | |||
- | »www.picofactory.com/ | ||
• Zero Footprint Crypt | • Zero Footprint Crypt | ||
Ligne 218: | Ligne 248: | ||
»www.ghostsecurity.com/ | »www.ghostsecurity.com/ | ||
- | |||
- | • Keepass | ||
- | |||
- | Another open source password manager, this looks like one to watch. | ||
- | |||
- | »keepass.sourceforge.net/ | ||
• Oubliette | • Oubliette | ||
Ligne 229: | Ligne 253: | ||
Oubliette is easily one of the most feature-packed password managers available. | Oubliette is easily one of the most feature-packed password managers available. | ||
»www.tranglos.com/ | »www.tranglos.com/ | ||
- | |||
- | • CrypBox | ||
- | |||
- | Securely stores sensitive data on your | ||
- | Palm OS handheld and desktop PC. Data is | ||
- | encrypted to keep it safe from prying eyes. | ||
- | |||
- | »www.portableprojects.com/ | ||
• Cryptext | • Cryptext | ||
Ligne 242: | Ligne 258: | ||
Sometimes you'd just rather not share your files with anyone. Install this freeware, right-click on any file, and encrypt it using a 160-bit key. It uses a combination of SHA-1 and RC4 cryptographic algorithms to encrypt files, and generates a value to ensure that no two files are encrypted with the same keystream. This shell extension is available in English, French, German, Spanish, and Portuguese versions. | Sometimes you'd just rather not share your files with anyone. Install this freeware, right-click on any file, and encrypt it using a 160-bit key. It uses a combination of SHA-1 and RC4 cryptographic algorithms to encrypt files, and generates a value to ensure that no two files are encrypted with the same keystream. This shell extension is available in English, French, German, Spanish, and Portuguese versions. | ||
- | »www.pcworld.com/ | + | » www.pcworld.com/ |
• Archiving tools | • Archiving tools |
informatique/crypto.txt · Dernière modification : 06/08/2023 14:40 de cyrille