5 Way HAND https://is.gd/ECH_TLS : AES AlaML-KEM Falcon DES5 00:33 20/10/2024 - 2018 Rupert S
in reference to :
*
ID-Matrix-dev-random - AnonCRT - Generating public keys involving matrix operations
https://is.gd/MatrixGenID
In this example a Matrix M² is used with dev/random to develop a certificate ID of anonymous nature..
The common attribute is that dev/random & attached data are used to generate a key ID, Personal & Server,
Usage such as CC cards, ID & Radio or mobile data & wifi..
The principles of the cert chain!
RS
https://is.gd/ECH_TLS
*
While it is easy to inside crack an RSA on a 300 point Quantum computer worth an estimated 2 Billion $,
It is not that easy for the gamer or crack-ware
DT 'All-serious gamer', Rupert "The-All-Effort"
*
The first effort: RS
(Client or Server) : Compression
Speed of course! & Bandwidth...
https://csrc.nist.gov/Projects/block-cipher-techniques
https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8459.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
ECH first, Client interactions with server (DNS is first though)
https://developers.cloudflare.com/ssl/edge-certificates/ech/
https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/
PSK & Updating DNS Security Profile
https://datatracker.ietf.org/doc/draft-eastlake-dnsop-rfc2930bis-tkey/
PSK & Updating DNS Security in use
https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/
Logging keys leads to debugging & Kracks in the wall with eyes
https://datatracker.ietf.org/doc/draft-ietf-tls-ech-keylogfile/
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
related to
Also https://www.logitech.com/content/dam/logitech/en/business/pdf/logi-bolt-white-paper.pdf
ASCON may be right for you, If you are in IOT & can barely breath on 33mhz https://is.gd/DictionarySortJS
PSK, ML-KEM, AES
https://is.gd/ECH_TLS
https://is.gd/KeyBitSecurity
https://is.gd/AES_Strengths
https://science.n-helix.com/2022/03/ice-ssrtp.html
https://science.n-helix.com/2024/10/ecc.html
https://science.n-helix.com/2024/10/tls.html
RS
https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8459.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
ECH first, Client interactions with server (DNS is first though)
https://developers.cloudflare.com/ssl/edge-certificates/ech/
https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/
PSK & Updating DNS Security Profile
https://datatracker.ietf.org/doc/draft-eastlake-dnsop-rfc2930bis-tkey/
PSK & Updating DNS Security in use
https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/
Logging keys leads to debugging & Kracks in the wall with eyes
https://datatracker.ietf.org/doc/draft-ietf-tls-ech-keylogfile/
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
related to
Also https://www.logitech.com/content/dam/logitech/en/business/pdf/logi-bolt-white-paper.pdf
ASCON may be right for you, If you are in IOT & can barely breath on 33mhz https://is.gd/DictionarySortJS
PSK, ML-KEM, AES
https://is.gd/ECH_TLS
https://is.gd/KeyBitSecurity
https://is.gd/AES_Strengths
https://science.n-helix.com/2022/03/ice-ssrtp.html
https://science.n-helix.com/2024/10/ecc.html
https://science.n-helix.com/2024/10/tls.html
*
ID-Matrix-dev-random - AnonCRT - Generating public keys involving matrix operations
https://is.gd/MatrixGenID
In this example a Matrix M² is used with dev/random to develop a certificate ID of anonymous nature..
The common attribute is that dev/random & attached data are used to generate a key ID, Personal & Server,
Usage such as CC cards, ID & Radio or mobile data & wifi..
The principles of the cert chain!
RS
https://is.gd/ECH_TLS
*
RSA 2048 + ECC Chaining, I would like to be clear RSA 2048 is 4x the certificate ECC 384 Certs are with ECC included in RSA Protocols,
While it is easy to inside crack an RSA on a 300 point Quantum computer worth an estimated 2 Billion $,
It is not that easy for the gamer or crack-ware
DT 'All-serious gamer', Rupert "The-All-Effort"
*
The first effort: RS
(Client or Server) : Compression
Speed of course! & Bandwidth...
Common use of compression speeds up the internet, The list is (with directories) : LSTD, Brotli-G, GZip, Deflate
The first principle to bear in mind for certificates is that most code will not repeat very often..
However ECC is a curve & if you know your own? You can compress it!
Bear in mind that prefetching a curve tells others, You may have it (client or server)
A common principle of the data hoarder like a certificate server is space! Space costs money! & Time..
Common things to compress? Almost everything!
Key Points:
Compression Techniques:
LSTD, Brotli-G, GZip, Deflate:
These are common compression algorithms used to reduce file size and improve transmission speed.
Certificate Compression:
ECC Curve Compression:
By knowing the specific curve used; Compression can be applied to reduce storage and transmission overhead.
Prefetching Considerations:
Prefetching a curve can signal its availability to others; Which can have security implications.
Space Optimization:
Compressing certificates and other data can reduce storage requirements.
Time Efficiency:
Compression can speed up data transfer and processing.
Complexity of Certificate Compression:
Implementing certificate compression can be complex and requires careful consideration of cryptographic algorithms and security protocols.
While compression improves efficiency, it potentially creates risk,
Compression can make data more susceptible to certain attacks.
Rupert S
*
Firstly Secure Encrypted DNS exists, Secondly Cloud DNS Exists..
So location is not ID! or IP..
As stated in this document PSK Early Secret extraction is less of a problem for the following reasons:
Similar strings of length as pointed out by the NIST recommended passwords?
Memory but also compression!
Complexity is an object.. Hard to compress, Hard to remember & recall! But not impossible...
But later yes? When we know things about what we want..
Compressed secrets are low latency quick sends!
You have to bear in mind that PSK slope or PSK Escalation? Yes that is where you move onto more complex strings!
Bear in mind that early adoption of a pool of Random strings.. Takes space in a DNS or server Cloud Host archive!
Quick string PSK is a highly compressible and undeniably hackable version..
However our aim is the following:
UDP is pseudo-random
TCP is logical
Under these conditions & in a tunnel; PSK Compression on first ETA.. Is a clear clean 0 to 60 (in car terms),
Fast & Furious is our moto!
RS
*
Exposing a 64Bit, 80Bit, 128Bit key to the wind? Special requirements
ASCON versions have appeared to support PQC Light, So you know there is potential!
Military Air & Navy recommend 128 Bit PSK, Really some craft have computers big enough for 64 Bit,
64Bit is not ideal; But in the limited exposure field of Landing; Docking & Traveling over 4KM²; 64Bit still holds ground!
With special encryption: ECC & DES3/4/5 Mode : AES, ASCON, ...
The relevance of specialist encryption techniques, Described by the Light Encryption category :
https://csrc.nist.gov/Projects/lightweight-cryptography/finalists
Light Cryptography specialised as : ECC Mode { Insert mode here } : { Bit Depth }
We have potential!
PSK EHDSA
*
https://csrc.nist.gov/Projects/lightweight-cryptography/finalists
https://csrc.nist.gov/Projects/post-quantum-cryptography/publications
Option 1:
Delivering a Key Ramp..
Simple 8Bit key with high compression ratio first ? Data latency allows unnoticeable first key with LSTD Compression
8Bit PSK
It should be reasonable to assume that an 8 digit PSK is 8Bit or 16Bit with UTF-8,
Next delivery of either a 64Bit, 128Bit PSK.. An exchange of 64Bit PSK from client & 128Bit from server?
Potentially dual encryption..
Low complexity hardware
Both directions Key Encrypted Data.
PSK Pre Share Key (through DNS, Preferable Auto from Registered DNS & Cloud Provider)
PSK Key pool delivers key on first contact to server,
PSK Key length escalation, Thoughts..
4 Key DES is in principle the timed exchange ok keys, Now as you know with ECH Enhanced Client Hello (Cloudflare - NIST - Standards W3 - RS),
As you may know an open secret is exchanged first before a security certificate; The exchange protocol:
Exchange protocol:
Preliminary contact protocol:
Escalating Ramp:
Modes suitable for DNS, 0.8us exposure
8Bit }
16Bit }
32Bit } shared many key
Secondary key generation
64Bit }
128Bit }
256Bit }
512Bit } Multiples for ECC, DES3/4/5 Mode
Rupert S
It shall be known that with ECC, AES delivers a time related encoding
Option 1+2: The Key Exchange
Next delivery of either a 64Bit, 128Bit PSK.. An exchange of 64Bit PSK from client & 128Bit from server?
Potentially dual encryption..
Low complexity hardware
On existence of a key
Dilithium, Falcon Key delivery
The client shall receive a key for deliveries to server, Potent /dev/random Key..
Server shall deliver a reception key to server verified certificate..
The Client & Server have their own origin certificate..
If Without a personal key; The client shall have a cooky key from dev/random key creation or a client pool!
If the client has a personal Cooky Key hash or a Client Key, Server shall be in reception of encrypted data..
Both directions Key Encrypted Data.
Reference: https://is.gd/ECH_TLS
Rupert S
*
ECC & DES3/5
Insertion of certificate verified key exchange with verified return stub key (verified against contact key)
3 to 5 minute timed; multiple /dev/RND stub key exchanges to change pattern..
Variable 3 Port timed; 1 to 3 ports transmission from source to end point,
To stop port flooding, single arrival port.
Exchanges between server & client to involve multi round pollinated STUB Certificate exchange & use.
ECC & DES3/5
Represents Stub Certificate exchange:
----+++++-----+++++---
-----++---+++---+++---
++++---+++---+++---+++
Rupert S
*
The provided text outlines a proposed key exchange protocol that leverages ECC and AES for enhanced security and flexibility.
Here's a breakdown of the key components:
Preliminary Contact and Key Establishment:
PSK (Pre-Shared Key): A shared secret is established between the client and server using DNS or a cloud provider.
Key Length Escalation: The PSK length can be increased over time to enhance security.
ECC and AES: ECC is used for key exchange, while AES is used for symmetric encryption.
Key Delivery and Encryption:
Option 1: Key Ramp:
A simple 8-bit key with high compression is initially exchanged.
Subsequent exchanges involve larger keys (e.g., 64-bit, 128-bit) to strengthen security.
Dual encryption can be considered for added protection.
Option 2: Dilithium or Falcon:
The client receives a key from /dev/urandom for sending data to the server.
The server delivers a reception key to the client, verified against the server's certificate.
If the client doesn't have a personal key, it uses a cookie key or a client pool key.
Stub Certificate Exchange:
A mechanism is proposed to periodically exchange stub certificates for added security.
This involves multiple /dev/urandom key exchanges and transmission through variable ports to prevent port flooding.
Key Points and Considerations:
The protocol aims to provide a secure and flexible key exchange solution.
It incorporates ECC for key exchange and AES for encryption, offering a strong combination.
The option to use Dilithium or Falcon for key delivery provides additional flexibility.
The stub certificate exchange mechanism adds a layer of security by periodically changing the keys.
Potential Improvements:
Additional Security Measures: Perfect forward secrecy (PFS) to protect against compromise of long-term keys.
Performance Optimization: Evaluate the performance impact of the proposed protocol, especially in terms of latency and computational overhead.
Compatibility: Ensure compatibility with existing standards and protocols to facilitate widespread adoption.
Overall, the proposed key exchange protocol presents a promising approach that combines ECC, AES, and additional security mechanisms..
By addressing the identified areas for improvement, It can potentially contribute to a more secure and robust communication environment.
RS
Session EEC/RSA/AES/Encryption Key Connection Protector - Certificate (c)RS + Reward welcome
The 1024/2048/4096 cert spawns the EEC cert pair as elliptic Curves based on the primary...
the curve cert is responding through TLS and QUIC to the eec key,
Formed temporarily from the local public key & or user certificate!
The computation of verification comes from the ability of the connection,
To provide several versions of the certificates EEC temporary cert (lasts one hour for example)
multiple EEC cert variants all come from a common root cert,
Therefore the server and user can talk enciphering both ways in a complex manner,
That is complex to spy upon.
The same methodology produces verifiable source certificates of sizes 512 to 8192(For example)
That can then do RSA and AES and other cyphers from larger base certificates,
Also same size hashed & cyphered Cryptographic pairs.
Hence the use of a hidden session cooky :
(AES:RSA Encrypted and temporarily anonymously IP Locked - refreshed on ip change (for ISP changes to ip)
This is very important, also user anonymous certificates! equates a temporary,
Subcert & session ECC Elliptic Curve
Such is the way that a local P11 Connection can make a local temp session EEC Elliptic RSA AES
(Copyright) Rupert S
https://science.n-helix.com/
I suggest the cloud UID for verification HMAC or a constant sent to the user per day/Session..
Frankly if the code AES we use is in plain script people could spy it..
I think spies do spy cookies & they do steal logins this way!
HMAC the AES of the UID code or send an AES/HMAC code inside a personal JS,
That echo's the cloud key for decryption; A Worker..
The communication with the server JS Security Encipher would most certainly..
Make hacking the Security EEC Server Certificate communications very hard to accomplish.
Cloud edge JS Encode to a local worker & from the local worker to edge & server.
The process in called Dual Edge Encrypt Factor : DE²F
Interesting code for security https://developers.cloudflare.com/workers/examples/signing-requests
Reference: https://drive.google.com/file/d/1WmhMcCZZjDI4pKnQsccvaf4RdquhPPs8/ https://is.gd/ECH_TLS
https://is.gd/DictionarySortJS
https://is.gd/UpscaleWinDL
https://is.gd/HPC_HIP_CUDA
https://is.gd/UpscalerUSB_ROM
https://is.gd/OpenStreamingCodecs
'virtio-crypto: implement RSA algorithm'
Hardware Drive & System RAM 'DES 4 Key 64Bit & 128Bit AES & PolyChaCha & the Chinese one'
for protocols a very good idea & not CPU intensive>
Is 64Bit AES Even supported in crypto hardware : https://lkml.org/lkml/2022/3/1/1428
64Bit 4 Key is a potential with DES & may well work far faster than 128Bit (64 Bit processors)
In the case of HDD Drives & VM Drives may be transparent..Offers security:
1 key per drive layer : 4 Platters = 4 Keys
16 Platters = 8 Keys or 4 Keys
(c)RS 2022
https://bit.ly/VESA_BT
*******
Support rsa & pkcs1pad(rsa,sha1) with priority 150.
Test with QEMU built-in backend, it works fine.
1, The self-test framework of crypto layer works fine in guest kernel
2, Test with Linux guest(with asym support), the following script
test(note that pkey_XXX is supported only in a newer version of keyutils):
- both public key & private key
- create/close session
- encrypt/decrypt/sign/verify basic driver operation
- also test with kernel crypto layer(pkey add/query)
All the cases work fine.
rm -rf *.der *.pem *.pfx
The first principle to bear in mind for certificates is that most code will not repeat very often..
However ECC is a curve & if you know your own? You can compress it!
Bear in mind that prefetching a curve tells others, You may have it (client or server)
A common principle of the data hoarder like a certificate server is space! Space costs money! & Time..
Common things to compress? Almost everything!
Key Points:
Compression Techniques:
LSTD, Brotli-G, GZip, Deflate:
These are common compression algorithms used to reduce file size and improve transmission speed.
Certificate Compression:
ECC Curve Compression:
By knowing the specific curve used; Compression can be applied to reduce storage and transmission overhead.
Prefetching Considerations:
Prefetching a curve can signal its availability to others; Which can have security implications.
Space Optimization:
Compressing certificates and other data can reduce storage requirements.
Time Efficiency:
Compression can speed up data transfer and processing.
Complexity of Certificate Compression:
Implementing certificate compression can be complex and requires careful consideration of cryptographic algorithms and security protocols.
While compression improves efficiency, it potentially creates risk,
Compression can make data more susceptible to certain attacks.
Rupert S
*
PSK & Fast ECC Encryption : Encoded DNS & LSTD Adoption through compressible strings:
Firstly Secure Encrypted DNS exists, Secondly Cloud DNS Exists..
So location is not ID! or IP..
As stated in this document PSK Early Secret extraction is less of a problem for the following reasons:
Similar strings of length as pointed out by the NIST recommended passwords?
Memory but also compression!
Complexity is an object.. Hard to compress, Hard to remember & recall! But not impossible...
But later yes? When we know things about what we want..
Compressed secrets are low latency quick sends!
You have to bear in mind that PSK slope or PSK Escalation? Yes that is where you move onto more complex strings!
Bear in mind that early adoption of a pool of Random strings.. Takes space in a DNS or server Cloud Host archive!
Quick string PSK is a highly compressible and undeniably hackable version..
However our aim is the following:
UDP is pseudo-random
TCP is logical
Under these conditions & in a tunnel; PSK Compression on first ETA.. Is a clear clean 0 to 60 (in car terms),
Fast & Furious is our moto!
RS
*
PSK : Limited Exposure
Exposing a 64Bit, 80Bit, 128Bit key to the wind? Special requirements
ASCON versions have appeared to support PQC Light, So you know there is potential!
Military Air & Navy recommend 128 Bit PSK, Really some craft have computers big enough for 64 Bit,
64Bit is not ideal; But in the limited exposure field of Landing; Docking & Traveling over 4KM²; 64Bit still holds ground!
With special encryption: ECC & DES3/4/5 Mode : AES, ASCON, ...
The relevance of specialist encryption techniques, Described by the Light Encryption category :
https://csrc.nist.gov/Projects/lightweight-cryptography/finalists
Light Cryptography specialised as : ECC Mode { Insert mode here } : { Bit Depth }
We have potential!
PSK EHDSA
*
ECDSA,ASCON, AES, ML-KEM, Falcon, Dilithium, :
https://csrc.nist.gov/Projects/lightweight-cryptography/finalists
https://csrc.nist.gov/Projects/post-quantum-cryptography/publications
Option 1:
Delivering a Key Ramp..
Simple 8Bit key with high compression ratio first ? Data latency allows unnoticeable first key with LSTD Compression
8Bit PSK
It should be reasonable to assume that an 8 digit PSK is 8Bit or 16Bit with UTF-8,
Next delivery of either a 64Bit, 128Bit PSK.. An exchange of 64Bit PSK from client & 128Bit from server?
Potentially dual encryption..
Low complexity hardware
Both directions Key Encrypted Data.
PSK Pre Share Key (through DNS, Preferable Auto from Registered DNS & Cloud Provider)
PSK Key pool delivers key on first contact to server,
PSK Key length escalation, Thoughts..
4 Key DES is in principle the timed exchange ok keys, Now as you know with ECH Enhanced Client Hello (Cloudflare - NIST - Standards W3 - RS),
As you may know an open secret is exchanged first before a security certificate; The exchange protocol:
Exchange protocol:
Preliminary contact protocol:
Escalating Ramp:
Modes suitable for DNS, 0.8us exposure
8Bit }
16Bit }
32Bit } shared many key
Secondary key generation
64Bit }
128Bit }
256Bit }
512Bit } Multiples for ECC, DES3/4/5 Mode
Rupert S
It shall be known that with ECC, AES delivers a time related encoding
Option 1+2: The Key Exchange
Next delivery of either a 64Bit, 128Bit PSK.. An exchange of 64Bit PSK from client & 128Bit from server?
Potentially dual encryption..
Low complexity hardware
On existence of a key
Dilithium, Falcon Key delivery
The client shall receive a key for deliveries to server, Potent /dev/random Key..
Server shall deliver a reception key to server verified certificate..
The Client & Server have their own origin certificate..
If Without a personal key; The client shall have a cooky key from dev/random key creation or a client pool!
If the client has a personal Cooky Key hash or a Client Key, Server shall be in reception of encrypted data..
Both directions Key Encrypted Data.
Reference: https://is.gd/ECH_TLS
Rupert S
*
DES5, ECC, : ML-KEM, AES
ECC & DES3/5
Insertion of certificate verified key exchange with verified return stub key (verified against contact key)
3 to 5 minute timed; multiple /dev/RND stub key exchanges to change pattern..
Variable 3 Port timed; 1 to 3 ports transmission from source to end point,
To stop port flooding, single arrival port.
Exchanges between server & client to involve multi round pollinated STUB Certificate exchange & use.
ECC & DES3/5
Represents Stub Certificate exchange:
----+++++-----+++++---
-----++---+++---+++---
++++---+++---+++---+++
Rupert S
*
Key Exchange Protocol with ECC, AES
The provided text outlines a proposed key exchange protocol that leverages ECC and AES for enhanced security and flexibility.
Here's a breakdown of the key components:
Preliminary Contact and Key Establishment:
PSK (Pre-Shared Key): A shared secret is established between the client and server using DNS or a cloud provider.
Key Length Escalation: The PSK length can be increased over time to enhance security.
ECC and AES: ECC is used for key exchange, while AES is used for symmetric encryption.
Key Delivery and Encryption:
Option 1: Key Ramp:
A simple 8-bit key with high compression is initially exchanged.
Subsequent exchanges involve larger keys (e.g., 64-bit, 128-bit) to strengthen security.
Dual encryption can be considered for added protection.
Option 2: Dilithium or Falcon:
The client receives a key from /dev/urandom for sending data to the server.
The server delivers a reception key to the client, verified against the server's certificate.
If the client doesn't have a personal key, it uses a cookie key or a client pool key.
Stub Certificate Exchange:
A mechanism is proposed to periodically exchange stub certificates for added security.
This involves multiple /dev/urandom key exchanges and transmission through variable ports to prevent port flooding.
Key Points and Considerations:
The protocol aims to provide a secure and flexible key exchange solution.
It incorporates ECC for key exchange and AES for encryption, offering a strong combination.
The option to use Dilithium or Falcon for key delivery provides additional flexibility.
The stub certificate exchange mechanism adds a layer of security by periodically changing the keys.
Potential Improvements:
Additional Security Measures: Perfect forward secrecy (PFS) to protect against compromise of long-term keys.
Performance Optimization: Evaluate the performance impact of the proposed protocol, especially in terms of latency and computational overhead.
Compatibility: Ensure compatibility with existing standards and protocols to facilitate widespread adoption.
Overall, the proposed key exchange protocol presents a promising approach that combines ECC, AES, and additional security mechanisms..
By addressing the identified areas for improvement, It can potentially contribute to a more secure and robust communication environment.
RS
******** Reference Material :>
Session EEC/RSA/AES/Encryption Key Connection Protector - Certificate (c)RS + Reward welcome
The 1024/2048/4096 cert spawns the EEC cert pair as elliptic Curves based on the primary...
the curve cert is responding through TLS and QUIC to the eec key,
Formed temporarily from the local public key & or user certificate!
The computation of verification comes from the ability of the connection,
To provide several versions of the certificates EEC temporary cert (lasts one hour for example)
multiple EEC cert variants all come from a common root cert,
Therefore the server and user can talk enciphering both ways in a complex manner,
That is complex to spy upon.
The same methodology produces verifiable source certificates of sizes 512 to 8192(For example)
That can then do RSA and AES and other cyphers from larger base certificates,
Also same size hashed & cyphered Cryptographic pairs.
Hence the use of a hidden session cooky :
(AES:RSA Encrypted and temporarily anonymously IP Locked - refreshed on ip change (for ISP changes to ip)
This is very important, also user anonymous certificates! equates a temporary,
Subcert & session ECC Elliptic Curve
Such is the way that a local P11 Connection can make a local temp session EEC Elliptic RSA AES
(Copyright) Rupert S
https://science.n-helix.com/
I suggest the cloud UID for verification HMAC or a constant sent to the user per day/Session..
Frankly if the code AES we use is in plain script people could spy it..
I think spies do spy cookies & they do steal logins this way!
HMAC the AES of the UID code or send an AES/HMAC code inside a personal JS,
That echo's the cloud key for decryption; A Worker..
The communication with the server JS Security Encipher would most certainly..
Make hacking the Security EEC Server Certificate communications very hard to accomplish.
Cloud edge JS Encode to a local worker & from the local worker to edge & server.
The process in called Dual Edge Encrypt Factor : DE²F
Interesting code for security https://developers.cloudflare.com/workers/examples/signing-requests
Reference: https://drive.google.com/file/d/1WmhMcCZZjDI4pKnQsccvaf4RdquhPPs8/ https://is.gd/ECH_TLS
https://is.gd/DictionarySortJS
https://is.gd/UpscaleWinDL
https://is.gd/HPC_HIP_CUDA
https://is.gd/UpscalerUSB_ROM
https://is.gd/OpenStreamingCodecs
********* Really 2018, But really DES3 1980's************
'virtio-crypto: implement RSA algorithm'
Hardware Drive & System RAM 'DES 4 Key 64Bit & 128Bit AES & PolyChaCha & the Chinese one'
for protocols a very good idea & not CPU intensive>
Is 64Bit AES Even supported in crypto hardware : https://lkml.org/lkml/2022/3/1/1428
64Bit 4 Key is a potential with DES & may well work far faster than 128Bit (64 Bit processors)
In the case of HDD Drives & VM Drives may be transparent..Offers security:
1 key per drive layer : 4 Platters = 4 Keys
16 Platters = 8 Keys or 4 Keys
(c)RS 2022
https://bit.ly/VESA_BT
*******
Support rsa & pkcs1pad(rsa,sha1) with priority 150.
Test with QEMU built-in backend, it works fine.
1, The self-test framework of crypto layer works fine in guest kernel
2, Test with Linux guest(with asym support), the following script
test(note that pkey_XXX is supported only in a newer version of keyutils):
- both public key & private key
- create/close session
- encrypt/decrypt/sign/verify basic driver operation
- also test with kernel crypto layer(pkey add/query)
All the cases work fine.
rm -rf *.der *.pem *.pfx
modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m
rm -rf /tmp/data
dd if=/dev/random of=/tmp/data count=1 bs=226
openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org"
openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
echo "priv key id = "$PRIV_KEY_ID
PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
echo "pub key id = "$PUB_KEY_ID
keyctl pkey_query $PRIV_KEY_ID 0
keyctl pkey_query $PUB_KEY_ID 0
echo "Enc with priv key..."
keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
echo "Dec with pub key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Sign with priv key..."
keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
echo "Verify with pub key..."
keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
echo "Enc with pub key..."
keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
*****
Now you may feel this is a bunch of talawaki! Well fine! Walla Walla :p
Now you know the birdman(& women) story; Now to refine a point about ASCON & how good it is?
When I was convincing the officers I was talking to Birdmen...
I had my reasons, The improvement of the electron microscope; The antigravity; The analysis...
Yar Yar, But hay? you know something? ASCON is great!
So they gave me permission to carry the formula of ASCON to the birdmen with some conditional requirements,
Desires for technology...
So as I stood with the science officer I said; So the base officers have something to share...
Oh you know man may not be a super being; but he can be underrated!
So I unfolded a piece of paper with a maths formula and some; you know 'Demands' as the French say Desires!
So the Birdman scientist looked at it for a second and .... looked at it...
What is this nonsense....
I DON'T KNOW.... I thought you WERE... Clever :P & I winked!
He looked some more! EURIKA, Not so fast....
Can you do better?
This is good yes, Astounded but oh my god! They shared that with us!
Yes they did and if you can come up with something new.... To add to it...
& Some other things; You & I & some Muscle Bigos can visit the base...
Would you like that? Arrangements were made...
Something Found!
Nothing is known of Ascons more advanced models & most probably... it is unlikely they ever will.
All you need to know is...
ASCON IS GREAT!
Duke Thrust
*****
Once upon a time there was a contest in Asia...
Yes I know , astounding! :L Well anyway the contest was on Euro-Gamer live! So you know how long winded the interviews are before the contest?
The interview was 1.3 hours & the guys had the gaming rigs setup...
The guy had his mouse 'Plugged in' To his Plug/Adapter 'Radio init'
In the audience were a group of malcontents...
Malcontents with hacking radio adapters!
They hacked his Radio over 1 hour of interviews...
But something gave them away..
Network traffic; The sniggering...
The shuffle of feet & conversation...
You know detective work! & you Do Know that they have detectors for this kind of harassment? Right, you know they do!
Radio jamming, Scamming, hacking, falsification.... Theft & robbery!
They got one of them; Don't matter... We got the code!
He turned off & on his gear... his mouse, his headset...
You know what? THE CODE CHANGES!
Hail Logitech G, Hail you the gamer!
Duke Thrust
dd if=/dev/random of=/tmp/data count=1 bs=226
openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org"
openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
echo "priv key id = "$PRIV_KEY_ID
PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
echo "pub key id = "$PUB_KEY_ID
keyctl pkey_query $PRIV_KEY_ID 0
keyctl pkey_query $PUB_KEY_ID 0
echo "Enc with priv key..."
keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
echo "Dec with pub key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Sign with priv key..."
keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
echo "Verify with pub key..."
keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
echo "Enc with pub key..."
keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
*****
Ascon, Story, (only something the military would appreciate), DT
Now you may feel this is a bunch of talawaki! Well fine! Walla Walla :p
Now you know the birdman(& women) story; Now to refine a point about ASCON & how good it is?
When I was convincing the officers I was talking to Birdmen...
I had my reasons, The improvement of the electron microscope; The antigravity; The analysis...
Yar Yar, But hay? you know something? ASCON is great!
So they gave me permission to carry the formula of ASCON to the birdmen with some conditional requirements,
Desires for technology...
So as I stood with the science officer I said; So the base officers have something to share...
Oh you know man may not be a super being; but he can be underrated!
So I unfolded a piece of paper with a maths formula and some; you know 'Demands' as the French say Desires!
So the Birdman scientist looked at it for a second and .... looked at it...
What is this nonsense....
I DON'T KNOW.... I thought you WERE... Clever :P & I winked!
He looked some more! EURIKA, Not so fast....
Can you do better?
This is good yes, Astounded but oh my god! They shared that with us!
Yes they did and if you can come up with something new.... To add to it...
& Some other things; You & I & some Muscle Bigos can visit the base...
Would you like that? Arrangements were made...
Something Found!
Nothing is known of Ascons more advanced models & most probably... it is unlikely they ever will.
All you need to know is...
ASCON IS GREAT!
Duke Thrust
*****
Skipjack, DES3, GCM, A story for gamers about the Logitech G Series gamer mouse! If Aliens are not enough, Try gamers & cheaters
Once upon a time there was a contest in Asia...
Yes I know , astounding! :L Well anyway the contest was on Euro-Gamer live! So you know how long winded the interviews are before the contest?
The interview was 1.3 hours & the guys had the gaming rigs setup...
The guy had his mouse 'Plugged in' To his Plug/Adapter 'Radio init'
In the audience were a group of malcontents...
Malcontents with hacking radio adapters!
They hacked his Radio over 1 hour of interviews...
But something gave them away..
Network traffic; The sniggering...
The shuffle of feet & conversation...
You know detective work! & you Do Know that they have detectors for this kind of harassment? Right, you know they do!
Radio jamming, Scamming, hacking, falsification.... Theft & robbery!
They got one of them; Don't matter... We got the code!
He turned off & on his gear... his mouse, his headset...
You know what? THE CODE CHANGES!
Hail Logitech G, Hail you the gamer!
Duke Thrust
