Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Apart from Let's encrypt, what other options exist to obtain free SSL certificates? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Apart from Let's encrypt, what other options exist to obtain free SSL certificates?

245

Comments

  • HarzemHarzem Member
    edited October 2017

    @bsdguy said:
    I thank you for that amusement, Mr. 2 years college crypto.

    Btw. while you design web sites I actually work in IT security, actually write formally specified, modelled, and verified code. Thanks again for the good laugh and happy web-site colouring!

    I'm a software engineer with a master's degree in the field an 17 years experience in writing encryption routines and software. I wrote my own symmetrical cipher in 2001 and presented to a small board of cryptoanalysts in university. What were you doing back then?

    Be careful with who you are attacking at. I'm coloring websites for a quick $5000.

  • I'm running out of popcorn guys.

  • HarzemHarzem Member
    edited October 2017

    @JustAMacUser said:

    @Harzem said:
    You can't backdoor a publicly used algorithm and get to live with it for more than an afternoon.

    The OpenSSL guys had critical bugs in their code for years before anyone noticed. If no one noticed that, what makes you think they'd noticed any backdoor?

    Just because something is public/open source does not mean it's safe. It means it can be reviewed by anyone. Those are not the same things and we shouldn't operate under the premise that they are.

    An algorithm here is less than 100 lines of code, a mathematical definition of a cipher. You can't put a backdoor to it and get to live with it.

    OpenSSL is a software which implements many routines, and even if it's open source, it can have bugs, some of them very critical, and overlooked.

    AES, an algorithm, has its entire definition in this 2 minute read: http://imps.mcmaster.ca/courses/SE-4C03-07/wiki/siaa/se4c03_aes_wiki(7).html

    A software implementation the size of OpenSSL, on the other hand, requires months of testing before it can even be considered "ready for beta".

    My own fraudrecord uses a custom hashing algorithm :

    FUNCTION fraudrecord_hash ( value ) FOR 32,000 TIMES LOOP value = "fraudrecord-" + value value = SHA-1( value ) END LOOP RETURN value END FUNCTION

    I can't put a backdoor here, but I can put a backdoor to the software implementation, or have bugs in the implementation that may go unnoticed for years (even if it was open-sourced).

    Open-source software may be utter shit, they have proven to suck hundreds of times before. Open-source (visible source) cipher algorithms don't have that problem, it's a mathematical definition, which are regularly attacked and tested. They may have bugs (that reduce security), but not backdoors. Those bugs are easily identified by third party academics.

  • @Harzem said:

    @bsdguy said:
    I thank you for that amusement, Mr. 2 years college crypto.

    Btw. while you design web sites I actually work in IT security, actually write formally specified, modelled, and verified code. Thanks again for the good laugh and happy web-site colouring!

    I'm a software engineer with a master's degree in the field an 17 years experience in writing encryption routines and software. I wrote my own symmetrical cipher in 2001 and presented to a small board of cryptoanalysts in university. What were you doing back then?

    Be careful with who you are attacking at. I'm coloring websites for a quick $5000.

    17 years? WOW! Now I'm impressed and frightened.

    What I was doing back then? I was scratching my balls and thinking about the decade I had already spent in the field and about some of the students whom I had teached, advised, and navigated through their thesis work.

    Have a nice night

  • Then our heads are thick enough not to share the same opinion on the matter, after all this time. Farewell to you too, sir.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    You guys should make love tbh...

  • emgemg Veteran
    edited October 2017

    Like others, I have been reading the debate between @Harzem and @bsdguy (and others) with interest. I do not generally disclose personal information in a forum like this, but suffice it to say that I may know a little something about what they have been discussing here. I have met a cryptanalyst. :-)

    I do not want to join in the detailed debate and make pedantic corrections.

    I will publicly state that Harzem has written many apparent "statements of fact" which are not true. In my opinion, Harzem's statements do not align well with his assertions about his crypto qualifications. Harzem may have "studied cryptography in college," but I am sorry to report that the lessons may not have sunk in as well as Harzem believes. It surprises me, because I respect Harzem and his overall skills and abilities, which don't seem to align well with his erroneous assertions and statements.

  • Interesting discussion @Harzem & @bsdguy - is there a real need to show who's got the bigger dick degree / experience though? Might be entertaining to some, I reckon.

    Anyway, what do you guys think of libressl? Really worth it to consider rather than openssl?

    Back on topic, @Plioser since startcom / wosign aren't recognized by most browser (and that's not necessarily a bad thing, even though the CA system seems to be rotten/broken by design - not sure removing those certs changes anything, even if it helps keep the trust in the CA system) I didn't find any alternative better than let's encrypt or cpanel free cert if you're on a cpanel system, as far as I know there is no more long term (> 3m) free cert validated by a "proper" (whatever that means) CA.

  • HarzemHarzem Member
    edited October 2017

    @emg I've been mostly simplifying and generalizing my statements to fit in the narrative of this forum. There are exceptions to everything, and I'm aware of some of them. However I'm defending the theoretical safety of the algorithms, while my opponent is defending the practical implementation problems.

    I don't think anyone will gain anything with discussing it publicly any further, but I can discuss in more detail via PM about specifics if you like. I might even learn something from you.

  • Harzem said: Open-source software may be utter shit, they have proven to suck hundreds of times before. Open-source (visible source) cipher algorithms don't have that problem, it's a mathematical definition, which are regularly attacked and tested. They may have bugs (that reduce security), but not backdoors. Those bugs are easily identified by third party academics.

    I think you're just nit-picking semantics here. The NSA (as previously mentioned by @bsdguy) has been shown to intentionally introduce "bugs" or weakenings into open source software and "algorithms" thereby allowing them a backdoor into said information.

    My point was that you argued by having things open source we have the surety that it will not go unnoticed:

    You can't backdoor a publicly used algorithm and get to live with it for more than an afternoon.

    That is simply not the case, regardless of word choices or whatever is being referenced as "open source". Something being open sourced is by no means a surety of anything.

  • HarzemHarzem Member
    edited October 2017

    JustAMacUser said: Something being open sourced is by no means a surety of anything

    Open source software can suck big time. They can be full of security holes, some of them may go unnoticed for years, and they may cause big data breaches. OpenSSL had this problem, wordpress had this problem, they are almost never fully secure.

    I'm not implying open source software is secure.

    Open source cipher algorithm is not an open source software. It's a mathematical definition, a little more than multiplication and division. They are much easier to test for and identify bugs, backdoors, and shortcomings.

    Implementing those algorithms, as in OpenSSL's case, is a software problem, and open-source doesn't fix that.

    NSA can't put a backdoor into AES algorithm, but it can put a backdoor into an SSL software that uses the algorithm. This isn't nitpicking. They are completely different things.

  • You are nitpicking. Let me show you:

    You can't backdoor a publicly used algorithm and get to live with it for more than an afternoon.

    Emphasis mine to show that you stating by publishing something publicly an individual or entity cannot "get away" with it.

    They [open source cipher algorithm] are much easier to test for and identify bugs, backdoors, and shortcomings.

    Ease of identifying is not ensured by having something be open source. Again:

    You can't backdoor a publicly used algorithm and get to live with it for more than an afternoon.

    Why? Why does having it published publicly equate to identifying flaws? There's a cause and effect disconnect here. Just because something is public does not mean its perfection or lack thereof will be acknowledged.

  • HarzemHarzem Member
    edited October 2017

    JustAMacUser said: Why? Why does having it published publicly equate to identifying flaws?

    In the rest of my comments, I specifically wrote "visible source algorithms", which meant their mathematical functions were publicly released, but some of them don't have open licenses to be used freely.

    In the quote you mentioned, I apparently wrote, mistakenly, "publicly used algorithm" instead of "publicly released algorithm". If you read the rest of my comments, you'll see I'm talking about releasing the algorithm details, not how much it's used. That was my typo, written in haste.

    A publicly released cipher algorithm, if not released by someone like me but released by someone like Bruce Schneier or NSA, is analyzed to its bones and ashes by the whole crypto-community.

    For example, MAGENTA algorithm, one of the AES contestants, was found to have weaknesses in a matter of hours.

    Another one, Dual EC DRBG, was known to be insecure, because you can't hide a backdoor in a cipher algorithm, if you do, you'll get caught. This one is an interesting read, it shows how you can't hide a backdoor and get away with it.

    These are all visible source, so they are analyzed by crypto experts easily.

    By the way, this "Dual EC DRBG" is the algorithm NSA tried to put in a backdoor, and now is used by no-one.

  • @Elmo said:
    custom script to auto update Server certificate (Vesta UI, Exim, Dovecot, FTPd)

    would you mind sharing this? I never took the time to write something together, yet it would be of great help ;-)

  • @Falzo said:

    @Elmo said:
    custom script to auto update Server certificate (Vesta UI, Exim, Dovecot, FTPd)

    would you mind sharing this? I never took the time to write something together, yet it would be of great help ;-)

    Sure thing! Take a look here https://github.com/ifaist0s/vesta-server-ssl-cert
    Questions and Feedback welcome, but let's not hijack this thread. Just message me here or in GitHub

    Thanked by 2MikePT Falzo
  • bsdguybsdguy Member
    edited October 2017

    @datanoise said:
    Anyway, what do you guys think of libressl? Really worth it to consider rather than openssl?

    Yes. While I do certainly not consider libressl to be a good solution (which ssl/tls just can not be) it's clearly much better than openssl. Two reasons (among more): the openbsd guys have consistently shown a high regard for safety/security as well as good coding (well, as good as C coding can be). Second reason: simplicity/less complex. libressl has thrown out heaps of gruft and crap in openssl.

    @Harzem said:
    Open source cipher algorithm is not an open source software. It's a mathematical definition, a little more than multiplication and division. They are much easier to test for and identify bugs, backdoors, and shortcomings.

    Pardon me but you rapidly lose credibility. To quote Dijkstra: "software is the implementation of algorithms". Anyone having looked at crypto implementations will confirm that. The implementation of a crypto algorithm is basically just a transformation between notations with minor adaptations.

    Both are usually very difficult to verify and there are many cases where the algorithm is, in fact, more difficult to verify than the implemention (i.a. because algos typically have a domain like N whereas software has a limited domain which often is even further limited for some pragmatic reason). On the other hand we have (nowadays) better tools to spec, model, and verify algorithms (Btw. a fact that seems to have completely escaped you. No professional would just code an algorithm and similarly mathematicians typically model their algorithm during design, explore domains, etc. I, for example, often work with prolog for domain exploration, then with a formal modeller (yet another "language"), before I finally implement the algorithm in a third language).

    NSA can't put a backdoor into AES algorithm, but it can put a backdoor into an SSL software that uses the algorithm. This isn't nitpicking. They are completely different things.

    nsa already did taint algorithms and they already did try to get a weakened AES spec into the standards. Moreover, just have a look at fips, nist (read: nsa) algorithms, e.g. curves, pretty much dominate major parts of the crypto universe.

    Another one, Dual EC DRBG, was known to be insecure, because you can't hide a backdoor in a cipher algorithm, if you do, you'll get caught.

    Yes, after years and wide usage. Btw. it took many large organisations months and even years to switch to another algorithm.

    A final example to show what we talk about: one can with a ridiculously small amount of samples (say with a days worth of mirrored sessions) deduce with quite high probablity which ssl library is used. The reason: Small but obvious biases and bad random.

    Thanked by 1datanoise
  • HarzemHarzem Member
    edited October 2017

    bsdguy said: Yes, after years and wide usage. Btw. it took many large organisations months and even years to switch to another algorithm.

    Yet the insecurity was identified very very early after the first release.

    Then NSA insisted organizations must use a specific implementation of the algorithm, which was known to be backdoored, but NSA wouldn't grant those organizations necessary licenses if they changed the values in the algorithm to a secure set, so they had to use the backdoored version not to lose their business. In the mean time, NSA bribed RSA to use the backdoored version, while independent critics shouted about the implementation to be insecure.

    It was a huge drama, but it was an implementation problem, not an algorithmic problem. You could have changed two values from the algorithm and it would be secure, and this fact was identified at very early stages. NSA didn't allow people to change the values if they wanted to keep doing business.

    Software sucked, people sucked, people who insisted on forcing a specific backdoor version sucked, people who knew it was backdoored (because that fact was revealed early) but kept using it because of $$$ sucked.

    But the algorithm, with free to pick values, didn't suck. Algorithm with specific trojan values sucked big time, but it was identified very early, not years after it was used widely.

    The whole drama proves my points, afaic.

  • raindog308raindog308 Administrator, Veteran

    MikePT said: You guys should make love tbh...

    Formally verified love.

    Harzem said: Most common ciphers aren't NSA tainted by design.

    I'm inclined to believe that, but I acknowledge there's an element of belief there. We don't know the extent of the NSA's capabilities, and there is an excellent, well-known case where they did backdoor perhaps the most prominent cipher in American history using technology that wasn't known in the public until 20 years later: DES's S-boxes.

    Yes, they were modified to prevent differential cryptanalysis and so strengthened the cipher. Let's take the gov't's word that this is all those S-box changes did. It's still a case of NSA being decades ahead. Are they still? Probably not, but...well, there's that element of faith.

    It's also worth noting that DES was neutered from a larger recommended key size on NSA's request. They couldn't get away with anything that crude in AES but still...it's obvious if they could, they would.

    Thanked by 1MikePT
  • @raindog308 said:

    Harzem said: Most common ciphers aren't NSA tainted by design.

    I'm inclined to believe that, but I acknowledge there's an element of belief there. We don't know the extent of the NSA's capabilities, and there is an excellent, well-known case where they did backdoor perhaps the most prominent cipher in American history using technology that wasn't known in the public until 20 years later: DES's S-boxes.

    Yes, they were modified to prevent differential cryptanalysis and so strengthened the cipher. Let's take the gov't's word that this is all those S-box changes did. It's still a case of NSA being decades ahead. Are they still? Probably not, but...well, there's that element of faith.

    It's also worth noting that DES was neutered from a larger recommended key size on NSA's request. They couldn't get away with anything that crude in AES but still...it's obvious if they could, they would.

    There is an elephant in the room many don't see. It's nist and fips.

    And that's also why "most" algos aren't that relevant. Sure, you and me and Harzem can use whatever we please but state agencies, banks, insurers, large corps - i.e. exactly the kind of organisations with massive data of/on us the citizens - are (partly self-)bound to use only fips approved nist algos.

    And Harzem is wrong again insofar as e.g. nist curves can be - and are - tainted and there are multiple crypto experts and groups out there who pointed at tainted nist curves (where "tainted" typically means that a given curve is computationally weak and/or that it has properties that strongly suggest that a knowing party (nsa) can have very significant computational advantages).

    One ugly side of that is both, those nist curves and, say, djb's 25519 are "ECC" so unsuspecting users (read: 99.9%) just hear "ECC" and have heard about the excellent security of ECC and just use it with whatever curve happens to be proposed; it's only very few users who know that 25519 based ECC is secure while nist curve based ECC is between utterly smelly and simply rotten.

    Another point that is important but often not seen is that, yes, cryptologists and cryptanalysts do rattle, shake and test new algorithms. However, and that's the dirty little thing, those tests are largely of a mathematical nature with only relatively standard computational tests thrown in (like side channels). What they don't do, however, simply because they can't is to run very high powered computational tests. Even universities hardly have the kind of computational power the likes of nsa and gchq have.

    Another factor to keep in mind is the question based on what an Eve (evil party) acts. One should keep in mind that nsa and friends are in the position to be the max. dolev-yao Eve and hence a new level of complexity - and attack surfaces - arises. Example nonce-less sym. encrypted packet transmissions can be cracked much easier if one has access to a couple of billion packets (which is one dolev yao factor) and the computational power to work on them (hence, hint: always use nonces; if no such algos are available, add at least a (good quality!) random integer to each packet).

    This is particularly ugly considering that many protocols have often (or even always) repeating bitstrings (typ. in the handshake, establishment, and key exchange/setup phase). So if Eve has access to the wire - as nsa does - your super duper crypto might actually turn out to be much weaker than you think. The good news is that we nowadays have software that can check protocols (incl. against a max. DY Eve); the bad news is that even some major security projects don't do those protocol tests.

    I'll close with something funny: The ghost cipher the russians used for decades was/is pretty much a sibling of des; the two are very similar. But: the russian one held and still holds while des is considered broken. Reason: the russian designed for security while nsa designed for having a computational advantage ("backdoor").

  • MaouniqueMaounique Host Rep, Veteran
    1. SSL is broken;
    2. It cannot be fixed to be usable as intended;
    3. It is a system to employ failed mathematicians and "software analysts" and give a job to more salesmen;
    4. You can finally get a free rubber stamp now, but as before, it does not prove anything. Still, it is free and at least does not have the pretense of paid certs.
      Point 4 is the only good news which helps you fix an annoyance which should have not been there in the first place, but is maintained with a lot of money and effort as a parasite in the web world.
  • bsdguybsdguy Member
    edited October 2017

    @Maounique

    Off topic: Fine to see you again, sometimes grumpy guy g

    Say, as you are here again, wouldn't it be proper to let go/change your sig? After all, @jarland can't be that bad an evil monster if you are here again and he tolerates even that sig.
    Not meaning to start a war or to feed any flames. Quite the contrary -> let there be peace.

    Thanked by 1Maounique
  • Maounique said: is maintained with a lot of money and effort as a parasite in the web world.

    As a parasite or until there is better alternative. It makes it harder for alternatives to emerge, but the whole internet infrastructure is fucked up, let's take domains names for example!

    TLS while not perfect works. It could be better, but it's probably still better than plain text http connexions, don't you think so?

  • MaouniqueMaounique Host Rep, Veteran
    edited October 2017

    @bsdguy said:
    @Maounique

    Off topic: Fine to see you again, sometimes grumpy guy g

    Say, as you are here again, wouldn't it be proper to let go/change your sig? After all, @jarland can't be that bad an evil monster if you are here again and he tolerates even that sig.
    Not meaning to start a war or to feed any flames. Quite the contrary -> let there be peace.

    As long as he does not retract the lies he put up about me (and not something that can be easily forgotten, such as pedophile or apologist, nazi, plus some which he can claim as a forum admin and not give any evidence such as ban evader when i didnt even know about until I was unbanned and could read the cest pit), as long as he continues to hide the things he and his lynch mob said about me in impunity though clearly against the rules and my polite answers with arguments to them which were twisted to fall foul of a new rule invented post-factum and retracted after it served it's purpose, I can't let it go, it will happen again against other people, if I do, some which cannot afford it as they work for some provider not as enlightened as uncle and may even believe that ***.
    OK, I drop the request to apologize explicitly, retracting those is a sort of an equivalent.

  • raindog308raindog308 Administrator, Veteran

    bsdguy said: I'll close with something funny: The ghost cipher the russians used for decades was/is pretty much a sibling of des; the two are very similar. But: the russian one held and still holds while des is considered broken.

    Various links on Wikipedia strongly disagree. They were to GOST as "deeply flawed", "not secure in a theoretical sense", etc. OTOH, the best attack against DES is still only brute force. Which, true, in 2017 is enough.

    BTW, Wikipedia also notes that the GOST S-boxes were often provided and mandated by the Soviet government on a "here are the S-boxes your company will use" basis. Ahem. At least the DES ones were standardized, universal, and later proven to have strengthened rather than weakened DES.

  • @raindog308 said:
    Various links on Wikipedia strongly disagree.

    Don't take it personal but I don't care shit what wikipedia says. I know that they often are extremely biased and I know des and the russian ghost version quite well. But, of course, everyone is free to trust wikipedia (or not).

  • WSSWSS Member

    @bsdguy So what one-time pad is being used by the biharmonic UVB-76?

  • raindog308raindog308 Administrator, Veteran

    bsdguy said: Don't take it personal but I don't care shit what wikipedia says.

    Er...I said links on wikipedia, not wikipedia itself. The links are to various academic and IACR papers published by cryptographers from the UK, Japan, Poland, and Israel.

  • @Maounique said: As long as he does not retract the lies he put up about me (and not something that can be easily forgotten, such as pedophile or apologist, nazi, plus some which he can claim as a forum admin and not give any evidence such as ban evader when i didnt even know about until I was unbanned and could read the cest pit), as long as he continues to hide the things he and his lynch mob said about me in impunity though clearly against the rules and my polite answers with arguments to them which were twisted to fall foul of a new rule invented post-factum and retracted after it served it's purpose, I can't let it go, it will happen again against other people, if I do, some which cannot afford it as they work for some provider not as enlightened as uncle and may even believe that ***.

    OK, I drop the request to apologize explicitly, retracting those is a sort of an equivalent.

    Why not go for a peace treaty? @jarland did his part by unbanning you, and now you do your part by dropping your signature.

    As momentous as that event seems to you (and I don't want to deny its importance to you), people on LET are preoccupied with looking for good deals on servers. Your quarrel with jarland is but a distant, faded memory in the collective mind of LET, and (if I may say so) no one here really cares to look back at it.

    Thanked by 1MikePT
  • angstrom said: did his part by unbanning you

    Made me chuckle.

    I read though @Maounique's comments and agree with them and am glad they are being made.

Sign In or Register to comment.