X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=public_html%2Fhtml%2Fcryptofaq.php;h=64ccca36e4ab4bd4b45e474734ffdb40c551ea4b;hb=f19fdbd9f10e277fb442597b70cd325a22e25bb8;hp=11c4f7f2528d97a52097acc3e302e8e7c1f8435a;hpb=ded594b218b41593192dc37ec059a1a8a5d70eff;p=silc.git
diff --git a/public_html/html/cryptofaq.php b/public_html/html/cryptofaq.php
index 11c4f7f2..64ccca36 100644
--- a/public_html/html/cryptofaq.php
+++ b/public_html/html/cryptofaq.php
@@ -19,71 +19,73 @@
1.7 What other algorithms SILC support?
1.8 What encryption modes SILC support?
+
+1.9 Is CBC mode going to be replaced in SILC?
-1.9 What hash functions SILC support?
+1.10 What hash functions SILC support?
-1.10 What public key algorithms SILC support?
+1.11 What public key algorithms SILC support?
-1.11 Does SILC support PGP keys?
+1.12 Does SILC support PGP keys?
-1.12 Does SILC support SSH keys?
+1.13 Does SILC support SSH keys?
-1.13 Does SILC support X.509 certificates?
+1.14 Does SILC support X.509 certificates?
-1.14 So SILC can be used with other keys too instead of just SILC public
+1.15 So SILC can be used with other keys too instead of just SILC public
keys?
-1.15 How the MAC is computed in SILC?
+1.16 How the MAC is computed in SILC?
-1.16 Why SILC does not use PGP to encrypt messages?
+1.17 Why SILC does not use PGP to encrypt messages?
-1.17 Why SILC does not use TLS/SSL to encrypt messages?
+1.18 Why SILC does not use TLS/SSL to encrypt messages?
-1.18 Why SILC does not use SSH tunneling or IPSEC to encrypt messages?
+1.19 Why SILC does not use SSH tunneling or IPSEC to encrypt messages?
-1.19 How is the transport in SILC protected then?
+1.20 How is the transport in SILC protected then?
-1.20 Do I understand you correctly that TLS/SSL + PGP would be same as
+1.21 Do I understand you correctly that TLS/SSL + PGP would be same as
SILCs own protection now?
-1.21 Are you also saying that a chat protocol using TLS/SSL alone is not
+1.22 Are you also saying that a chat protocol using TLS/SSL alone is not
actually sufficient (like IRC+SSL)?
-1.22 Are you also saying that a chat protocol using PGP alone is not
+1.23 Are you also saying that a chat protocol using PGP alone is not
actually sufficient (like ICQ+PGP)?
-1.23 So chat protocol always needs both secured transport and secured
+1.24 So chat protocol always needs both secured transport and secured
messages, right?
-1.24 What is the purpose of the SILC key exchange (SKE) protocol?
+1.25 What is the purpose of the SILC key exchange (SKE) protocol?
-1.25 How does SKE protocol protect against man-in-the-middle attacks which can be used to attack Diffie-Hellman?
+1.26 How does SKE protocol protect against man-in-the-middle attacks which can be used to attack Diffie-Hellman?
-1.26 Would have it been possible to use some other key exchange protocol
+1.27 Would have it been possible to use some other key exchange protocol
in SILC instead of developing SKE?
-1.27 Should I verify the public key of the server when I connect to it?
+1.28 Should I verify the public key of the server when I connect to it?
-1.28 Should I verify all other public keys in SILC?
+1.29 Should I verify all other public keys in SILC?
-1.29 Why SILC does not used OpenSSL crypto library instead of its own?
+1.30 Why SILC does not used OpenSSL crypto library instead of its own?
-1.30 Is it possible to digitally sign messages in SILC?
+1.31 Is it possible to digitally sign messages in SILC?
-1.31 I am a Harry Hacker, and I want to crack your protocol. What would be
+1.32 I am a Harry Hacker, and I want to crack your protocol. What would be
the best way to attack SILC protocol?
-1.32 What could happen if a server in SILC network would become compromised?
+1.33 What could happen if a server in SILC network would become compromised?
-1.33 What could happen if a router would become compromised?
+1.34 What could happen if a router would become compromised?
-1.34 Is my channel messages protected on compromised server or not?
+1.35 Is my channel messages protected on compromised server or not?
-1.35 Is my private messages protected on compromised server or not?
+1.36 Is my private messages protected on compromised server or not?
-1.36 Should I then always use private keys for all messages?
+1.37 Should I then always use private keys for all messages?
-1.37 How likely is it that some server would become compromised?
+1.38 How likely is it that some server would become compromised?
@@ -154,6 +156,17 @@ A: The required mode is currently CBC. Other modes are optional.
NIST finalizes its selection process for these modes.
+
+Q: Is CBC mode going to be replaced in SILC?
+A: Even if new encryption mode like CTR is introduced to SILC protocol the
+CBC mode will not likely go away. Recently new attacks has been
+introduced to the traditional CBC (IV is the previous ciphertext block),
+so looking additional modes for the future is wise. Another possiblity
+is to change the CBC to be so called randomized CBC (all IVs are random),
+however most likely this will not be done in SILC. Rather, new modes will
+be introduced instead.
+
+
Q: What hash functions SILC support?
A: The required hash function is SHA-1, but also the MD5 is added to the