From: Pekka Riikonen Date: Sat, 5 Oct 2002 18:46:33 +0000 (+0000) Subject: updates X-Git-Tag: silc.client.0.9.6~65 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=f19fdbd9f10e277fb442597b70cd325a22e25bb8 updates --- diff --git a/public_html/html/cryptofaq.php b/public_html/html/cryptofaq.php index 11c4f7f2..64ccca36 100644 --- a/public_html/html/cryptofaq.php +++ b/public_html/html/cryptofaq.php @@ -19,71 +19,73 @@ 1.7 What other algorithms SILC support?
     1.8 What encryption modes SILC support?
+     +1.9 Is CBC mode going to be replaced in SILC?
     -1.9 What hash functions SILC support?
+1.10 What hash functions SILC support?
     -1.10 What public key algorithms SILC support?
+1.11 What public key algorithms SILC support?
     -1.11 Does SILC support PGP keys?
+1.12 Does SILC support PGP keys?
     -1.12 Does SILC support SSH keys?
+1.13 Does SILC support SSH keys?
     -1.13 Does SILC support X.509 certificates?
+1.14 Does SILC support X.509 certificates?
     -1.14 So SILC can be used with other keys too instead of just SILC public +1.15 So SILC can be used with other keys too instead of just SILC public keys?
     -1.15 How the MAC is computed in SILC?
+1.16 How the MAC is computed in SILC?
     -1.16 Why SILC does not use PGP to encrypt messages?
+1.17 Why SILC does not use PGP to encrypt messages?
     -1.17 Why SILC does not use TLS/SSL to encrypt messages?
+1.18 Why SILC does not use TLS/SSL to encrypt messages?
     -1.18 Why SILC does not use SSH tunneling or IPSEC to encrypt messages?
+1.19 Why SILC does not use SSH tunneling or IPSEC to encrypt messages?
     -1.19 How is the transport in SILC protected then?
+1.20 How is the transport in SILC protected then?
     -1.20 Do I understand you correctly that TLS/SSL + PGP would be same as +1.21 Do I understand you correctly that TLS/SSL + PGP would be same as SILCs own protection now?
     -1.21 Are you also saying that a chat protocol using TLS/SSL alone is not +1.22 Are you also saying that a chat protocol using TLS/SSL alone is not actually sufficient (like IRC+SSL)?
     -1.22 Are you also saying that a chat protocol using PGP alone is not +1.23 Are you also saying that a chat protocol using PGP alone is not actually sufficient (like ICQ+PGP)?
     -1.23 So chat protocol always needs both secured transport and secured +1.24 So chat protocol always needs both secured transport and secured messages, right?
     -1.24 What is the purpose of the SILC key exchange (SKE) protocol?
+1.25 What is the purpose of the SILC key exchange (SKE) protocol?
     -1.25 How does SKE protocol protect against man-in-the-middle attacks which can be used to attack Diffie-Hellman?
+1.26 How does SKE protocol protect against man-in-the-middle attacks which can be used to attack Diffie-Hellman?
     -1.26 Would have it been possible to use some other key exchange protocol +1.27 Would have it been possible to use some other key exchange protocol in SILC instead of developing SKE?
     -1.27 Should I verify the public key of the server when I connect to it?
+1.28 Should I verify the public key of the server when I connect to it?
     -1.28 Should I verify all other public keys in SILC?
+1.29 Should I verify all other public keys in SILC?
     -1.29 Why SILC does not used OpenSSL crypto library instead of its own?
+1.30 Why SILC does not used OpenSSL crypto library instead of its own?
     -1.30 Is it possible to digitally sign messages in SILC?
+1.31 Is it possible to digitally sign messages in SILC?
     -1.31 I am a Harry Hacker, and I want to crack your protocol. What would be +1.32 I am a Harry Hacker, and I want to crack your protocol. What would be the best way to attack SILC protocol?
     -1.32 What could happen if a server in SILC network would become compromised?
+1.33 What could happen if a server in SILC network would become compromised?
     -1.33 What could happen if a router would become compromised?
+1.34 What could happen if a router would become compromised?
     -1.34 Is my channel messages protected on compromised server or not?
+1.35 Is my channel messages protected on compromised server or not?
     -1.35 Is my private messages protected on compromised server or not?
+1.36 Is my private messages protected on compromised server or not?
     -1.36 Should I then always use private keys for all messages?
+1.37 Should I then always use private keys for all messages?
     -1.37 How likely is it that some server would become compromised?
+1.38 How likely is it that some server would become compromised?

 
@@ -154,6 +156,17 @@ A: The required mode is currently CBC. Other modes are optional. NIST finalizes its selection process for these modes.
 
+ +Q: Is CBC mode going to be replaced in SILC?
+A: Even if new encryption mode like CTR is introduced to SILC protocol the +CBC mode will not likely go away. Recently new attacks has been +introduced to the traditional CBC (IV is the previous ciphertext block), +so looking additional modes for the future is wise. Another possiblity +is to change the CBC to be so called randomized CBC (all IVs are random), +however most likely this will not be done in SILC. Rather, new modes will +be introduced instead. +
 
+ Q: What hash functions SILC support?
A: The required hash function is SHA-1, but also the MD5 is added to the