DOCSLIB.ORG

Open Source Used in Asyncos 10.6 for Cisco Web Security Appliances

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Open Source Used in Asyncos 10.6 for Cisco Web Security Appliances Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 1 Text Part Number: 78EE117C99-185085155 Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 2 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-185085155 Contents 1.1 c-ares 1.10.0 1.1.1 Available under license 1.2 file 5.11 :0.0 1.2.1 Available under license 1.3 flex 2.5.4 :6.0.0.0501961 1.3.1 Available under license 1.4 FreeRADIUS-client 1.1.6 1.4.1 Available under license 1.5 jansson 2.5 1.5.1 Available under license 1.6 jpeg 8c 1.6.1 Notifications 1.6.2 Available under license 1.7 libevent 2.0.21 :(18 Nov 2012) 1.7.1 Available under license 1.8 libexecinfo 1.1 :3 1.8.1 Available under license 1.9 libunwind 1.2 :rc1 1.9.1 Available under license 1.10 libunwind 1.2 :2.el7 1.10.1 Available under license 1.11 libwww 5.4.0 :2 1.11.1 Available under license 1.12 libxml2 2.7.6 :1 1.12.1 Available under license 1.13 lucene-core 2.4.1 Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 3 1.13.1 Available under license 1.14 openldap 2.3.4 1.14.1 Available under license 1.15 openssh 6.6.1p1 :22.el7 1.15.1 Available under license 1.16 openssh 6.2p2 :r0 1.16.1 Available under license 1.17 OpenSSL 1.0.2h :1 1.17.1 Notifications 1.17.2 Available under license 1.18 OpenSSL 1.0.1e 1.18.1 Notifications 1.18.2 Available under license 1.19 pam_radius 1.3.17 1.19.1 Available under license 1.20 PostgreSQL 7.4.2 1.20.1 Available under license 1.21 python 2.6 1.21.1 Available under license 1.22 Samba 4.5 4.5.8 1.22.1 Available under license 1.23 simplejson 2.0.9 1.23.1 Available under license 1.24 stunnel 5.03 5.03 1.24.1 Available under license 1.25 sudo 1.7.4p4 1.25.1 Available under license 1.26 TCL 8.4 1.26.1 Available under license 1.27 vmtools 1 :1 1.27.1 Available under license 1.28 xmlrpc-c 0.9.10 :2 1.28.1 Available under license 1.29 xmlsec1 1.2.14 1.29.1 Available under license 1.30 yui 2.9.0 1.30.1 Available under license FreeBSD 10.4 platform upgrade Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 4 2.1 bash 4.4.12 2.1.1 Available under license 2.2 curl 7.31.0 2.2.1 Available under license 2.3 curl 7.55.1 :1ubuntu2.4 2.3.1 Available under license 2.4 Expat 2.2.1 2.4.1 Available under license 2.5 ffs2recov 1.0 2.6 FreeBSD Kernel 10.4 2.6.1 Available under license 2.7 glib2 2.36.3 :5.el7 2.7.1 Available under license 2.8 indexinfo 0.2.6 2.8.1 Available under license 2.9 IPMItool 1.8.9 2.9.1 Available under license 2.10 json-c 0.12 2.10.1 Available under license 2.11 libarchive 3.3.1-r1 2.11.1 Available under license 2.12 libevent2 2.0.21 :2.el6 2.12.1 Available under license 2.13 libexecinfo 1.1 :3 2.13.1 Available under license 2.14 libffi 3.2.1 :4 2.14.1 Available under license 2.15 libgcrypt 1.8.0 2.15.1 Available under license 2.16 libgpg-error0 1.27 :r0.0 2.16.1 Available under license 2.17 libiconv 1.14_10 2.17.1 Available under license 2.18 libidn 1.33 2.18.1 Available under license 2.19 libtool 2.4.6 2.19.1 Available under license 2.20 libwww 5.4.0 :3.0.2.0903352 2.20.1 Available under license Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 5 2.21 libxslt 1.1.29 2.21.1 Available under license 2.22 lsof 4.90 2.23 lzo 2.10 2.23.1 Available under license 2.24 ncurses 6.0 :3 2.24.1 Available under license 2.25 nss 3.32 2.25.1 Available under license 2.26 openldap 2.3.43 2.26.1 Available under license 2.27 OpenSSH 7.3p1 2.27.1 Available under license 2.28 OpenSSL 1.0.2m 2.28.1 Notifications 2.28.2 Available under license 2.29 OpenSSL patch to 0.9.8 branch to add RFC5649 (key wrap with pad) 1.0 2.29.1 Notifications 2.29.2 Available under license 2.30 PCRE 8.40 2.30.1 Available under license 2.31 Perl 5.24 2.31.1 Available under license 2.32 perl-Frontier-RPC 0.07b4p1 :9.el6 2.32.1 Available under license 2.33 pkgconf 1.3.7 2.33.1 Available under license 2.34 smartmontools 6.5 2.34.1 Available under license 2.35 srm 1.2.15 2.35.1 Available under license 2.36 tzdata 2017b-1 2.36.1 Available under license 2.37 udns 0.4 2.37.1 Available under license 1.1 c-ares 1.10.0 Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 6 1.1.1 Available under license : /* Copyright 1998 by the Massachusetts Institute of Technology. * Copyright (C) 2007-2013 by Daniel Stenberg * * Permission to use, copy, modify, and distribute this * software and its documentation for any purpose and without * fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright * notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" * without express or implied warranty. */ 1.2 file 5.11 :0.0 1.2.1 Available under license : Copyright (c) The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Open Source Used In AsyncOS 10.6.0 for Cisco Web Security Appliances 7 1.3 flex 2.5.4 :6.0.0.0501961 1.3.1 Available under license : Flex carries the copyright used for BSD software, slightly modified because it originated at the Lawrence Berkeley (not Livermore!) Laboratory, which operates under a contract with the Department of Energy: Copyright (c) 1990 The Regents of the University of California. All rights reserved. This code is derived from software contributed to Berkeley by Vern Paxson. The United States Government has rights in this work pursuant to contract no. DE-AC03-76SF00098 between the United States Department of Energy and the University of California. Redistribution and use in source and binary forms with or without modification are permitted provided that: (1) source distributions retain this entire copyright notice and comment, and (2) distributions including binaries display the following acknowledgement: ``This product includes software developed by the University of California, Berkeley and its contributors'' in the documentation or other materials provided with the distribution and in all advertising materials mentioning features or use of this software.
Load more

Recommended publications
  • Open Directory & Openldap
    Open Directory & OpenLDAP David M. O’Rourke Engineering Manager Overview • Background on Apple’s Open Directory Technology (8 minutes) – What is it – What is Directory Services • How has Apple integrated OpenLDAP (20 minutes or less) – what has Apple added to OpenLDAP? • Questions and Answers (remaining time) Open Directory • Open Directory is a technology name – Covers both client access technologies and server technologies – Integrates and promotes industry standard technologies • Open Directory is built into Mac OS X & Mac OS X Server – Been there since 10.0 • Open Sourced as part of Darwin – http://developer.apple.com/darwin/projects/ opendirectory/ What Is Directory Services • Abstraction API for read/write access to system configuration and management data – Users, groups, mount records and others – Authentication abstraction Mac OS X Software Directory Services NetInfo LDAP BSD Files Other… Directory Services in 10.3 • Includes – LDAPv3 (read/write), Native Active Directory, NetInfo, NIS, BSD/etc files – Service Discovery: Rendezvous, SMB, AppleTalk, and SLP – LDAPv3 client support replication fail over • Documented Access API and plug-in API – SDK posted – Sample code, sample plug-in, notes – Directory Services Headers are installed in – /System/Library/Frameworks/DirectoryService.framework – Command line tool for directory editing ‘dscl’ 10.3 Usage of Directory Services • Login Window uses Directory Services for all user authentication – Managed Desktop • All Security Framework authentication uses Directory Services • Legacy Unix
    [Show full text]
  • Megaraid 6Gb/S SAS RAID Controllers Users Guide
    USER’S GUIDE MegaRAID® 6Gb/s SAS RAID Controllers November 2009 41450-02 Rev. B This document contains proprietary information of LSI Corporation. The information contained herein is not to be used by or disclosed to third parties without the express written permission of an officer of LSI Corporation. LSI products are not intended for use in life-support appliances, devices, or systems. Use of any LSI product in such applications without written consent of the appropriate LSI officer is prohibited. Purchase of I2C components of LSI Corporation, or one of its sublicensed Associated Companies, conveys a license under the Philips I2C Patent Rights to use these components in an I2C system, provided that the system conforms to the I2C standard Specification as defined by Philips. Document 41450-02 Rev. B, November 2009. This document describes the current versions of the LSI Corporation MegaRAID® SAS RAID controllers and will remain the official reference source for all revisions/releases of these products until rescinded by an update. LSI Corporation reserves the right to make changes to any products herein at any time without notice. LSI does not assume any responsibility or liability arising out of the application or use of any product described herein, except as expressly agreed to in writing by LSI; nor does the purchase or use of a product from LSI convey a license under any patent rights, copyrights, trademark rights, or any other of the intellectual property rights of LSI or third parties. Copyright © 2009 by LSI Corporation. All rights reserved. TRADEMARK ACKNOWLEDGMENT LSI, the LSI logo design, Fusion-MPT, and MegaRAID are trademarks or registered trademarks of LSI Corporation.
    [Show full text]
  • Libressl Presentatie2
    Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is LibreSSL • A fork of OpenSSL 1.0.1g • Being worked on extensively by a number of OpenBSD developers What is OpenSSL • OpenSSL is an open source SSL/TLS crypto library • Currently the de facto standard for many servers and clients • Used for securing http, smtp, imap and many others Alternatives • Netscape Security Services (NSS) • BoringSSL • GnuTLS What is Heartbleed • Heartbleed was a bug leaking of private data (keys) from both client and server • At this moment known as “the worst bug ever” • Heartbeat code for DTLS over UDP • So why was this also included in the TCP code? • Not the reason to create a fork Why did this happen • Nobody looked • Or at least didn’t admit they looked Why did nobody look • The code is horrible • Those who did look, quickly looked away and hoped upstream could deal with it Why was the code so horrible • Buggy re-implementations of standard libc functions like random() and malloc() • Forces all platforms to use these buggy implementations • Nested #ifdef, #ifndefs (up to 17 layers deep) through out the code • Written in “OpenSSL C”, basically their own dialect • Everything on by default Why was it so horrible? crypto_malloc • Never frees memory (Tools like Valgrind, Coverity can’t spot bugs) • Used LIFO recycling (Use after free?) • Included debug malloc by default, logging private data • Included the ability to replace malloc/free at runtime #ifdef trees • #ifdef, #elif, #else trees up to 17 layers deep • Throughout the complete source • Some of which could never be reached • Hard to see what is or not compiled in 1.
    [Show full text]
  • Not-Quite-So-Broken TLS Lessons in Re-Engineering a Security Protocol Specification and Implementation
    Not-quite-so-broken TLS Lessons in re-engineering a security protocol specification and implementation David Kaloper Meršinjak Hannes Mehnert Peter Sewell Anil Madhavapeddy University of Cambridge, Computer Labs Usenix Security, Washington DC, 12 August 2015 INT SSL23_GET_CLIENT_HELLO(SSL *S) { CHAR BUF_SPACE[11]; /* REQUEST THIS MANY BYTES IN INITIAL READ. * WE CAN DETECT SSL 3.0/TLS 1.0 CLIENT HELLOS * ('TYPE == 3') CORRECTLY ONLY WHEN THE FOLLOWING * IS IN A SINGLE RECORD, WHICH IS NOT GUARANTEED BY * THE PROTOCOL SPECIFICATION: * BYTE CONTENT * 0 TYPE \ * 1/2 VERSION > RECORD HEADER * 3/4 LENGTH / * 5 MSG_TYPE \ * 6-8 LENGTH > CLIENT HELLO MESSAGE Common CVE sources in 2014 Class # Memory safety 15 State-machine errors 10 Certificate validation 5 ASN.1 parsing 3 (OpenSSL, GnuTLS, SecureTransport, Secure Channel, NSS, JSSE) Root causes Error-prone languages Lack of separation Ambiguous and untestable specification nqsb approach Choice of language and idioms Separation and modular structure A precise and testable specification of TLS Reuse between specification and implementation Choice of language and idioms OCaml: a memory-safe language with expressive static type system Well contained side-effects Explicit flows of data Value-based Explicit error handling We leverage it for abstraction and automated resource management. Formal approaches Either reason about a simplified model of the protocol; or reason about small parts of OpenSSL. In contrast, we are engineering a deployable implementation. nqsb-tls A TLS stack, developed from scratch, with dual goals: Executable specification Usable TLS implementation Structure nqsb-TLS ML module layout Core Is purely functional: VAL HANDLE_TLS : STATE -> BUFFER -> [ `OK OF STATE * BUFFER OPTION * BUFFER OPTION | `FAIL OF FAILURE ] Core OCaml helps to enforce state-machine invariants.
    [Show full text]
  • Advanced Openbsd Hardening
    Advanced Hardening WrongunWrongun && DCDC JuneJune 20052005 ssh://root:[email protected] Lab Challenge JoinJoin thethe wifiwifi netnet andand sshssh intointo thethe boxbox usingusing thethe accountaccount specifiedspecified inin thethe footerfooter TryTry toto pwnpwn thethe boxbox byby addingadding anan accountaccount forfor yourselfyourself oror backdooringbackdooring sshdsshd ssh://root:[email protected] “Only one remote hole in the default install, in more than 8 years! “ ssh://root:[email protected] So OpenBSD is uber secure, right? Actually,Actually, nono …… TheThe defaultdefault installinstall hashas nothingnothing enabledenabled (except(except ssh)ssh) ““NoNo wonderwonder itit ’’ss secure,secure, itit ’’ss poweredpowered off!off! ”” SourceSource --onlyonly patchingpatching strategystrategy makesmakes itit difficultdifficult toto rollroll outout fixesfixes toto platformsplatforms w/ow/o compilerscompilers (i.e.(i.e. disklessdiskless firewalls,firewalls, etc.)etc.) ssh://root:[email protected] Brief History of OpenBSD Vulnerabilities 30 March 05: Bugs in the cp(4) stack can lead to memory exhaustion or processing of TCP segments with invalid SACK optio ns and cause a system crash. 14 Dec 04: On systems running sakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setti ng psec(4) credentials on a socket 20 Sept 04: radius authentication, as implemented by ogin_radius(8) , was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof
    [Show full text]
  • The Lightning Memory-Mapped Database
    The Lightning Memory-Mapped Database Howard Chu CTO, Symas Corp. [email protected] Chief Architect, OpenLDAP [email protected] 2015-09-21 OpenLDAP Project ● Open source code project ● Founded 1998 ● Three core team members ● A dozen or so contributors ● Feature releases every 12-18 months ● Maintenance releases as needed 2 A Word About Symas ● Founded 1999 ● Founders from Enterprise Software world – platinum Technology (Locus Computing) – IBM ● Howard joined OpenLDAP in 1999 – One of the Core Team members – Appointed Chief Architect January 2007 ● No debt, no VC investments: self-funded 3 Intro ● Howard Chu – Founder and CTO Symas Corp. – Developing Free/Open Source software since 1980s ● GNU compiler toolchain, e.g. "gmake -j", etc. ● Many other projects... – Worked for NASA/JPL, wrote software for Space Shuttle, etc. 4 Topics (1) Background (2) Features (3) Design Approach (4) Internals (5) Special Features (6) Results 5 (1) Background ● API inspired by Berkeley DB (BDB) – OpenLDAP has used BDB extensively since 1999 – Deep experience with pros and cons of BDB design and implementation – Omits BDB features that were found to be of no benefit ● e.g. extensible hashing – Avoids BDB characteristics that were problematic ● e.g. cache tuning, complex locking, transaction logs, recovery 6 (2) Features LMDB At A Glance ● Key/Value store using B+trees ● Fully transactional, ACID compliant ● MVCC, readers never block ● Uses memory-mapped files, needs no tuning ● Crash-proof, no recovery needed after restart ● Highly optimized, extremely compact – under 40KB object code, fits in CPU L1 I$ ● Runs on most modern OSs – Linux, Android, *BSD, MacOSX, iOS, Solaris, Windows, etc..
    [Show full text]
  • Overview and Frequently Asked Questions
    Overview and Frequently Asked Questions OVERVIEW Oracle Buys Open Source Software Company Sleepycat - Expands Embedded Database Product Line with Berkeley DB Oracle has expanded its embedded Oracle’s portfolio of embedded database technologies provide database offerings through the customers with a range of technical options to meet their diverse needs, with the backing of a global support organization. Oracle acquisition of Sleepycat Software, Inc., and Sleepycat’s complementary products, expertise and resources a privately held supplier of open source will help accelerate innovation and provide customers with richer, database software for developers of more complete solutions. Oracle currently intends to continue embedded applications. Sleepycat’s dual license model and plans to continue to invest in the Berkeley DB products and support offerings, and to utilize Oracle’s global channel reach to service even more customers. With the proliferation of new applications, devices, appliances, Web Services and highly available Software as a Service (SaaS), In conjunction with the expansion of available embedded there is significant and growing demand for embedded databases. database options, Oracle has formed a global initiative focused In addition to Oracle Database Lite Edition for mobile devices on marketing, selling and servicing the Oracle Lite, TimesTen and Oracle TimesTen In-Memory Database for highly dynamic, and Berkeley DB products. This will include support procedures standards-compliant applications, Oracle now adds Berkeley DB and product release cycles tuned to the rapid-response needs database products for developers of tightly embedded, highly of embedded systems developers, and packaging and pricing customized applications. Berkeley DB is added to the Oracle flexibility that adjusts to the needs of Oracle’s partners.
    [Show full text]
  • Arxiv:1911.09312V2 [Cs.CR] 12 Dec 2019
    Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications Tianwei Zhang Jun Jiang Yinqian Zhang Nanyang Technological University Two Sigma Investments, LP The Ohio State University [email protected] [email protected] [email protected] Abstract—We systematize software side-channel attacks with three questions: (1) What are the common and distinct a focus on vulnerabilities and countermeasures in the cryp- features of various vulnerabilities? (2) What are common tographic implementations. Particularly, we survey past re- mitigation strategies? (3) What is the status quo of cryp- search literature to categorize vulnerable implementations, tographic applications regarding side-channel vulnerabili- and identify common strategies to eliminate them. We then ties? Past work only surveyed attack techniques and media evaluate popular libraries and applications, quantitatively [20–31], without offering unified summaries for software measuring and comparing the vulnerability severity, re- vulnerabilities and countermeasures that are more useful. sponse time and coverage. Based on these characterizations This paper provides a comprehensive characterization and evaluations, we offer some insights for side-channel of side-channel vulnerabilities and countermeasures, as researchers, cryptographic software developers and users. well as evaluations of cryptographic applications related We hope our study can inspire the side-channel research to side-channel attacks. We present this study in three di- community to discover new vulnerabilities, and more im- rections. (1) Systematization of literature: we characterize portantly, to fortify applications against them. the vulnerabilities from past work with regard to the im- plementations; for each vulnerability, we describe the root cause and the technique required to launch a successful 1.
    [Show full text]
  • Crypto Projects That Might Not Suck
    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
    [Show full text]
  • Secure Industrial Device Connectivity with Low-Overhead TLS
    Secure Industrial Device Connectivity with Low-Overhead TLS Tuesday, October 3, 2017 1:10PM-2:10PM Chris Conlon - Engineering Manager, wolfSSL - B.S. from Montana State University (Bozeman, MT) - Software engineer at wolfSSL (7 years) Contact Info: - Email: [email protected] - Twitter: @c_conlon A. – B. – C. – D. – E. F. ● ● ● ○ ● ○ ● ○ ● Original Image Encrypted using ECB mode Modes other than ECB ● ○ ● ○ ● ● ● ● ○ ● ● ● ● ○ ● ○ ○ ○ ○ ● ○ ● ● ● ● ○ ● ● ○ By Original schema: A.J. Han Vinck, University of Duisburg-EssenSVG version: Flugaal - A.J. Han Vinck, Introduction to public key cryptography, p. 16, Public Domain, https://commons.wikimedia.org/w/index.php?curid=17063048 ● ○ ● ○ ■ ■ ■ ● ○ ■ ● ● ● ● ● ○ ● ● ● ● ● ● ● ○ ○ ○ ○ ● “Progressive” is a subjective term ● These slides talk about crypto algorithms that are: ○ New, modern ○ Becoming widely accepted ○ Have been integrated into SSL/TLS with cipher suites ● ChaCha20 ● Poly1305 ● Curve25519 ● Ed25519 Created by Daniel Bernstein a research professor at the University of Illinois, Chicago Chacha20-Poly1305 AEAD used in Google over HTTPS Ed25519 and ChaCha20-Poly1305 AEAD used in Apple’s HomeKit (iOS Security) ● Fast stream cipher ● Based from Salsa20 stream cipher using a different quarter-round process giving it more diffusion ● Can be used for AEAD encryption with Poly1305 ● Was published by Bernstein in 2008 Used by ● Google Chrome ● TinySSH ● Apple HomeKit ● wolfSSL ● To provide authenticity of messages (MAC) ● Extremely fast in comparison to others ● Introduced by a presentation given from Bernstein in 2002 ● Naming scheme from using polynomial-evaluation MAC (Message Authentication Code) over a prime field Z/(2^130 - 5) Used by ● Tor ● Google Chrome ● Apple iOS ● wolfSSL Generic Montgomery curve. Reference 5 Used by ● Tera Term ● GnuPG ● wolfSSL Generic Twisted Edwards Curve.
    [Show full text]
  • OPENBSD HARDWARE SENSORS FRAMEWORK a Unified and Ready-To-Use System for Hassle-Ee Hardware Monitoring
    OPENBSD HARDWARE SENSORS FRAMEWORK A unified and ready-to-use system for hassle-ee hardware monitoring. Constantine A. Murenin and Raouf Boutaba University of Waterloo AsiaBSDCon 2009 — 12–15 March 2009 — Tokyo, Japan Abstract In this paper, we will discuss the origin, history, design guidelines, API and the device drivers of the hardware sensors framework available in OpenBSD. The framework spans multiple utilities in the base system and the ports tree, is utilised by over 70 drivers, and is considered to be a distinctive and ready-to-use feature that sets OpenBSD apart from many other operating systems, and in its root is inseparable from the OpenBSD experience. 1. Introduction Another trend that has been particularly common in the recent years is the availability of defined inter- We will start by investigating into the matter of what faces for software-based temperature readout from hardware monitoring sensors represent, how common individual components of personal computers, such as is it for them to appear in the general-purpose com- the CPU, or the add-on cards, such as those imple- puter hardware that has been available on the market menting the 802.11 wireless functionality or 10 Giga- in the last decade or so, and what benefits can we gain bit Ethernet. Popular examples include recent Intel by having a unified, simple and straightforward inter- Xeon and Core series of processors (as well as budget face for getting the data out of these sensors. models that are marketed under different brands) Although it may come as a surprise to some users, the [admtemp.4] [cpu.4]; all AMD64 processors from majority of personal computers that have been avail- AMD (Families 0Fh, 10h, 11h) [kate.4] [km.4]; Intel able on the market in the last decade have an inte- WiFi Link 4965/5100/5300 wireless network devices grated hardware monitoring circuitry whose main [iwn.4].
    [Show full text]
  • Cryptanalysis of the Random Number Generator of the Windows Operating System
    Cryptanalysis of the Random Number Generator of the Windows Operating System Leo Dorrendorf School of Engineering and Computer Science The Hebrew University of Jerusalem 91904 Jerusalem, Israel [email protected] Zvi Gutterman Benny Pinkas¤ School of Engineering and Computer Science Department of Computer Science The Hebrew University of Jerusalem University of Haifa 91904 Jerusalem, Israel 31905 Haifa, Israel [email protected] [email protected] November 4, 2007 Abstract The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the ¯rst time, the algorithm used by the pseudo- random number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on forward-security demonstrates that the design of the generator is flawed, since it is well known how to prevent such attacks. We also analyzed the way in which the generator is run by the operating system, and found that it ampli¯es the e®ect of the attacks: The generator is run in user mode rather than in kernel mode, and therefore it is easy to access its state even without administrator privileges.
    [Show full text]