Applied Crypto Hardening
Applied Crypto HarDENING WOLFGANG BrEyha, David Durvaux, TOBIAS Dussa, L. AarON Kaplan, Florian Mendel, Christian Mock, Manuel Koschuch, Adi Kriegisch, Ulrich Pöschl, Ramin Sabet, BerG San, Ralf Schlatterbeck, Thomas Schreck, AleXANDER Würstlein, AarON Zauner, Pepi Zawodsky (University OF Vienna, CERT.be, KIT-CERT, CERT.at, A-SIT/IAIK, CORetec.at, FH Campus Wien, VRVis, MilCERT Austria, A-Trust, Runtux.com, Friedrich-AleXANDER University Erlangen-NurEMBERg, azet.org, maclemon.at) NoVEMBER 10, 2016 Do NOT TALK UNENCRYPTED Applied Crypto HarDENING PAGE 2 OF 111 AcknoWLEDGEMENTS WE WOULD LIKE TO EXPRESS OUR THANKS TO THE FOLLOWING REVIEWERS AND PEOPLE WHO HAVE GENEROUSLY OffERED THEIR TIME AND INTEREST (in ALPHABETICAL ORder): BrOwn, Scott Pacher, Christoph Brulebois, Cyril Palfrader, Peter Dirksen-Thedens, Mathis Pape, TOBIAS (layout) DulaunoY, AleXANDRE Petukhova, Anna (Logo) Gühring Philipp Pichler, Patrick Grigg, IAN Riebesel, Nicolas Haslinger, Gunnar Roeckx, Kurt Huebl, AxEL Roesen, Jens Kovacic, Daniel Rublik, Martin Lenzhofer, Stefan Schüpany, Mathias Lorünser, Thomas Schwarz, René («DigNative») Maass, Max Seidl, Eva (PDF layout) Mehlmauer, Christian VAN Horenbeeck, Maarten Millauer, TOBIAS Wagner, Sebastian («sebix») Mirbach, AndrEAS Zangerl, AleXANDER O’Brien, Hugh The REVIEWERS DID REVIEW PARTS OF THE DOCUMENT IN THEIR AREA OF Expertise; ALL REMAINING ERRORS IN THIS DOCUMENT ARE THE SOLE RESPONSIBILITY OF THE PRIMARY authors. Applied Crypto HarDENING PAGE 3 OF 111 AbstrACT “Unfortunately, THE COMPUTER SECURITY AND CRYPTOLOGY COMMUNITIES HAVE DRIFTED APART OVER THE LAST 25 years. Security PEOPLE DON’T ALWAYS UNDERSTAND THE AVAILABLE CRYPTO tools, AND CRYPTO PEOPLE DON’T ALWAYS UNDERSTAND THE Real-world PRoblems.” — Ross Anderson IN [And08] This GUIDE AROSE OUT OF THE NEED FOR SYSTEM ADMINISTRATORS TO HAVE AN updated, solid, WELL Re- SEARCHED AND thought-thrOUGH GUIDE FOR CONfiGURING SSL, PGP, SSH AND OTHER CRYPTOGRAPHIC TOOLS IN THE post-SnoWDEN age.
[Show full text]