Security notes / Unsorted: Difference between revisions
m (→TPM) |
|||
Line 2: | Line 2: | ||
{{stub}} | {{stub}} | ||
==Pre-boot authentication== | ==Pre-boot authentication== |
Revision as of 13:20, 9 March 2024
Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |
Pre-boot authentication
https://en.wikipedia.org/wiki/Pre-boot_authentication
Nonce
Challenge/response
JSON Web Signature, Encryption, Tokens
GSSAPI notes
GSSAPI is a IETF standard to make it easier for various software to do various strong auth, e.g. Kerberos.
It also allows various other auth schemes to be plugged into it.
Which also makes it potentially interesting for SSO setups within an organisation.
(not unlike SASL, which can include GSSAPI)
It's used by things like OpenSSH,
NaCl
There are two security related things called NaCl - which are completely unrelated to each other.
(There are also other things called salt, like automation software Salt (a.k.a. Saltstack)
NaCl as in libsodium
Google NaCl
Side note: Asymmetric v.s. symmetric keys
Simpler systems had symmetric keys, meaning that the encoding and decoding key was the same.
This allows encryption in both ways -- and that both parties have to trust each other mutually.
You have to trust neither will accidentally or purposefully leak the key, because that key means all possible abilities including
- reading received encrypted data from, current or past
- imitating the other side's data
That's usually fine between two parties, but sharing the same key between more than two is as weak as the weakest link. Again,
- reading all parties' encrypted data from, current or past
- imitating all parties involved
This is arguably the largest problem that public-private key systems target (there are other upsides):
- given the public key of someone's (public,private) keypair, it is nearly impossible to calculate the private one
- ideally even with any number of encrypted messages
...which is why it isn't a problem to hand the public ones out.