Day 5 SSL2 Basic Finished and Researching Authentication and Cipher

September 20, 2021•82 words

What I did: Authentication
Total time: 43.683
Comments:
Discovered annoying bug in protocol where the SSL2 session is tied directly to the authentication of the user by relying on derived secrets. If have time (have approximately 240 minutes before needing to move on [discovered flex in my roadmap by dropping signing and verification from the first spec). So if I can answer an array of questions, I can then revisit the SSL2 protocol and redesign so that SSL2 is seperate from authentication.

👍❤️🫶👏👌🤯🤔😂😍😭😢😡😮

Subscribe to the author

You'll only receive email when they publish something new.

More from KitzuneFiles
All posts

Day 4 Authentication Planning over SSL2

September 19, 2021•245 words

What I did: Authentication Total time: 42.667 Comments: Grappling with questions like 'authenticate then encrypt or encrypt then authenticate?' Finding way to minimize the protocol and move session management to a higher level. This level should only be concerned about creating encrypted layer and ensuring the person is authenticated. Session management and tracking should be done at a higher level. Managed to simplify the FSM even more by moving session management to a higher level. Furtherm...

Read post

Day 6 Security and SSL2 Protocol examination

September 21, 2021•64 words

What I did: Authentication Total time: 44.083 Comments: Discovered XChaChaPoly1305 may be the break we need provides authentication of data and easily swappable encryption protocols as XChaCha is discovered to be weak. Along with developing a security watchlist on both Google SSL and Standard Notes to ensure that Gaya's security pratices stay quite modern, until we're big enough to afford our own security team. ...

Read post

Day 5 SSL2 Basic Finished and Researching Authentication and Cipher

More from KitzuneFilesAll posts

Day 4 Authentication Planning over SSL2

Day 6 Security and SSL2 Protocol examination

More from KitzuneFiles
All posts