Cryptography

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1670 bytes --]

Hello list,

since Snowden, there is a lot going on about cryptography as he said
that nothing else will help against mass surveillance than strong
cryptography.

IPFire provides a lot of services that use (strong) cryptography like
the VPN services OpenVPN and strongswan and some others like tor.

We can do a lot so that users are able to use these services in the most
secure manner, but I think with that comes is still some education about
the DOs and DON'Ts needed.

So I was thinking that it would be nice to create a section on our wiki
about cryptography and to aggregate all information that is important to
know at one spot. We can refer to the content from the OpenVPN and IPsec
pages for example to suggest which cipher is best to use.

I created some pages about hardware random number generators and
hardware crypto processors that are commonly used and supported by
IPFire. Additionally to that, I can image to add things like these:

* Briefly(!) explain the algorithms there are and point out advantages
and disadvantages. Of course can never give advice to use exactly this
algorithm, but we can say which are considered unsafe to use.

* Provide best practices to protect keys, etc. Explain what attacks are
possible so that people can prepare for them.

I don't want to this to be a huge part of the documentation and this is
probably documented somewhere else very well, but I would like to have
the basics in our wiki. Detailed explanations should be referenced and
not copied.

This is all to see over here:
  http://wiki.ipfire.org/en/cryptography/start

Of course I would like to hear your opinions (if there is anybody out
there)!

-Michael