Hello list,
since Snowden, there is a lot going on about cryptography as he said that nothing else will help against mass surveillance than strong cryptography.
IPFire provides a lot of services that use (strong) cryptography like the VPN services OpenVPN and strongswan and some others like tor.
We can do a lot so that users are able to use these services in the most secure manner, but I think with that comes is still some education about the DOs and DON'Ts needed.
So I was thinking that it would be nice to create a section on our wiki about cryptography and to aggregate all information that is important to know at one spot. We can refer to the content from the OpenVPN and IPsec pages for example to suggest which cipher is best to use.
I created some pages about hardware random number generators and hardware crypto processors that are commonly used and supported by IPFire. Additionally to that, I can image to add things like these:
* Briefly(!) explain the algorithms there are and point out advantages and disadvantages. Of course can never give advice to use exactly this algorithm, but we can say which are considered unsafe to use.
* Provide best practices to protect keys, etc. Explain what attacks are possible so that people can prepare for them.
I don't want to this to be a huge part of the documentation and this is probably documented somewhere else very well, but I would like to have the basics in our wiki. Detailed explanations should be referenced and not copied.
This is all to see over here: http://wiki.ipfire.org/en/cryptography/start
Of course I would like to hear your opinions (if there is anybody out there)!
-Michael