From 40924bef0db23edc3623019797a6ee242ae9e92e Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 1 Nov 2023 21:25:24 +0100 Subject: [PATCH 1/4] Slightly expand/clarify phrasing on quantum resistance --- book/source/03-cryptography.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index b85d982..32c989b 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -46,16 +46,10 @@ A symmetric cryptographic key (which acts as a shared secret) ### Benefits and downsides -Symmetric-key cryptography has major benefits: It is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum]. +Symmetric-key cryptography has major benefits: It is much faster than public-key cryptography (see below). Also, most current symmetric-key cryptographic mechanisms are believed to be resilient against possible advances in quantum computing[^postquantum]. [^postquantum]: Daniel J. Bernstein (2009). ["Introduction to post-quantum cryptography" (PDF)](http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) states that: "many important classes of cryptographic systems", including secret-key cryptographic mechanisms like AES "[..] are believed to resist classical computers and quantum computers." (pages 1, 2). -```{admonition} TODO -:class: warning - -I am not convinced that this information is helpful but, if it remains, perhaps we need this additional statement: "That is, symmetric-key cryptographic mechanisms are currently considered to be resilient against known computer threats, providing a measure of assurance in the evolving landscape of cryptography and quantum computing." -``` - However, exchanging the required shared secret is a problem that needs to be solved separately. [Hybrid cryptosystems](hybrid_cryptosystems) combine the advantages of symmetric-key cryptography with a separate mechanism for managing the shared secret, using public-key cryptography. From d33c8d7933d3fd4bbd8894ec96c59d7a37d9c53e Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Thu, 2 Nov 2023 14:02:03 +0100 Subject: [PATCH 2/4] ch3: sharpen our terminology, use "hash digest" by default Fixes #98 --- book/source/03-cryptography.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 32c989b..12cbb66 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -8,12 +8,12 @@ SPDX-License-Identifier: CC-BY-SA-4.0 ## Cryptographic hash functions -[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, often called a "hash" or "digest." This hash acts like a unique identifier for the original data. +[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, a "hash digest". Often abbreviated as either "digest" or "hash." A hash digest acts like a unique identifier for the original data. Here are two important properties of cryptographic hash functions: -- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents. -- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value. +- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash digest, it should be very difficult to determine the original data it represents. +- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash digest. ## Message authentication codes From 5e9734403929d08c4d8ab1e956980e0a649d8912 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 3 Nov 2023 12:26:06 +0100 Subject: [PATCH 3/4] fix link target name --- book/source/03-cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 12cbb66..e5ff82d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project SPDX-License-Identifier: CC-BY-SA-4.0 --> -(cyrptography_chapter)= +(cryptography_chapter)= # Cryptographic concepts and terms ## Cryptographic hash functions From bac6fbe6fd7fd2fdbeb1ddeed856878757fb16b3 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 3 Nov 2023 12:31:21 +0100 Subject: [PATCH 4/4] clause correction in https://codeberg.org/openpgp/notes/commit/69f5bce965bef1d7db48f815c5882449cec700f8 --- book/source/03-cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index e5ff82d..ebfd687 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -8,7 +8,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 ## Cryptographic hash functions -[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, a "hash digest". Often abbreviated as either "digest" or "hash." A hash digest acts like a unique identifier for the original data. +[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, a "hash digest," which is often abbreviated as either "digest" or "hash." A hash digest acts like a unique identifier for the original data. Here are two important properties of cryptographic hash functions: