Last post by ACagliano - February 05, 2022, 04:50:00 PM
An eighth release of HASHLIB is now available for download. It adds two new implementations as well as some side-channel resistance enhancements. The new library release offers the following:
A hardware-based secure RNG
PBKDF2 via SHA-256 HMAC
Advanced Encryption Standard (AES), for 128, 192, and 256 bit keys
automatic application and stripping of preferred AES padding schemes (ISO-9797 M2 or PKCS#7), where applicable
RSA public key encryption for public modulus between 1024 and 2048 bits
Automatic application and stripping of RSAEP-OAEP via PKCS#1 v2.2
Authentication of SSL certificates signed with RSA with SHA-256
Digest comparison function resistant to timing analysis
Digest to hex-string function
In addition, the following measures were taken for side channel resistance:
All user-facing encryptor functions zero all memory from the start of the current stack frame to the bottom of the stack before handing back control, to prevent state leak.
All user-facing encryptor functions disable interrupts while running, which prevents the OS from responding to USB activity. This serves to stop attempts to map the contents of the device memory while sensitive functions are running.
In addition, the documentation is split into a "Quick Reference" for general assistance, and a Cryptanalysis that provides more technical details (for peer-review).
HASHLIB is still under analysis and peer-review to continue to harden it. Feel free to contribute suggestions for this.
And yeah I crashed my TI-82 Advanced Edition Python about twice or three times through TI-OS bugs despite the lack of ArTIfiCE support. It never RAM cleared so the second time I had to manually do a reset because the calculator was so unstable and there's no reset button on the back. XD
Last post by beaulahwiza - December 16, 2021, 01:55:53 PM
So I worked a bit on the forum theme last night, the hardest part being figuring out how to center the logo (something unusual on a SMF forum) and the theme is far from finished. However, I was unsure about what background color to choose around the site. Currently it's dark turquoise or something, but would people prefer something different and what? What I know, though, is that using the same green as the inner logo green looked ugly, though, and a gray-ish green looks more like an hospital surgery room than anything else.
Last post by ACagliano - October 22, 2021, 03:07:20 AM
Update HASHLIB moves into RC-1
With all the thanks in the world to jacobly from Cemetech for the modular exponentiation function we needed for RSA, HASHLIB is now formally complete and in release candidate phase (apart from the possibility of adding ECDSA in the distant future) and has been released on github for testing.
As many of you may know and others will learn by reading this, HASHLIB contains the following crytographic implementations:
<> A secure PRNG that produces ~96 bits of entropy per 32-bit integer generated. <> The SHA-256 cryptographic hash. <> An implementation of Advanced Encryption Standard (AES), for 128, 192, and 256 bit keys. <> An implementation of RSA encryption up to 2048 bits in key length. <> An implementation of the appropriate padding schemes for the above encryptions. <> An implementation of SSL signature verification using the RSA with SHA-256 signing algorithm.
Feel free to download and test against commonly used cryptography libraries and report back on compatibility or lack thereof.
Last post by ACagliano - October 04, 2021, 12:59:45 PM
The TI-Trek client now has full version matching capabilities. What this means is that when you connect to a TI-Trek server, you will automatically be served the client version that the server requires, which will be relaunched. You will also be automatically served the default (or custom, if supported) graphics pack for that version. No more user fussing over "do I have the right client version?" or "Do I have the right graphics pack?". The server will make sure you do. Also, if you are connecting to a server that needs an earlier version than you have, it will autodowngrade in that case. However, all servers will be hardcoded to not start if you are not requiring a minimum default of the first version that supports RSA (when implemented).
I will soon add the capability to the server to have the version(s) specified and to fetch the gfx and the client automatically into the correct directories to serve them.