1
0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2024-12-12 22:36:32 +01:00
Commit Graph

23 Commits

Author SHA1 Message Date
Frank Denis
d17b572b75 Update deps 2019-10-26 16:51:14 +02:00
Frank Denis
e6b9f3c2c0 Update go-dnsstamps 2019-10-14 10:50:09 +02:00
Frank Denis
67f46b3c3e Update go-dnsstamps 2019-10-14 02:24:04 +02:00
Frank Denis
d2db6b55a8 Update deps 2019-10-12 21:22:15 +02:00
Frank Denis
8c147c7efd Manually pin dependency revisions 2019-09-09 18:45:42 +02:00
Frank Denis
e49823d328 More deps update 2019-09-09 18:08:44 +02:00
Frank Denis
1a06806477 Revert "Use CIRCL for X25519. That makes ephemeral key computation faster."
This reverts commit 5d130cdf0b.

Revert "Kill nacl/box"

This reverts commit dd9cf5cc9a.
2019-09-09 17:43:30 +02:00
Frank Denis
5c9c20c974 swizzle 2019-09-07 16:26:31 +02:00
Frank Denis
cef00d5d0b Update deps 2019-09-07 11:04:40 +02:00
Frank Denis
9b33aba757 Update deps 2019-07-06 18:03:41 +02:00
Frank Denis
dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis
d80e72365f Update deps 2019-06-24 14:55:34 +02:00
Frank Denis
5d130cdf0b Use CIRCL for X25519. That makes ephemeral key computation faster. 2019-06-24 14:17:00 +02:00
Frank Denis
14d6345d6b Deps update 2019-06-04 09:51:48 +02:00
Frank Denis
11311d663d Update deps 2019-06-02 13:25:06 +02:00
Frank Denis
f8415c4a4b Update deps 2019-05-31 22:49:25 +02:00
Frank Denis
71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis
25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
This reverts commit 2d1dd7eaab.
2019-04-02 01:57:48 +02:00
Frank Denis
2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis
674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis
c16016b112 Update deps 2019-03-14 02:17:58 +01:00
Frank Denis
b624f8ef58 Accept sdns: scheme without a namespace 2019-03-03 18:20:39 +01:00
Frank Denis
c3e29c2a60 Switch to Go modules 2019-03-01 18:44:37 +01:00