Commit Graph

25 Commits

Author SHA1 Message Date
Frank Denis 2739db2733 Update deps 2020-06-02 13:56:05 +02:00
Frank Denis c6b2869317 Update Poly1305 dep 2020-04-26 13:03:48 +02:00
Frank Denis ee070be530 Update deps 2020-02-26 15:38:43 +01:00
Frank Denis 26971d254d go crypto update 2020-01-11 08:57:16 -07:00
Frank Denis 6f62a82496 Update deps 2019-12-21 21:28:07 +01:00
Frank Denis 568376ea13 Update deps 2019-11-14 22:34:38 -05:00
Frank Denis 1a06806477 Revert "Use CIRCL for X25519. That makes ephemeral key computation faster."
This reverts commit 5d130cdf0b.

Revert "Kill nacl/box"

This reverts commit dd9cf5cc9a.
2019-09-09 17:43:30 +02:00
Frank Denis dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis d80e72365f Update deps 2019-06-24 14:55:34 +02:00
Frank Denis 71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis 25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
This reverts commit 2d1dd7eaab.
2019-04-02 01:57:48 +02:00
Frank Denis 2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis 674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis c16016b112 Update deps 2019-03-14 02:17:58 +01:00
Frank Denis c3e29c2a60 Switch to Go modules 2019-03-01 18:44:37 +01:00
Frank Denis d0ca608cb7 Update deps 2019-02-23 13:44:05 +01:00
Frank Denis 7740e9d3bc Update dep and deps 2018-08-10 01:39:33 +02:00
Frank Denis 02888adff3 Deps update 2018-06-26 15:40:08 +02:00
Frank Denis 5b1fc8da2a Update deps 2018-06-06 16:10:10 +02:00
Frank Denis eff3272b9f Update deps 2018-05-19 01:50:26 +02:00
Frank Denis f44d9f658b Revert "Update deps"
This reverts commit 49e5c87f8d.
2018-05-16 11:53:20 +02:00
Frank Denis 49e5c87f8d Update deps 2018-05-16 11:39:59 +02:00
Frank Denis 4f4daf41b7 Massive dependencies update 2018-05-10 09:56:25 +02:00
Frank Denis ebc3ddda38 Deps update 2018-03-18 09:09:29 -07:00
Ryan Boehning f44e11fa65 Switch from glide to dep. Check in vendor/ 2018-01-11 13:39:18 -08:00