-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about encryption #1724
Comments
Your best best for information about the QUIC protocol is the RFCs or other technical writing around that topic. I'd start with https://datatracker.ietf.org/doc/html/rfc9000#name-protected-packets, which will provide your answers (TL;DR all packets have some form of protection). Since this isn't a question about the quiche project itself, I'm closing the issue. But feel free to post questions about QUIC to the community - https://github.com/quicwg/base-drafts/blob/main/CONTRIBUTING.md#engaging-with-the-quic-community |
Hey Lucas, thank you for the resources, I will study them |
I can confirm that learning about those protocols in detail will help you understand everything much better. For example, if you want to use http/3.0, you will use encryption by default. Cloudflare has written a blog about this too: https://www.cloudflare.com/learning/performance/what-is-http3/ Keep in mind though, just using some sort of encryption doesn't necessarily mean you are secure. ROT13 for example is an "encryption" algorithm that works by shifting all characters and has been used in production for emails. However, it's trivially easy to break as you can literally brute force it very quickly by hand by just shifting everything. AES the most widely used encryption algorithm uses fixed s boxes (nonlinear function) which means there is an inverse S-Box that allows this person to... well... read everything :) Knowing this inverse s box is pretty much half of the key, so this isn't very secure. Therefore I'd strongly suggest you to also study different encryption algorithms that use a key dependent s box rather than a static one. Take examples from Blowfish, Serpent, Twofish etc This is just the tip of the iceberg but should help you get started :) |
Yep, yep, I've learned about the internals of AES in university too, it's not safe to discuss here plus I'm also really busy with some other work, feel free to reach out to me on telegram @onebsv , thanks |
Was wondering if each packet being sent is encrypted or is it just the handshake which is encrypted? Pardon me for my lack of understanding, just a newbie. Thanks
The text was updated successfully, but these errors were encountered: