Skip to content

Readme updates #140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 21, 2019
Merged

Readme updates #140

merged 7 commits into from
Oct 21, 2019

Conversation

@tomato42
Copy link
Member

@tomato42 tomato42 commented Oct 19, 2019
edited
Loading

Few things changed since 2008... Update the README and speed.py to make them more current.

fixes #67, fixes #30

Update:

  • Speed
  • Features
  • Usage
  • Security
  • OpenSSL compatibility
  • Entropy
  • Deterministic Signatures
  • Examples
    • uncompressed point representation
    • compressed point representation

@tomato42 tomato42 added the maintenance issues related to making the project usable or testable label Oct 19, 2019
@tomato42 tomato42 added this to the v0.14 milestone Oct 19, 2019
@tomato42 tomato42 force-pushed the readme-updates branch 2 times, most recently from c2e39d7 to a21c000 Compare October 19, 2019 00:32
@coveralls
Copy link

coveralls commented Oct 19, 2019
edited
Loading

Coverage Status

Coverage increased (+0.04%) to 92.592% when pulling e5ae843 on tomato42:readme-updates into 4076c2d on warner:master.

@tomato42 tomato42 self-assigned this Oct 19, 2019
@tomato42 tomato42 changed the title Readme updates [WIP] Readme updates Oct 19, 2019
@tomato42 tomato42 changed the title [WIP] Readme updates Readme updates Oct 19, 2019
simo5
simo5 approved these changes Oct 21, 2019
View reviewed changes
Copy link

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nits to the language, otherwise looks good.
The RF/power consumption part is a bit dramatic but hey, it's true :)

README.md Outdated
224, 256, 384, and 521 bits. The "short names" for these curves, as known by
the OpenSSL tool (`openssl ecparam -list_curves`), are: `prime192v1`,
`secp224r1`, `prime256v1`, `secp384r1`, and `secp521r1`. It also includes the
256-bit curve used by Bitcoin, whose short name is `secp256k1`. No other curves
Copy link

@simo5 simo5 Oct 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also uses the 256-bit curve secp256k1 used by Bitcoin.

README.md Outdated
the OpenSSL tool (`openssl ecparam -list_curves`), are: `prime192v1`,
`secp224r1`, `prime256v1`, `secp384r1`, and `secp521r1`. It also includes the
256-bit curve used by Bitcoin, whose short name is `secp256k1`. No other curves
are included, but it would not be too hard to add support for more curves
Copy link

@simo5 simo5 Oct 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would not be -> is not

README.md Outdated
a keypair or signing a message. Note: just loading the private key will cause
keypair generation. Other operations or attack vectors may also be
vulnerable to attacks. **For a sophisticated attacker observing just one
operation with private key will be sufficient to completely
Copy link

@simo5 simo5 Oct 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with a private key

README.md Outdated
is to call `s=sk.to_string()`, and then re-create it with
`SigningKey.from_string(s, curve)` . This short form does not record the
curve, so you must be sure to tell from_string() the same curve you used for
curve, so you must be sure to tell `from_string()` the same curve you used for
Copy link

@simo5 simo5 Oct 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tell -> pass to

@tomato42
update speed.py
dcfa19f 
make it a bit more modular and make the output look more like
OpenSSL's
@tomato42
rephrase Features
589a5e5
@tomato42
typos, format updates, missing references, etc.
7af9f64
@tomato42
update Security section
1b3e94b
@tomato42
update openssl compatibility
a1b579f
@tomato42
fixups in Entropy
43e78c0
@tomato42
update Examples
e5ae843 
use calling convention for open that doesn't leak file descriptors
emphasise that SHA-1 is  the default signature algorithm
add examples with compressed and uncompressed formatting
@tomato42
Copy link
Member Author

tomato42 commented Oct 21, 2019

The RF/power consumption part is a bit dramatic but hey, it's true :)

I've seen how-to's that used this library on Raspberry PI, on such embedded platforms that is not an unlikely venue of attack...

@tomato42 tomato42 merged commit 188f09e into tlsfuzzer:master Oct 21, 2019
@tomato42 tomato42 deleted the readme-updates branch October 21, 2019 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simo5 simo5 simo5 approved these changes

Assignees

@tomato42 tomato42

Labels

maintenance issues related to making the project usable or testable

Projects

None yet

Milestone

v0.14

Development

Successfully merging this pull request may close these issues.

OpenSSL signatures no longer compatible with ecdsa RAW format (README outdated) add script to produce benchmark/perf data

3 participants

@tomato42 @coveralls @simo5