[Ntp] Rotating PSK Script & NTP. (c)RS
Duke Abbaddon <duke.abbaddon@gmail.com> Sat, 14 January 2023 02:34 UTC
Return-Path: <duke.abbaddon@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4325C16FE5F for <ntp@ietfa.amsl.com>; Fri, 13 Jan 2023 18:34:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.096
X-Spam-Level:
X-Spam-Status: No, score=-5.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udtu2h5Gz5nl for <ntp@ietfa.amsl.com>; Fri, 13 Jan 2023 18:34:24 -0800 (PST)
Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68606C15BEC6 for <ntp@ietf.org>; Fri, 13 Jan 2023 18:34:24 -0800 (PST)
Received: by mail-qt1-x841.google.com with SMTP id bp44so20745580qtb.0 for <ntp@ietf.org>; Fri, 13 Jan 2023 18:34:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=AwlXIcF4lIQL4keARdx0XzMwS/qsJ7iNJ6R4k0Afa8E=; b=JOVPi0XRg/mz1aUKMbQ9NuJN21xVtuBZRRS5moIprV4r4+aXGuFG/IcKHWvCamoWjU qbVXh4oYGHgrbB4m1Gq8JBBLaemSq62oku3JlVUHGWFPJgPn85giCFruNj3eEL0NUag2 ciBXijBrGaT7WfhDCmTqEN0kELFeNi8F7eJIzVUQvcYHEr9bXW1YZw/GEwCMQwvpnp8K rFgl3ZGrMOYT020oiPbW04hY1t1g4oFsQzZO9wxEQ+tjtwE2PJdDGLOziL7Itq57JuXB VRQQhmUicMFayXSPsdsTgaca8RR0AuQx3PkRAG3RVT6YahF7ZG7LiXtmfyIhZKMPND83 L/7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=AwlXIcF4lIQL4keARdx0XzMwS/qsJ7iNJ6R4k0Afa8E=; b=7/GQOf3XqOv39Db6bfSNZE+sQsYeX1BZ1EHPi1AxKRoHe3QV6+1ha5l/IOWhRIioBD NaLyjqVGUk63DQztAzqxWtFvRWjtVI4ITt4HpPQbANvES+NNwJzmNOl9I3OUVQHQNwsr H/bk9f5xnTmbbchSbEY6iMcW6RkJuFQIu6q/j38sHbqEmxRCCn8/4eeWsRVBIWe03LFu ZoU2LjGgvwAa+ZdYcWbhCsAU9paDmHbSInUst5CaFxTyuFr9reYS8G3MqXjybhjtN4Wq 94gc38pnFYhhJ9FFSjI32s0E4agJDHwkf9EvNUyMFfC6XtobQAuWELnENVDNoYm12aXO EVbw==
X-Gm-Message-State: AFqh2kr9AOsFAptWB18nTLQXMqkFh9kfSg/jPhcZV3SQ+lGLfcV4SFAj MgU/eE5RDtE/UW8Wu2YM1PF9vg7Wn33AuZfFENs=
X-Google-Smtp-Source: AMrXdXtUIvcQVQY/8ETiN1TRano3GSbyp76PmfDDhNGbAxWJLaXklCbHH4yHoi/fvtrNL9rXziCNBKGbeJuoR28XX8I=
X-Received: by 2002:ac8:6606:0:b0:3a7:f1a3:1df5 with SMTP id c6-20020ac86606000000b003a7f1a31df5mr4125965qtp.499.1673663663312; Fri, 13 Jan 2023 18:34:23 -0800 (PST)
MIME-Version: 1.0
From: Duke Abbaddon <duke.abbaddon@gmail.com>
Date: Sat, 14 Jan 2023 02:34:12 +0000
Message-ID: <CAHpNFcPEr9HH78tgVWr69BF7b2eqZ4tsOx6o1ga4v2B5ekOdAg@mail.gmail.com>
To: internet-time-service@nist.gov
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/u4W4MGKp0uA52NV7sQ04vHHAL38>
X-Mailman-Approved-At: Sun, 15 Jan 2023 08:09:01 -0800
Subject: [Ntp] Rotating PSK Script & NTP. (c)RS
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jan 2023 02:34:29 -0000
Rotating PSK Script & NTP. (c)RS Everyone heard the story of the harrier & the 80Bit PSK? Well copy & paste is the issue! You can negotiate a lower security & grab upto 15 64Bit PSK's for the Raidar and be relatively safe with TLS/SSL PSK Recommended length 120Bit PSK Lengths: 8 Characters to 128 ASCII : HARRIER 80Bit MAXUS You can rotate them every 5 minutes to NTP clock, Set Rule; Grabe time; Set timer : Go Go Go expedition! No need to have a fallen communications tower or exposed radar with the rotating PSK Script & NTP. (c)RS results matter, So here are some examples : https://www.ssllabs.com/ssltest/analyze.html?d=d.ns4v.icu&latest https://www.ssllabs.com/ssltest/analyze.html?d=dns-v2.ns4v.icu&latest When i say verified - you can see : SSL | TSL https://www.virustotal.com/gui/file/155895c95b81f7f0977c44c4f3ac8e7c24b339db7ae1a4790cfd843588c0c6f6/details https://www.virustotal.com/gui/file/b4e2f4cf9aa01e1b33cb4b3950b0134d90052c2c27705abb02431eaa646ca8b9/details When i say verified - you can see : SSL | TSL : Good for 3G, 4G, 5G because we need ssl there https://is.gd/SecurityHSM https://is.gd/WebPKI Device Security CRT Initiations for URT, USB, Wireless & other Device Interactions : (c)RS A very good way to think about a mouse, Keyboard & device AES & Crypto security is that a device needs to be in the certificate store, Two reasons Hardware acceleration is OS Store & Security; The device(computer) specifically requests all interactions with the CRT with a level of privacy & security, By GUID Definition & identity; Secondly limiting the function to parameters so it will not hack the system.. So firstly the device certificate needs to interact with a store for a temporary cert & therefore we need a device Certificate store that contains the equivalent of the Secure client key in SHELL, This does not need to worry us; But we need a store! if not the device driver needs to initiate the system Store DL & AES Systems so that the device is secured with a personal store & main key (probably ECC-AES-'GCM<>FF3-1' ) Rupert S https://science.n-helix.com/2022/08/jit-dongle.html https://science.n-helix.com/2022/06/jit-compiler.html ***** ((network server)Effectively Improves Phone & network SSL Connectivity & thus +security) (good for telecommunications networks) (TLS) My files are all verified by virustotal & are signed anyway! https://is.gd/SecurityHSM https://is.gd/WebPKI TLS Optimised https://drive.google.com/file/d/10XL19eGjxdCGj0tK8MULKlgWhHa9_5v9/view?usp=share_link RS ***** *********** (in comparison Poly & AES is quite good for 32Bit USB Mice (small channel) Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight Cryptography Requirements : RS Lightweight Cryptography https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf https://www.scitepress.org/papers/2014/49006/49006.pdf Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight Cryptography Requirements https://scholarworks.calstate.edu/downloads/k0698968b AES-NI Compatible Ciphers : AES, ARIA, CLEFIA https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-cipher-catalog-01#page-3 CLEFIA : Large size table, Pure function https://datatracker.ietf.org/doc/html/rfc6114 ARIA : Random is a big+ to anomininity bit 128Bit's of data https://datatracker.ietf.org/doc/html/rfc5794 ARIA is conformant https://datatracker.ietf.org/doc/html/rfc6209 ARIA SRTP https://datatracker.ietf.org/doc/html/rfc8269#page-14 ************ AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption https://datatracker.ietf.org/doc/rfc8452/ Adding the nonce to GMAC makes GMAC's unique : ICE-ssRTP https://www.zerotier.com/2019/09/04/aes-gmac-ctr-siv/ https://www.rfc-editor.org/rfc/rfc5297#page-15 Correct Time : EEC Elliptic & Nonce timer function: "The thing about random unique nonce with :dev/rng is that verifying the nonce's uniqueness is an issue, with SSRTP nonce, Time intrinsics allow only one play time https://datatracker.ietf.org/doc/rfc8954/ So what about if they have a reset phone & have not got the correct time ? mine wouldn't do NTP until i set it to pools.ntp.org, the telephone network would not change the time!" So the nonce may need a seconds from arrival timer; So that it is from the time it arrives (in your terms) & additionally a sent and arrival time so that when you get the correct time; It still works! In essence TLS & OSCP need a time from arrival (to verify link/Security CRT), It does not matter if that NTP timer is off by 5 Minutes... you can use the Time related EEC Elliptic curve & as long as it is timed from arrival & sends back a sample with a from time & until... That EEC Elliptic & Nonce will work. RS ***** sRTP Chaos Nonce: Certificate transactions; TLS & OCSP Security Protocols https://datatracker.ietf.org/doc/rfc8954/ https://science.n-helix.com/2022/03/ice-ssrtp.html Code Speed https://science.n-helix.com/2022/08/simd.html https://science.n-helix.com/2022/09/ovccans.html Chaos https://science.n-helix.com/2022/02/interrupt-entropy.html https://science.n-helix.com/2022/02/rdseed.html https://science.n-helix.com/2020/06/cryptoseed.html sRTP Chaos Nonce: Certificate transactions; TLS & OCSP Security Protocols https://datatracker.ietf.org/doc/rfc8954/ RSA-PSS RSASSA-PSS is a probabilistic signature scheme (PSS) with appendix RSAES-OAEP (Optimal Asymmetric Encryption Padding) https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html https://www.rfc-editor.org/rfc/rfc8017 https://www.rfc-editor.org/rfc/rfc5756 PSK: Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode https://datatracker.ietf.org/doc/rfc5487/ https://datatracker.ietf.org/doc/rfc8442/ Nonce & Plaintext, Token & SequenceID (Bearing in mind that ICE-SSRTP Nonce is compatible) https://www.ietf.org/id/draft-howard-gssapi-aead-01.txt AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption https://datatracker.ietf.org/doc/rfc8452/ Adding the nonce to GMAC makes GMAC's unique : ICE-ssRTP https://www.zerotier.com/2019/09/04/aes-gmac-ctr-siv/ https://www.rfc-editor.org/rfc/rfc5297#page-15 AES-GCM SRTP https://datatracker.ietf.org/doc/rfc7714/ AES-CCM https://datatracker.ietf.org/doc/rfc6655/ Lightweight Cryptography https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf https://www.scitepress.org/papers/2014/49006/49006.pdf Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight Cryptography Requirements https://scholarworks.calstate.edu/downloads/k0698968b AES-NI Compatible Ciphers : AES, ARIA, CLEFIA https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-cipher-catalog-01#page-3 CLEFIA : Large size table, Pure function https://datatracker.ietf.org/doc/html/rfc6114 ARIA : Random is a big+ to anonymity bit 128Bit's of data https://datatracker.ietf.org/doc/html/rfc5794 ARIA is conformant https://datatracker.ietf.org/doc/html/rfc6209 ARIA SRTP https://datatracker.ietf.org/doc/html/rfc8269#page-14 Compact TLS 1.3 https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/ DTLS 2023 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ TLS 1.2 https://datatracker.ietf.org/doc/rfc5246/ Network Time Protocol Version 4: Protocol and Algorithms Specification https://datatracker.ietf.org/doc/rfc5905/ https://science.n-helix.com/2022/01/ntp.html https://is.gd/SecurityHSM https://is.gd/WebPKI
- [Ntp] Rotating PSK Script & NTP. (c)RS Duke Abbaddon