IETF 123 Hackathon - Testing for x25519MLKEM768

x25519, MLKEM, x25519MLKEM768

x25519 is a Diffle- Hellman key exchange algorithm based on Curve25519. It is optimized for security, speed and resistance to side-channel attacks. It has been tested a lot to improve its security and  However, x25519 is an old version which is prone to quantum computing attacks, a growing concern among cybersecurity specialist. Hence why MLKEM, a newer version is introduced. It is a key encapsulation mechanism which allows two parties securely exchange a secret key over an insecure channel. MLKEM is quantum-safe but its only drawback is not being tested enough to look for bugs and vulnerabilities. 

To counter this issue, both has been used together to improve the security and efficiency while still being quantum safe., hence the name x25519MLKEM768.

MinIO

MinIO is a cloud-native object storage which is optimized for speed, simplicity and scalability.

How to install MinIO?

The first step is to clone the repository from Github following the steps from my previous blog on cloning repository and then run the following commands. I used "remote/origin/loganaden - x25519mlkem768" because that is the branch I needed to to switch to.






an alternative to "git checkout" is "git switch branch-name".
"git log" shows the commit history of the current branch.

The next step is install golang using "sudo apt install go lang 1.24" and follow the installation process from its website. Then, I cd to minio and used "make" command to compile and manage dependencies.

Launching MinIO on http

To launch MinIO:
  • we use "wget https://dl.min.io/server/minio/release/linux-arm64/minio" to download MinIO binary.
  • "chmod +x minio" to give the binary executable permission.
  • "ns lookup http://localhost.9000" to check the ip address for the local host.
  • "./minio server ~/minio/data --certs-dir ~/minio/certs --console-address ":9000"" to start a MinIO server.

  • "nmap -sV --script ssl-enum-ciphers -p 9000 127.0.0.1" to list the ciphers being used.
  • "curl -v http://local.host:37455/browser" to curl access MinIO's web interface at http://local.host:37455/browser

Launching MinIO on https

  • "sudo cp minio /usr/local/bin/" copies minio binary from current directory to /usr/local/bin/ .
  • "ssh-keygen -t rsa -b 4096" to generate public key (id_rsa.pub) and private key(id_rsa).
  • "openssh req -newkey rsa:4096 -nodes -keyout private.key -x509 -days 365 -out public.crt" to create certificates in public.crt.
  • "chmod 600 private.key" to ensure that the file owner can read and write it.

  • "openssl x509 -in public.crt -text -noout" to read the certificate in public.crt and display it as human readable text.
  • "export MINIO_ROOT_USER=minioadmin" to change username and "export MINIO_ROOT_PASSWORD=minioadmin" if ever change password.
  • "./minio server ~/minio/data --certs-dir ~/minio/certs --console-address ":9001"" to start a MinIO server.
  • "namp -sV --script ssl-enum-ciphers -p 9001 127.0.0.1" to display the ciphers. However, in my case, only TLS v1.2 and x25519 were visible.
  • "openssl s_client -connect 127.0.0.1:9001" to test the TLS/SSL connection to MinIo server. Still, only TLS v1.2 and x25519 were visible as openssl was an older version. openssl v3.5 was needed.
  • "sudo docker pull alpine/openssl:3.5.1" obtained from docker to fetch openssl from the Docker Hub.
  • "sudo docker run alpine/openssl:3.5.1 s_client -connect cyberstorm.mu:443" to test TSL connection on port 443. When this command was ran, TLS v1.2 , v1.3 and x25519MLKEM768 were visible. Hence, the test was a great success.




Comments

Post a Comment

Popular posts from this blog

Domain Name System( DNS)- Recursive DNS

 What is DNS? When someone type in a domain name (Ex. google.com), it triggers a DNS lookup . During that process, the domain name will match a corresponding IP address that will be returned back to the client. There are 2 types of DNS lookups; iterative and recursive.   A recursive DNS lookup implies that one DNS server interacts with other DNS servers and returns a matching IP address to the client. On a side note, a DNS server is when a user types a domain name. This enable a DNS lookup where several remote computers return a corresponding IP address to the user's computer and allow them to access the correct website. A DNS query on the other hand implies that the client can communicate directly to each DNS server involved in the lookup. In a DNS lookup, there are several DNS servers involved; DNS resolver, DNS root server, DNS TLD (Top-Level Domain) server, and DNS authoritative nameserver. In iterative DNS lookup, DNS resolver asks each DNS one by one until it finds t...
Read more

SSH (Secure Shell) and Virtual Private Network(VPN)

 As stated in my previous blog, SSH and VPN works almost similarly. They both provide the user with secure access to transfer data over an unsecured network. However, they serve different purposes. SSH is a protocol primarily designed for secure access to individual servers or devices. Users can execute commands, transfer files, and  forward specific ports, while encrypting the data. It is focused towards ensuring the completion of tasks, making it ideal for system admin and developers who need direct interaction over a remote server. VPN, on the other hand, is a wider solution that ensure the security of all internet traffic between devices and a remote server. It creates an encrypted tunnel to protect online activity and masks the IP address. It is used to provide remote access to an organization's private network, or perhaps enhance privacy on a public network like in Cafe, malls, etc... Both of them also possess drawbacks. SSH has limited network access and it requires exp...
Read more

Creating a new user and setting up their keys in SSH.

 SSH, shortly abbreviated for Secure Shell,  is a network protocol that provides secure access to a computer and manages devices over an unsecured network. It widely used by system admins, developers, and network engineers. SSH uses the port 22 and on a side note, HTTPS uses port 443 and port 80 is the default port for web servers. Some key features of SSH are: 1. It encrypts all data between the client and the server, making it reliable for crucial data. 2. It prompts the user with password authentication as well as key authentication ( public and private keys) which adds another layer of security. 3.  With port forwarding, SSH can forward network traffic, securing data. 4. With SCP (Secure Copy) and SFTP (SSH File Transfer Protocol) allow secure file transaction. 5. Users can interact on a remote session using commands via SSH session. Steps to set up the key for a new user: 1.  "useradd username" "useradd" command will allow the individual to add a new username t...
Read more