PHPCRED-24: Document current TLS implementation

Issue Information

Issue Type: Task
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Won't Fix (2019-09-09 15:51:09)
Components: Crypto ,

Created: 2014-07-24 21:35:20
Time Spent Working


Description
As the aim is to use the JS/PHP TLS implementation to add support for Double blind encryption (PHPCRED-11), need to document the current implementation of TLS so that it can be understood and more easily improved.

Need to cover

- Current intentions of the mechanism (i.e. prevent casual observation)
- Key exchange (known to be sorely in need of improvement)
- Key generation
- Key properties
- Crypto mechanism
- Format of data sent on the wire


Toggle State Changes

Activity


2014-07-24 21:40:45
Also worth noting that the implementation was added to BT Framework (project BTFW) and some enhancements were made/planned so worth documenting those and assessing how easily they can be added to PHP Credlocker.

Longer term the plan is to have PHPCredlocker use BTFW, but in the meantime it should be considered a fork

Changes Made

- BTFW-6 - The JS Crypto component was converted to an object
- BTFW-8 - Xor functions now automatically Base64 encode their ciphertext
- BTFW-7 - Bugfix for keylength calculation


Planned Changes
- BTFW-9 - Add checksumming to Xor Functions

2014-07-24 22:00:23
Wiki page started - https://wiki.bentasker.co.uk/ReleasedByBenTasker/BT-TLS

2014-07-25 02:16:57
Wiki page complete for current version. Worth thinking about whether the content needs publishing somewhere, or at least how best to track changes between different versions of BT-TLS and PHPCredLocker

2019-09-09 15:51:09
Bulk Closing as Won't Fix.

Credlocker is EOL so no further work will be done.

2019-09-09 15:51:09
btasker changed status from 'Open' to 'Closed'

2019-09-09 15:51:09
btasker added 'Won't Fix' to resolution