From 046d5bb9ff417edf0da4f21f6cb82910a2ef817a Mon Sep 17 00:00:00 2001 From: bobberb Date: Sun, 23 Oct 2016 15:45:45 -0400 Subject: [PATCH] Typo fix line 77 --- attic/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attic/SECURITY.md b/attic/SECURITY.md index 5ca125e9b..d663f84a0 100644 --- a/attic/SECURITY.md +++ b/attic/SECURITY.md @@ -74,7 +74,7 @@ The first line of defense employed against remote vulnerabilities and other majo ## Cryptographic Security Practices -* We use [boring crypto](https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf). A single symmetric algorithm (Salsa20/12), a single asymmetric algorithm (Curve25519 ECDH-256), and a single MAC (Poly1305). The way these algorithms are used is identical to how they're used in the NaCl reference implementation. The protocol supports selection of alternative algorithms but only for "future proofing" in the case that a serious flaw is discovered in any of these. Avoding algorithm bloat and cryptographic state negotiation helps guard against down-grade, "oracle," and other protocol level attacks. +* We use [boring crypto](https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf). A single symmetric algorithm (Salsa20/12), a single asymmetric algorithm (Curve25519 ECDH-256), and a single MAC (Poly1305). The way these algorithms are used is identical to how they're used in the NaCl reference implementation. The protocol supports selection of alternative algorithms but only for "future proofing" in the case that a serious flaw is discovered in any of these. Avoiding algorithm bloat and cryptographic state negotiation helps guard against down-grade, "oracle," and other protocol level attacks. * Authenticated encryption is employed with authentication being performed prior to any other operations on received messages. See also: [the cryptographic doom principle](https://moxie.org/blog/the-cryptographic-doom-principle/).