diff --git a/hashes/src/Hashes_salt.ipynb b/hashes/src/Hashes_salt.ipynb index a06d336..a02662d 100644 --- a/hashes/src/Hashes_salt.ipynb +++ b/hashes/src/Hashes_salt.ipynb @@ -2,7 +2,7 @@ "cells": [ { "cell_type": "code", - "execution_count": 2, + "execution_count": null, "metadata": { "id": "0Wg0gBwY-2Eo" }, @@ -14,7 +14,7 @@ }, { "cell_type": "code", - "execution_count": 3, + "execution_count": null, "metadata": { "id": "v7fM-yxH-2Er" }, @@ -35,7 +35,7 @@ }, { "cell_type": "code", - "execution_count": 4, + "execution_count": null, "metadata": { "id": "KZW8caXA-2Es" }, @@ -57,7 +57,7 @@ }, { "cell_type": "code", - "execution_count": 5, + "execution_count": null, "metadata": { "colab": { "base_uri": "https://localhost:8080/" @@ -94,7 +94,7 @@ }, { "cell_type": "code", - "execution_count": 6, + "execution_count": null, "metadata": { "id": "ZeGVBMMv-2Et" }, @@ -110,7 +110,7 @@ }, { "cell_type": "code", - "execution_count": 7, + "execution_count": null, "metadata": { "colab": { "base_uri": "https://localhost:8080/" @@ -147,10 +147,10 @@ }, { "cell_type": "code", - "execution_count": 8, + "execution_count": 5, "metadata": { "id": "871nXmWkqcb5", - "outputId": "d3054aa3-ea51-4175-eaa7-07d33e5f4156", + "outputId": "df5da049-1c9f-49fd-fe7e-091991d9fc33", "colab": { "base_uri": "https://localhost:8080/" } @@ -164,25 +164,25 @@ " Downloading certvalidator-0.11.1-py2.py3-none-any.whl (31 kB)\n", "Collecting asn1crypto>=0.18.1 (from certvalidator)\n", " Downloading asn1crypto-1.5.1-py2.py3-none-any.whl (105 kB)\n", - "\u001b[?25l \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m0.0/105.0 kB\u001b[0m \u001b[31m?\u001b[0m eta \u001b[36m-:--:--\u001b[0m\r\u001b[2K \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m105.0/105.0 kB\u001b[0m \u001b[31m5.0 MB/s\u001b[0m eta \u001b[36m0:00:00\u001b[0m\n", + "\u001b[2K \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m105.0/105.0 kB\u001b[0m \u001b[31m4.1 MB/s\u001b[0m eta \u001b[36m0:00:00\u001b[0m\n", "\u001b[?25hCollecting oscrypto>=0.16.1 (from certvalidator)\n", " Downloading oscrypto-1.3.0-py2.py3-none-any.whl (194 kB)\n", - "\u001b[2K \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m194.6/194.6 kB\u001b[0m \u001b[31m11.6 MB/s\u001b[0m eta \u001b[36m0:00:00\u001b[0m\n", + "\u001b[2K \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m194.6/194.6 kB\u001b[0m \u001b[31m11.5 MB/s\u001b[0m eta \u001b[36m0:00:00\u001b[0m\n", "\u001b[?25hInstalling collected packages: asn1crypto, oscrypto, certvalidator\n", "Successfully installed asn1crypto-1.5.1 certvalidator-0.11.1 oscrypto-1.3.0\n" ] } ], "source": [ - "pip install certvalidator\n" + "!pip install certvalidator\n" ] }, { "cell_type": "code", - "execution_count": 9, + "execution_count": 6, "metadata": { "id": "BCv-KuZdqcb6", - "outputId": "b80cf568-6858-49e3-ba61-0e79ff38c197", + "outputId": "4af3dee3-c5d6-4e5f-997a-7dce4589cbaf", "colab": { "base_uri": "https://localhost:8080/" } @@ -229,16 +229,16 @@ { "cell_type": "code", "source": [ - "pip install sslyze" + "!pip install sslyze" ], "metadata": { "id": "lbOInYRZq5oj", - "outputId": "3d8d9097-c690-4198-ca11-9d8e033c2431", + "outputId": "ffe04200-5aa1-4cb6-c6d4-a32f54be61b8", "colab": { "base_uri": "https://localhost:8080/" } }, - "execution_count": 14, + "execution_count": 7, "outputs": [ { "output_type": "stream", @@ -260,16 +260,16 @@ { "cell_type": "code", "source": [ - "!python -m sslyze --mozilla_config=modern netcore" + "!python -m sslyze --mozilla_config=modern cloudflare.com" ], "metadata": { "id": "4pRYOudWuQt4", - "outputId": "4ea14e74-e731-48bb-b374-866d5cd36d72", + "outputId": "516b603f-4681-4fe8-893f-c44c3cb01698", "colab": { "base_uri": "https://localhost:8080/" } }, - "execution_count": 16, + "execution_count": 10, "outputs": [ { "output_type": "stream", @@ -279,31 +279,72 @@ " CHECKING CONNECTIVITY TO SERVER(S)\n", " ----------------------------------\n", "\n", - " mozilla.com:443 => 44.236.72.93 \n", + " cloudflare.com:443 => 104.16.132.229 \n", "\n", "\n", - " SCAN RESULTS FOR MOZILLA.COM:443 - 44.236.72.93\n", - " -----------------------------------------------\n", + " SCAN RESULTS FOR CLOUDFLARE.COM:443 - 104.16.132.229\n", + " ----------------------------------------------------\n", "\n", " * Certificates Information:\n", - " Hostname sent for SNI: mozilla.com\n", - " Number of certificates detected: 1\n", + " Hostname sent for SNI: cloudflare.com\n", + " Number of certificates detected: 2\n", + "\n", + "\n", + " Certificate #0 ( _EllipticCurvePublicKey )\n", + " SHA1 Fingerprint: f97ce6c0fcc2e0b942d4aeec256dc931abd7db42\n", + " Common Name: cloudflare.com\n", + " Issuer: Cloudflare Inc ECC CA-3\n", + " Serial Number: 5233485985088855868343326294380783946\n", + " Not Before: 2023-10-02\n", + " Not After: 2023-12-31\n", + " Public Key Algorithm: _EllipticCurvePublicKey\n", + " Signature Algorithm: sha256\n", + " Key Size: 256\n", + " Curve: secp256r1\n", + " SubjAltName - DNS Names: ['cloudflare.com', '*.secondary.cloudflare.com', 'secondary.cloudflare.com', 'ns.cloudflare.com', '*.ns.cloudflare.com']\n", + "\n", + " Certificate #0 - Trust\n", + " Hostname Validation: OK - Certificate matches server hostname\n", + " Android CA Store (13.0.0_r9): OK - Certificate is trusted\n", + " Apple CA Store (iOS 16.5, iPadOS 16.5, macOS 13.5, tvOS 16.5, and watchOS 9.5):OK - Certificate is trusted\n", + " Java CA Store (jdk-13.0.2): OK - Certificate is trusted\n", + " Mozilla CA Store (2023-07-27): OK - Certificate is trusted\n", + " Windows CA Store (2023-06-11): OK - Certificate is trusted\n", + " Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate\n", + " Received Chain: cloudflare.com --> Cloudflare Inc ECC CA-3\n", + " Verified Chain: cloudflare.com --> Cloudflare Inc ECC CA-3 --> Baltimore CyberTrust Root\n", + " Received Chain Contains Anchor: OK - Anchor certificate not sent\n", + " Received Chain Order: OK - Order is valid\n", + " Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain\n", "\n", + " Certificate #0 - Extensions\n", + " OCSP Must-Staple: NOT SUPPORTED - Extension not found\n", + " Certificate Transparency: OK - 3 SCTs included\n", "\n", - " Certificate #0 ( _RSAPublicKey )\n", - " SHA1 Fingerprint: ce66062f234b0bb17c622a3dc3643df5cb131b40\n", - " Common Name: mozilla.com\n", - " Issuer: R3\n", - " Serial Number: 387756499525565224674514980380320657733409\n", - " Not Before: 2023-10-14\n", - " Not After: 2024-01-12\n", + " Certificate #0 - OCSP Stapling\n", + " OCSP Response Status: SUCCESSFUL\n", + " Validation w/ Mozilla Store: OK - Response is trusted\n", + " Responder Key Hash: b'\\xa5\\xce7\\xea\\xeb\\xb0u\\x0e\\x94g\\x88\\xb4E\\xfa\\xd9$\\x10\\x87\\x96\\x1f'\n", + " Cert Status: GOOD\n", + " Cert Serial Number: 5233485985088855868343326294380783946\n", + " This Update: 2023-11-10\n", + " Next Update: 2023-11-17\n", + "\n", + "\n", + " Certificate #1 ( _RSAPublicKey )\n", + " SHA1 Fingerprint: 5ff2d01a5b0ddeea91800a10ef9cc93ddc7681e7\n", + " Common Name: cloudflare.com\n", + " Issuer: Cloudflare Inc RSA CA-2\n", + " Serial Number: 20957909947203344368950827704648047993\n", + " Not Before: 2023-10-02\n", + " Not After: 2023-12-31\n", " Public Key Algorithm: _RSAPublicKey\n", " Signature Algorithm: sha256\n", " Key Size: 2048\n", " Exponent: 65537\n", - " SubjAltName - DNS Names: ['mozilla.com']\n", + " SubjAltName - DNS Names: ['*.secondary.cloudflare.com', '*.ns.cloudflare.com', 'cloudflare.com', 'ns.cloudflare.com', 'secondary.cloudflare.com']\n", "\n", - " Certificate #0 - Trust\n", + " Certificate #1 - Trust\n", " Hostname Validation: OK - Certificate matches server hostname\n", " Android CA Store (13.0.0_r9): OK - Certificate is trusted\n", " Apple CA Store (iOS 16.5, iPadOS 16.5, macOS 13.5, tvOS 16.5, and watchOS 9.5):OK - Certificate is trusted\n", @@ -311,18 +352,24 @@ " Mozilla CA Store (2023-07-27): OK - Certificate is trusted\n", " Windows CA Store (2023-06-11): OK - Certificate is trusted\n", " Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate\n", - " Received Chain: mozilla.com --> R3 --> ISRG Root X1\n", - " Verified Chain: mozilla.com --> R3 --> ISRG Root X1\n", + " Received Chain: cloudflare.com --> Cloudflare Inc RSA CA-2\n", + " Verified Chain: cloudflare.com --> Cloudflare Inc RSA CA-2 --> Baltimore CyberTrust Root\n", " Received Chain Contains Anchor: OK - Anchor certificate not sent\n", " Received Chain Order: OK - Order is valid\n", " Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain\n", "\n", - " Certificate #0 - Extensions\n", + " Certificate #1 - Extensions\n", " OCSP Must-Staple: NOT SUPPORTED - Extension not found\n", - " Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more\n", + " Certificate Transparency: OK - 3 SCTs included\n", "\n", - " Certificate #0 - OCSP Stapling\n", - " NOT SUPPORTED - Server did not send back an OCSP response\n", + " Certificate #1 - OCSP Stapling\n", + " OCSP Response Status: SUCCESSFUL\n", + " Validation w/ Mozilla Store: OK - Response is trusted\n", + " Responder Key Hash: b'\\x18\\xa9\\x1a\\xfc\\xb2EI\\xc1o04\\x08+\\xd9\\x87\\x9c\\xb0%Wz'\n", + " Cert Status: GOOD\n", + " Cert Serial Number: 20957909947203344368950827704648047993\n", + " This Update: 2023-11-10\n", + " Next Update: 2023-11-17\n", "\n", " * SSL 2.0 Cipher Suites:\n", " Attempted to connect using 7 cipher suites; the server rejected all cipher suites.\n", @@ -333,9 +380,10 @@ " * TLS 1.0 Cipher Suites:\n", " Attempted to connect using 80 cipher suites.\n", "\n", - " The server accepted the following 4 cipher suites:\n", + " The server accepted the following 5 cipher suites:\n", " TLS_RSA_WITH_AES_256_CBC_SHA 256 \n", " TLS_RSA_WITH_AES_128_CBC_SHA 128 \n", + " TLS_RSA_WITH_3DES_EDE_CBC_SHA 168 \n", " TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)\n", " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)\n", "\n", @@ -361,7 +409,7 @@ " * TLS 1.2 Cipher Suites:\n", " Attempted to connect using 156 cipher suites.\n", "\n", - " The server accepted the following 13 cipher suites:\n", + " The server accepted the following 20 cipher suites:\n", " TLS_RSA_WITH_AES_256_GCM_SHA384 256 \n", " TLS_RSA_WITH_AES_256_CBC_SHA256 256 \n", " TLS_RSA_WITH_AES_256_CBC_SHA 256 \n", @@ -375,6 +423,13 @@ " TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)\n", " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)\n", " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)\n", + " TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)\n", "\n", " The group of cipher suites supported by the server has the following properties:\n", " Forward Secrecy OK - Supported\n", @@ -407,10 +462,10 @@ " Secure Renegotiation: OK - Supported\n", "\n", " * Elliptic Curve Key Exchange:\n", - " Supported curves: X25519, X448, prime256v1, secp384r1, secp521r1\n", - " Rejected curves: prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1\n", + " Supported curves: X25519, prime256v1, secp384r1, secp521r1\n", + " Rejected curves: X448, prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1\n", "\n", - " SCANS COMPLETED IN 9.899094 S\n", + " SCANS COMPLETED IN 2.983400 S\n", " -----------------------------\n", "\n", " COMPLIANCE AGAINST MOZILLA TLS CONFIGURATION\n", @@ -418,11 +473,9 @@ "\n", " Checking results against Mozilla's \"modern\" configuration. See https://ssl-config.mozilla.org/ for more details.\n", "\n", - " mozilla.com:443: FAILED - Not compliant.\n", - " * certificate_types: Deployed certificate types are {'rsa'}, should have at least one of {'ecdsa'}.\n", - " * certificate_signatures: Deployed certificate signatures are {'sha256WithRSAEncryption'}, should have at least one of {'ecdsa-with-SHA512', 'ecdsa-with-SHA256', 'ecdsa-with-SHA384'}.\n", - " * tls_versions: TLS versions {'TLSv1.1', 'TLSv1', 'TLSv1.2'} are supported, but should be rejected.\n", - " * ciphers: Cipher suites {'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'} are supported, but should be rejected.\n", + " cloudflare.com:443: FAILED - Not compliant.\n", + " * tls_versions: TLS versions {'TLSv1.1', 'TLSv1.2', 'TLSv1'} are supported, but should be rejected.\n", + " * ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'} are supported, but should be rejected.\n", "\n" ] } @@ -591,12 +644,12 @@ ], "metadata": { "id": "98eC50CGrFu_", - "outputId": "1f752d21-0d7c-4492-d474-8cbafb220256", + "outputId": "50b92f89-9630-40f1-bbf4-4cbcdec5f5ed", "colab": { "base_uri": "https://localhost:8080/" } }, - "execution_count": 10, + "execution_count": 4, "outputs": [ { "output_type": "stream",