-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update slow-hash.c #2
Merged
monero-project
merged 1 commit into
monero-project:master
from
NoodleDoodleNoodleDoodleNoodleDoodleNoo:patch-1
May 7, 2014
Merged
Update slow-hash.c #2
monero-project
merged 1 commit into
monero-project:master
from
NoodleDoodleNoodleDoodleNoodleDoodleNoo:patch-1
May 7, 2014
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixed scratchpad initialization/finalization for faster looping.
monero-project
pushed a commit
that referenced
this pull request
May 7, 2014
…tch-1 Update slow-hash.c
monero-project
pushed a commit
that referenced
this pull request
Jun 4, 2014
Merging daemon RPC availability changes
Closed
Merged
This was referenced Jun 21, 2017
This was referenced Jul 21, 2017
Merged
ghost
mentioned this pull request
Sep 24, 2017
shopglobal
referenced
this pull request
in electronero/electronero-rebase
Jun 10, 2018
Update RCT MGs, Fee multipliers, Fee algo, and verbiage
shopglobal
referenced
this pull request
in electronero/electronero-rebase
Jun 10, 2018
Welcome Seed Peers and Fork to v9, LWMA DAA adjustment
This was referenced May 23, 2019
bjacquin
added a commit
to bjacquin/monero
that referenced
this pull request
Dec 3, 2019
boost::asio::ssl::context is created using specifically TLSv1.2, which blocks the ability to use superior version of TLS like TLSv1.3. Filtering is also made specially later in the code to remove unsafe version for TLS such SSLv2, SSLv3 etc.. This change is removing double filtering to allow TLSv1.2 and above to be used. testssl.sh 3.0rc5 now reports the following (please note monerod was built with USE_EXTRA_EC_CERT): $ ./testssl.sh --openssl=/usr/bin/openssl \ --each-cipher --cipher-per-proto \ --server-defaults --server-preference \ --vulnerable --heartbleed --ccs --ticketbleed \ --robot --renegotiation --compression --breach \ --poodle --tls-fallback --sweet32 --beast --lucky13 \ --freak --logjam --drown --pfs --rc4 --full \ --wide --hints 127.0.0.1:38081 Using "OpenSSL 1.1.1d 10 Sep 2019" [~80 ciphers] on ip-10-97-15-6:/usr/bin/openssl (built: "Dec 3 21:14:51 2019", platform: "linux-x86_64") Start 2019-12-03 21:51:25 -->> 127.0.0.1:38081 (127.0.0.1) <<-- rDNS (127.0.0.1): -- Service detected: HTTP Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY not offered ALPN/HTTP2 not offered Testing for server implementation bugs No bugs found. Testing cipher categories NULL ciphers (no encryption) not offered (OK) Anonymous NULL Ciphers (no authentication) not offered (OK) Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) Triple DES Ciphers / IDEA not offered (OK) Average: SEED + 128+256 Bit CBC ciphers not offered Strong encryption (AEAD ciphers) offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 PFS is offered (OK), ciphers follow (client/browser support is important here) Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ----------------------------------------------------------------------------------------------------------------------------- x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 Testing server preferences Has server cipher order? yes (OK) Negotiated protocol TLSv1.3 Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) Cipher order TLSv1.2: ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 Testing server defaults (Server Hello) TLS extensions (standard) "renegotiation info/#65281" "EC point formats/monero-project#11" "supported versions/monero-project#43" "key share/monero-project#51" "max fragment length/monero-project#1" "extended master secret/monero-project#23" Session Ticket RFC 5077 hint no -- no lifetime advertised SSL Session ID support yes Session Resumption Tickets no, ID: no TLS clock skew Random values, no fingerprinting possible Server Certificate monero-project#1 (in response to request w/o SNI) Signature Algorithm SHA256 with RSA Server key size RSA 4096 bits Server key usage -- Server extended key usage -- Serial / Fingerprints 01 / SHA1 132E42981812F5575FA0AE64922B18A81B38C03F SHA256 EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC Common Name (CN) (no CN field in subject) subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining Issuer Trust (hostname) certificate does not match supplied URI Chain of trust NOT ok (self signed) EV cert (experimental) no "eTLS" (visibility info) not present Certificate Validity (UTC) 181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51) # of certificates provided 1 Certificate Revocation List -- OCSP URI -- NOT ok -- neither CRL nor OCSP URI provided OCSP stapling not offered OCSP must staple extension -- DNS CAA RR (experimental) not offered Certificate Transparency -- Server Certificate monero-project#2 (in response to request w/o SNI) Signature Algorithm ECDSA with SHA256 Server key size EC 256 bits Server key usage -- Server extended key usage -- Serial / Fingerprints 01 / SHA1 E17B765DD8124525B1407E827B89A31FB167647D SHA256 AFB7F44B1C33831F521357E5AEEB813044CB02532143E92D35650A3FF792A7C3 Common Name (CN) (no CN field in subject) subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining Issuer Trust (hostname) certificate does not match supplied URI Chain of trust NOT ok (self signed) EV cert (experimental) no "eTLS" (visibility info) not present Certificate Validity (UTC) 181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51) # of certificates provided 1 Certificate Revocation List -- OCSP URI -- NOT ok -- neither CRL nor OCSP URI provided OCSP stapling not offered OCSP must staple extension -- DNS CAA RR (experimental) not offered Certificate Transparency -- Testing HTTP header response @ "/" HTTP Status Code 404 Not found (Hint: supply a path which doesn't give a "404 Not found") HTTP clock skew Got no HTTP time, maybe try different URL? Strict Transport Security not offered Public Key Pinning -- Server banner Epee-based Application banner -- Cookie(s) (none issued at "/") -- maybe better try target URL of 30x Security headers -- Reverse Proxy banner -- Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension ROBOT Server does not support any cipher suites that use RSA key transport Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible, no protocol below TLS 1.2 offered (OK) SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC could help you to find out LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK) LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ----------------------------------------------------------------------------------------------------------------------------- SSLv2 SSLv3 TLS 1 TLS 1.1 TLS 1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS 1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 Running client simulations (HTTP) via sockets Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy ------------------------------------------------------------------------------------------------ Android 4.2.2 No connection Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256) Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256) Android 7.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519) Android 8.1 (native) No connection Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) Chrome 65 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519) Chrome 74 (Win 10) No connection Firefox 62 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519) Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) IE 6 XP No connection IE 7 Vista No connection IE 8 Win 7 No connection IE 8 XP No connection IE 11 Win 7 No connection IE 11 Win 8.1 No connection IE 11 Win Phone 8.1 No connection IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519) Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519) Opera 60 (Win 10) No connection Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Tor 17.0.9 Win 7 No connection Java 6u45 No connection Java 7u25 No connection Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) Java 9.0.4 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519) OpenSSL 1.1.1b (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) Thunderbird (60.6) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
lxop
pushed a commit
to lxop/monero
that referenced
this pull request
Jan 27, 2021
…ng-optimizations A few optimizations
jeffro256
referenced
this pull request
in jeffro256/monero
Sep 9, 2023
Results of `test_remote_scanner_client_scan_sp` performance test: ``` seraphis_lib (original) run #1 test_remote_scanner_client_scan_sp (23 calls) - OK: 13434 µs/call test_remote_scanner_client_scan_sp (23 calls) - OK: 13217 µs/call test_remote_scanner_client_scan_sp (23 calls) - OK: 14304 µs/call seraphis_lib (original) run #2 test_remote_scanner_client_scan_sp (23 calls) - OK: 13086 µs/call test_remote_scanner_client_scan_sp (23 calls) - OK: 13130 µs/call test_remote_scanner_client_scan_sp (23 calls) - OK: 14217 µs/call jamtis_fix_fr_privacy (new PR) run #1 test_remote_scanner_client_scan_sp (23 calls) - OK: 1738 ms/call test_remote_scanner_client_scan_sp (23 calls) - OK: 1738 ms/call test_remote_scanner_client_scan_sp (23 calls) - OK: 1739 ms/call jamtis_fix_fr_privacy (new PR) run #2 test_remote_scanner_client_scan_sp (23 calls) - OK: 1731 ms/call test_remote_scanner_client_scan_sp (23 calls) - OK: 1750 ms/call test_remote_scanner_client_scan_sp (23 calls) - OK: 1734 ms/call ``` Ran on an AMD Ryzen 9 3900X 12-core CPU. Processing basic records from a remote scanner is about 128x slower.
This was referenced Dec 24, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed scratchpad initialization/finalization for faster looping.