[squid-users] Squid 3.5.12 RPMs release for CentOS 6 and 7.

Eliezer Croitoru eliezer at ngtech.co.il
Mon Dec 21 10:57:16 UTC 2015


Published at: http://www1.ngtech.co.il/wpe/?p=166

I am happy to release the new RPMs of squid 3.5.12 for Centos 6 64bit, 
32bit and CentOS 7 64bit.

The new release includes couple bug fixes and improvements.
I have also took the time to build the latest beta 4.0.3 RPM for CentOS 7.
The details about the the RPMs repository are at 
squid-wiki[http://wiki.squid-cache.org/KnowledgeBase/CentOS].

Why 3DES (triple DES)? or The fall of DES.

It is known in the cryptography world that since 1997 DES(IE single DES) 
is vulnerable to some attacks  and there for is being considered to be 
unsafe for some uses. In order to resolve the DES issues the 3DES was 
implemented due to the ability to use the same fast cryptography 
machinery\chips that was used before and by that giving some time to the 
industry to find another more fit solution.
Some words about the DES encryption from Professor Gideon Samid:
[https://www.youtube.com/watch?v=r68Ft_rRZP0]

Hashing compared to Encryption

The difference between hashing  to encryption is the ability to recreate 
the original digested content. Hashes are meant to allow some kind of 
content validation verification based on the low probability of  math 
collisions. To give a simple example about the subject we can use the 
Quadratic Formula:
[http://www1.ngtech.co.il/wpe/wp-content/uploads/2015/12/Quadratic-Formula.jpg]
Quadratic Formula
The formula defines that it is possible (or it is always the right 
answer) to have two answers to the same question\issue\variables.
Based on the fact\assumption that there is a possibility for two 
answers\solutions to the same unknowns+function we can use a function to 
describe more then one number. And in the case of computers which 
everything is some kind of a number we can convert the unknown numbers 
to octets.
Once there is no difference between numbers and\or octets and letters 
and we are in the function computation world. There we can use all sorts 
of functions\equations in order to describe all sorts of numbers and by 
that letters.
Eventually hashes are some kind of known functions which implements some 
way to reflect very big numbers or very big documents in some kind of 
output .  Technically speaking it’s some function\method that is 
guaranteed to reflect very big numbers with probability(high or low) 
that multiple input values  will be reflected with the same output 
number(128 bits for example).
In many levels of applications some hashes such as 
crc32\md5\sha-1\others are being used and these applications allow 
them-self  to validate content integrity with a fully “vulnerable” hash 
due to the fact that the validated content  do not exceed the function 
collision sizes.
I must admit that I have used MD5 and many other hashes for a very long 
time and the only collisions that I have seen that affected real world 
applications integrity are that of CRC32 hashes, maybe I have not seen 
enough yet!
And couple expert words from Professor Gideon Samid on hashing:
[https://www.youtube.com/watch?v=yXmNmckX4sI]

     Disclaimer: I am not a cryptography expert!

This RPMs release was tested for:

     ICAP 204\206 compatibility (non ssl)
     ECAP passthru adapter which digest response body using SHA256
     refresh_pattern variations
     StoreID patterns
     Basic load testing
     Basic ssl-bump usage in strict forward proxy mode
     Basic denial of memory leaks on a long period time of operation
     Basic build tests

All the above was done on a CentOS 7 x86_64 VMs.
I have not tested everything on CentOS 6 since it is assumed that if it 
works good on CentOS 7 there should not be a special reason for it to 
now work on CentOS 6.

More details about the repository at squid-wiki.

All The Bests,
Eliezer Croitoru

     I have been working on “Store ID – The hackers side of the 
feature“[http://wiki.squid-cache.org/Features/StoreID/Hacking]
     And I am planning an update to “Caching Dynamic Content using 
Adaptation” (which will not include ways to cache 
youtube)[http://wiki.squid-cache.org/ConfigExamples/DynamicContent/Coordinator]




More information about the squid-users mailing list