docs: Content updates.

content/learning/tls/md5.md

@@ -0,0 +1,50 @@
+---
+title: Message Digest 5 (MD5)
+description: ❌ Vulnerable hashing function
+layout: learn-single
+
+tls_part: hash
+
+learn_more:
+  - text: 'Construct MD5 Collisions Using Just A Single Block Of Message'
+    url: https://web.archive.org/web/20241215055808/https://eprint.iacr.org/2010/643.pdf
+    source: Research paper
+
+  - text: 'Colliding X.509 Certificates based on MD5-collisions'
+    url: https://web.archive.org/web/20241215055805/https://bdeweger.win.tue.nl/CollidingCertificates/
+
+  - text: 'The MD5 Message-Digest Algorithm'
+    url: https://datatracker.ietf.org/doc/html/rfc1321
+    source: IETF
+
+  - text: 'MD5 vulnerable to collision attacks'
+    url: https://www.kb.cert.org/vuls/id/836068
+    source: Carnegie Mellon University
+
+  - text: 'Single-block collision for MD5'
+    url: https://marc-stevens.nl/research/md5-1block-collision/
+    source: Research paper
+
+  - text: 'Forging SSL Certificates'
+    url: https://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html
+    source: Bruce Schneier
+
+---
+
+## Summary
+
+[MD5] is a widely used hash function that produces a 128-bit hash value, but it has been found to suffer from extensive vulnerabilities, including collision attacks.
+
+Collision attacks allow for the creation of pairs of inputs with the same hash, making MD5 unsuitable for applications requiring collision resistance, such as digital signatures. Despite its well-documented weaknesses and deprecation by security experts, MD5 continues to be widely used.
+
+Any cipher suite with `MD5` in the name should be avoided.
+
+## Information
+
+| Field    | Value              |
+|----------|--------------------|
+| Kind     | {{% param-kind %}} |
+| Invented | 1991               |
+| Cracked  | 2004               |
+
+[MD5]: https://en.wikipedia.org/wiki/MD5

content/learning/tls/poly1305.md

@@ -0,0 +1,52 @@
+---
+title: Poly1305
+description: ✅ Recommended hashing function
+layout: learn-single
+
+tls_part: hash
+
+learn_more:
+  - text: 'ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)'
+    url: https://datatracker.ietf.org/doc/html/rfc7905
+    source: IETF
+
+  - text: 'ChaCha20 and Poly1305 for IETF Protocols'
+    url: https://datatracker.ietf.org/doc/html/rfc8439
+    source: IETF
+
+  - text: 'ChaCha20-Poly1305'
+    url: https://en.wikipedia.org/wiki/ChaCha20-Poly1305
+    source: Wikipedia
+
+  - text: 'The Poly1305-AES message-authentication code'
+    url: https://cr.yp.to/mac/poly1305-20050329.pdf
+    source: Research paper
+
+  - text: 'Implementations of a fast Message-Authentication Code'
+    url: https://github.com/floodyberry/poly1305-donna
+    source: GitHub
+
+---
+
+## Summary
+
+[Poly1305] is a universal hash family used in cryptography for message authentication.
+
+It can be used as a one-time authenticator, combining it with a secret key and message number to generate an authenticator for a single message. Poly1305 is also used in Poly1305-AES and NaCl/ChaCha20-Poly1305 authenticated ciphers, providing security against forgery due to its bounded difference probability.
+
+> [!TIP]
+> This is a recommended algorithm.
+
+## Information
+
+| Field        | Value                       |
+|--------------|-----------------------------|
+| Kind         | {{% param-kind %}}          |
+| Invented     | 2002                        |
+| Cracked      | -                           |
+| Related tech | [Libsodium], [QUIC], [SPDY] |
+
+[Poly1305]: https://en.wikipedia.org/wiki/Poly1305
+[Libsodium]: https://en.wikipedia.org/wiki/NaCl_(software)#Libsodium
+[QUIC]: https://en.wikipedia.org/wiki/QUIC
+[SPDY]: https://en.wikipedia.org/wiki/SPDY

content/learning/tls/sha1.md

@@ -0,0 +1,76 @@
+---
+title: Secure Hash Algorithm 1 (SHA-1)
+description: ❌ Vulnerable hashing function
+layout: learn-single
+
+tls_part: hash
+
+learn_more:
+  - text: 'Secure Hash Standard'
+    url: https://csrc.nist.gov/pubs/fips/180-1/final
+    source: NIST
+
+  - text: 'Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths'
+    url: https://csrc.nist.gov/pubs/sp/800/131/a/final
+    source: NIST
+
+  - text: 'US Secure Hash Algorithm 1 (SHA1)'
+    url: https://datatracker.ietf.org/doc/html/rfc3174
+    source: IETF
+
+  - text: 'Migrate Git from SHA-1 to a stronger hash function.'
+    url: https://git-scm.com/docs/hash-function-transition
+    source: Git
+
+  - text: 'SHA-1 Transition Plan'
+    url: https://wiki.mercurial-scm.org/SHA1TransitionPlan
+    source: Mercurial
+
+  - text: 'Library and command line tool to detect SHA-1 collision in a file'
+    url: https://github.com/cr-marcstevens/sha1collisiondetection
+    source: GitHub
+
+  - text: 'SHA-1 and DNSSEC validation'
+    url: https://www.dns.cam.ac.uk/news/2020-02-14-sha-mbles.html
+    source: University of Cambridge
+
+  - text: 'PGP keys, software security, and much more threatened by new SHA1 exploit'
+    url: https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
+    source: Ars Technica
+
+---
+
+## Summary
+
+[SHA-1] is a cryptographic hash function that produces a 160-bit hash value, but has been cryptographically broken and is no longer considered secure.
+
+There were some [early cracks in the SHA-1 foundation][cracks] in the early 2000s. [NIST started the deprecation of SHA-1 in 2011][NIST], and the [CA Browser Forum deprecated SHA-1 certificates in 2014][cab]. [Google], [Microsoft], and [Mozilla] had public deprecation processes they were following when it was announced in 2017 that [SHA-1 had been fully cracked][shattered]. [Chosen-prefix collisions were proven in SHA-1][shambles] in 2020.
+
+While still used in some applications, it is recommended to replace SHA-1 with [SHA-2]({{% relref "sha2" %}}) due to practical chosen-prefix attacks.
+
+Any cipher suite with `SHA` (specifically `_SHA_`) in the name should be avoided.
+
+## Information
+
+| Field        | Value                                                       |
+|--------------|-------------------------------------------------------------|
+| Kind         | {{% param-kind %}}                                          |
+| Invented     | 1991                                                        |
+| Cracked      | 2017                                                        |
+| Related tech | [DNSSEC], [Git], [GnuPG], [Mercurial], [OpenSSH], [OpenSSL] |
+
+[cab]: https://cabforum.org/2014/10/16/ballot-118-sha-1-sunset-passed/
+[cracks]: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
+[DNSSEC]: https://www.dns.cam.ac.uk/news/2020-02-14-sha-mbles.html
+[Git]: https://git-scm.com/docs/hash-function-transition
+[GnuPG]: https://www.gnupg.org/faq/gnupg-faq.html#no_best_algo
+[Google]: https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
+[Mercurial]: https://wiki.mercurial-scm.org/SHA1TransitionPlan
+[Microsoft]: https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
+[Mozilla]: https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/
+[NIST]: https://csrc.nist.gov/pubs/sp/800/131/a/final
+[OpenSSH]: https://www.openssh.com/txt/release-8.2
+[OpenSSL]: https://github.com/openssl/openssl/commit/68436f0a8964e911eb4f864bc8b31d7ca4d29585
+[SHA-1]: https://en.wikipedia.org/wiki/SHA-1
+[shambles]: https://sha-mbles.github.io
+[shattered]: https://shattered.io

content/learning/tls/sha2.md

@@ -0,0 +1,46 @@
+---
+title: Secure Hash Algorithm 2 (SHA-256, SHA-384)
+description: ✅ Secure hashing function
+layout: learn-single
+
+aliases:
+  - /learning/tls/sha224
+  - /learning/tls/sha256
+  - /learning/tls/sha384
+  - /learning/tls/sha512
+
+tls_part: hash
+
+learn_more:
+  - text: 'Analysis of SHA-512/224 and SHA-512/256'
+    url: https://eprint.iacr.org/2016/374.pdf
+    source: Research paper
+
+---
+
+## Summary
+
+[SHA-2] is a set of cryptographic hash functions designed by the NSA, including `SHA-224`, `SHA-256`, `SHA-384`, and `SHA-512`. `SHA-256` and `SHA-512` are virtually identical, differing only in the number of rounds and shift amounts.
+
+`SHA-2` was first published by NIST as a U.S. federal standard ([FIPS 180-4]) and is patented in the U.S. under a royalty-free license.
+
+## Information
+
+| Field        | Value                                                                              |
+|--------------|------------------------------------------------------------------------------------|
+| Kind         | {{% param-kind %}}                                                                 |
+| Invented     | 2001                                                                               |
+| Cracked      | -                                                                                  |
+| Related tech | [Bitcoin], [DKIM], [DNSSEC], [GnuPG], [IPsec], [Libsodium], [PGP], [SSH], [S/MIME] |
+
+[Bitcoin]: https://en.wikipedia.org/wiki/Bitcoin
+[DKIM]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
+[DNSSEC]: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
+[FIPS 180-4]: https://csrc.nist.gov/pubs/fips/180-4/upd1/final
+[GnuPG]: https://www.gnupg.org/faq/gnupg-faq.html#no_best_algo
+[IPsec]: https://en.wikipedia.org/wiki/IPsec
+[Libsodium]: https://en.wikipedia.org/wiki/NaCl_(software)#Libsodium
+[PGP]: https://en.wikipedia.org/wiki/Pretty_Good_Privacy
+[S/MIME]: https://datatracker.ietf.org/doc/html/rfc8551
+[SHA-2]: https://en.wikipedia.org/wiki/SHA-2
+[SSH]: https://en.wikipedia.org/wiki/Secure_Shell

content/learning/tls/sm3.md

@@ -0,0 +1,33 @@
+---
+title: ShāngMì 3 (SM3)
+description: ❌ Non-standard hashing function
+layout: learn-single
+
+learn_more:
+  - text: 'ShangMi (SM) Cipher Suites for TLS 1.3'
+    url: https://datatracker.ietf.org/doc/html/rfc8998
+
+  - text: 'SM3 (hash function)'
+    url: https://en.wikipedia.org/wiki/SM3_(hash_function)
+    source: Wikipedia
+
+---
+
+## Summary
+
+[ShāngMì 3][SM3] is a hashing function standardized for use by the government of China, but has **NOT** been accepted as an international standard. Its security has **NOT** proven and its use is **NOT** recommended by the IETF.
+
+It was published in 2010, and is considered similar to [SHA-256]({{% relref "sha2" %}}) in security and efficiency.
+
+The ShāngMì algorithms are becoming mandatory in China.
+
+## Information
+
+| Field        | Value                  |
+|--------------|------------------------|
+| Invented     | 2010                   |
+| Cracked      | -                      |
+| Related tech | [ISO/IEC 10118-3:2018] |
+
+[ISO/IEC 10118-3:2018]: https://www.iso.org/standard/67116.html
+[SM3]: https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3

content/learning/tls/sm4.md

@@ -0,0 +1,30 @@
+---
+title: ShāngMì 4 (SM4)
+description: ❌ Non-standard encryption algorithm
+layout: learn-single
+
+learn_more:
+  - text: 'ShangMi (SM) Cipher Suites for TLS 1.3'
+    url: https://datatracker.ietf.org/doc/html/rfc8998
+    source: IETF
+
+---
+
+## Summary
+
+ShāngMì 4 is a block cipher standardized for use by the government of China, but has **NOT** been accepted as an international standard. Its security has **NOT** proven and its use is **NOT** recommended by the IETF.
+
+It was declassified in 2006 and standardized in 2016, with a key and block size of 128 bits (similar to [AES]({{% relref "AES" %}}) standardized in the U.S.). SM4 has faced opposition in international standards bodies, but has hardware-accelerated support in various CPUs.
+
+The ShāngMì algorithms are becoming mandatory in China.
+
+## Information
+
+| Field        | Value                              |
+|--------------|------------------------------------|
+| Invented     | 2000s                              |
+| Cracked      | -                                  |
+| Related tech | [ISO/IEC 18033-3:2010/Amd], [WAPI] |
+
+[WAPI]: https://en.wikipedia.org/wiki/WLAN_Authentication_and_Privacy_Infrastructure
+[ISO/IEC 18033-3:2010/Amd]: https://www.iso.org/standard/81564.html