SlideShare a Scribd company logo

Introduction To Encryption in Lasso 8.5

Download as ODP, PDF
B
bilcorry

Presentation at LDC09: Introduction To Encryption in Lasso 8.5

TechnologyEducation
1 of 26
Session: Encryption Bil Corry lasso.pro
Caveat Emptor ,[object Object]
I only have a rudimentary understanding of cryptography
When in doubt, hire a professional
Encryption is strong, yet fragile ,[object Object]
Easy to get wrong = broken implementation = insecure encryption
When there's a breach, keys have to be swapped out
Advice from Experts ,[object Object]
Do not implement an encryption scheme using low-level APIs (OpenSSL, etc)
Use a high-level API such KeyCzar, GPGME, or cryptlib ,[object Object]
http://www.gnupg.org/gpgme.html
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
High-Level APIs ,[object Object]
Safe defaults for key lengths, algorithms, and modes
Allow for key rotation and versioning
Automated generation of initialization vectors and other setup requirements
Encryption Gone Bad ,[object Object]
Unix: /dev/urandom
Windows: CryptGenRandom or RtlGenRandom from ADVAPI32.DLL
Encryption Gone Bad (cont) ,[object Object]
CCM, EAX, GCM, OCB – fatal if IV reused ,[object Object],ECB-encrypted image of Tux Plaintext image of Tux Image of Tux encrypted in other (chained) modes From: http://www.subspacefield.org/security/security_concepts/
Encryption Gone Bad (cont) ,[object Object]
Encryption Gone Bad (cont) ,[object Object]
Wordpress Cookie Integrity Vulnerability
Amazon Web Services v1 – lacked structure for data
Types of Encryption ,[object Object]

Recommended

Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL serverMarian Marinov
 
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2016
 
Offensive MitM
Offensive MitMOffensive MitM
Offensive MitMnavajanegra
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesSpin Lai
 
The problem with the real world
The problem with the real worldThe problem with the real world
The problem with the real worldMichal Špaček
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
Password hashing, salting, bycrpt
Password hashing, salting, bycrptPassword hashing, salting, bycrpt
Password hashing, salting, bycrptAhmad karawash
 
Iam r31 a (2)
Iam r31 a (2)Iam r31 a (2)
Iam r31 a (2)SelectedPresentations
 

Recommended

Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL serverMarian Marinov
 
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2016
 
Offensive MitM
Offensive MitMOffensive MitM
Offensive MitMnavajanegra
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesSpin Lai
 
The problem with the real world
The problem with the real worldThe problem with the real world
The problem with the real worldMichal Špaček
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
Password hashing, salting, bycrpt
Password hashing, salting, bycrptPassword hashing, salting, bycrpt
Password hashing, salting, bycrptAhmad karawash
 
Iam r31 a (2)
Iam r31 a (2)Iam r31 a (2)
Iam r31 a (2)SelectedPresentations
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Stu r33 b (2)
Stu r33 b (2)Stu r33 b (2)
Stu r33 b (2)SelectedPresentations
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHPWataru OKAMOTO
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackCosimo Streppone
 
Web::Scraper
Web::ScraperWeb::Scraper
Web::ScraperTatsuhiko Miyagawa
 
Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8Tatsuhiko Miyagawa
 
Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)Chhom Karath
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption MythsHighCloud Security
 
Cryptography
CryptographyCryptography
CryptographyIama Marsian
 
Key management
Key managementKey management
Key managementSujata Regoti
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSectricity
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security trainingEnterpriseGRC Solutions, Inc.
 
Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )Anas Rock
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMJonathan Katz
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 

More Related Content

What's hot

WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackCosimo Streppone
 
Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8Tatsuhiko Miyagawa
 

What's hot (7)

WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
 
Stu r33 b (2)
Stu r33 b (2)Stu r33 b (2)
Stu r33 b (2)
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHP
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 
Web::Scraper
Web::ScraperWeb::Scraper
Web::Scraper
 
Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8Web Scraper Shibuya.pm tech talk #8
Web Scraper Shibuya.pm tech talk #8
 

Viewers also liked

Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)Chhom Karath
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSectricity
 
Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )Anas Rock
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 

Viewers also liked (8)

Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)Chapter ii c#(building a user interface)
Chapter ii c#(building a user interface)
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption Myths
 
Cryptography
CryptographyCryptography
Cryptography
 
Key management
Key managementKey management
Key management
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )Information Security Cryptography ( L03- Old Cryptography Algorithms )
Information Security Cryptography ( L03- Old Cryptography Algorithms )
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 

Similar to Introduction To Encryption in Lasso 8.5

Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMJonathan Katz
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMJonathan Katz
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidOwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidFilip Šebesta
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Challenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsChallenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsMasabi
 
Introduction to Cryptography.pptx
Introduction to Cryptography.pptxIntroduction to Cryptography.pptx
Introduction to Cryptography.pptxssuser62852e
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...All Things Open
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networksguestf2e41
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...Amazon Web Services
 

Similar to Introduction To Encryption in Lasso 8.5 (20)

Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Challenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsChallenges Building Secure Mobile Applications
Challenges Building Secure Mobile Applications
 
Introduction to Cryptography.pptx
Introduction to Cryptography.pptxIntroduction to Cryptography.pptx
Introduction to Cryptography.pptx
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Introduction To Encryption in Lasso 8.5

  • 1. Session: Encryption Bil Corry lasso.pro
  • 2.
  • 3. I only have a rudimentary understanding of cryptography
  • 4. When in doubt, hire a professional
  • 5.
  • 6. Easy to get wrong = broken implementation = insecure encryption
  • 7. When there's a breach, keys have to be swapped out
  • 8.
  • 9. Do not implement an encryption scheme using low-level APIs (OpenSSL, etc)
  • 10.
  • 13.
  • 14. Safe defaults for key lengths, algorithms, and modes
  • 15. Allow for key rotation and versioning
  • 16. Automated generation of initialization vectors and other setup requirements
  • 17.
  • 19. Windows: CryptGenRandom or RtlGenRandom from ADVAPI32.DLL
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. Wordpress Cookie Integrity Vulnerability
  • 25. Amazon Web Services v1 – lacked structure for data
  • 26.
  • 28.
  • 29.
  • 30.
  • 31. DES
  • 32. 3DES
  • 33. AES
  • 34. Symmetric Example [ Encode_Hex( Cipher_Encrypt('Data', -Cipher='CAST5-CBC', -Key='supersecretpassword') ); '<br>'; Cipher_Decrypt( Decode_Hex('D7BF2BE2EA29D2C9'), -Cipher='CAST5-CBC', -Key='supersecretpassword' ); ] LP8: D7BF2BE2EA29D2C9 Data
  • 35.
  • 36. Encrypt with public key to send over insecure channel that only can be decrypted with the private key
  • 37. Encrypt with the private key, the public key can decrypt to verify the authenticity of the signer
  • 38.
  • 39. Asymmetric Example Currently in Lasso, you would need to use [os_process] to use PGP or similar command-line tool to sign/encrypt using public/private keys.
  • 40.
  • 41. Used as an integrity check, storing passwords
  • 42.
  • 43. SHA-1
  • 45.
  • 46. it is infeasible to find a message that has a given hash,
  • 47. it is infeasible to modify a message without changing its hash,
  • 48. it is infeasible to find two different messages with the same hash.
  • 49. Hash Example [ encode_hex( cipher_digest('Data',-digest='RIPEMD160') ) ] LP8: 934C399FC545B1C385E96CC30EFE8321B84F107C
  • 50.
  • 51.
  • 52. Iterate hash 1000 times or more – key strengthening
  • 53.
  • 54. Protects integrity and authenticity
  • 55. Secret key used to create MAC and validate its authenticity
  • 56. HMAC is MAC using a specific algorithm (RFC 2104)
  • 57. HMAC Example [Encrypt_HMAC( 'Data', 'supersecretpassword', -Digest='SHA1',-Cram) ] LP8: 13c6e2d6bafbbed0723a00a61f79cde424cb83b7
  • 58.
  • 59. Do not use JavaScript encryption
  • 60.
  • 61.
  • 62.
  • 63. Use a unique salt for every hash
  • 64. Use key strengthening of at least 1000 for hashes of passwords
  • 66.
  • 67. Use the same salt for all passwords
  • 68. Use MD5 for anything
  • 70. Re-use keys for different purposes
  • 71. Create your own cipher
  • 72. CarTalk: The Puzzler 2007-12-17 Imagine you have a friend who lives in Russia where the KGB spies on everyone and everything and you want to send a valuable object to this friend. So you have a box which is more than large enough to contain the object and you have several locks with keys. Now this box, I suppose you could call it a strongbox, has a lock ring which is more than large enough to have a padlock attached to it. In fact it's large enough to accommodate several locks. But your friend does not have to the key to any lock that you have. Now you can't send a key in the mail because the KGB will intercept it and they will copy it. And you can't not lock the box, because the object is very valuable. So you have to send it through the mail. You can't hand deliver it. You want to lock it so that your friend can open it, but the KGB can't. The question is, how would you do it? From: http://www.cartalk.com/content/puzzler/transcripts/200750/
  • 73. CarTalk: The Puzzler Answer 2007-12-17 RAY: So the question is how do you package your valuable objects so that the KGB cannot open it, but your friend can? Now instead of a key, I would have mailed a hacksaw. But in the spirit of the puzzler that wouldn't have been fair. TOM: Sure. RAY: You put the valuable thing in the box. You put as many locks as you want on the clasp, making sure you leave room for at least one more. TOM: Yeah. RAY: You mail the thing to Russia. Your friend gets it. He doesn't have a key to any of these locks that you put on it. He puts another lock on it for which he has the key. He mails it back to you. You remove all of your locks and you can't get it open now. But you don't have to. TOM: He can. RAY: When you mail it back to him. From: http://www.cartalk.com/content/puzzler/transcripts/200750/answer.html