Cryptography       In PHPFor The Average Developer
Cryptography● Keeping Data Secure  ○ Safe From Viewing  ○ Safe From Tampering  ○ Safe From Forgery● Not A Silver Bullet  ○...
The First Ruleof Cryptography
Dont Do It!
Leave It  ForExperts
Random!The Foundation of Cryptography● Classified Under Three Types:  ○ Weak    ■ For non-cryptographic usages  ○ Strong  ...
Vulnerabilities of           Randomness● Bias  ○ Certain values tend to occur more often making it    easier to predict fu...
Weak Random in PHPNot to be used for cryptographic usages!!!●   rand()●   mt_rand()●   uniqid()●   lcg_value()
Strong Random in PHP●   mcrypt_create_iv()    ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()●   /dev/urandom    ○ For...
Cryptographically Secure●   mcrypt_create_iv()    ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes()  ○ Maybe●   /dev/rand...
NEVER Use WeakFor Security
NEVER Use CSWhen Not Needed
If In Doubt Use StrongRandomness
Encryption vs Hashing● Encryption  ○ Encoding  ○ 2 Way / Reversible  ○ Putting a lock on a box● Hashing  ○ Signing  ○ 1 Wa...
Encryption
Seriously,Dont Do It!
Terms● Key  ○ Secure string of data● Plain-Text  ○ The text you want to keep secret● Cipher-Text  ○ The encrypted output
Two Basic Types● Symmetric Encryption  ○ Like a Pad-Lock with a shared key  ○ The only secret is the key  ○ Both sides mus...
Symmetric Encryption 101● Number:  01Scratch That● Numbers:  01 04 01 54 95 42 64 12
Symmetric Encryption 101 Lets Add A "Secret" Number!01 04 01 54 95 42 64 12+1011 14 11 64 05 52 74 22
Secret Numbers● We just invented the Caesar Cipher  ○ Commonly known as "ROT13"● But There Are Problems:  ○ Vulnerable To ...
Symmetric Encryption 101 I Know: Lets Add A Different Number!01 04 01 54 95 42 64 12+10 43 21 95 42 67 31 8311 47 22 49 37...
How It WorksWe can generate the pads in two ways● Randomly  ○ If we only use once, perfect security    ■ Known as a one-ti...
Ciphers● Take 2 inputs  ○ A secret key  ○ An "input"● Produces Pseudo-Random Output  ○ Looks random (statistically)  ○ Is ...
Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure  ○ Others are not
ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text●   VERY BROKEN!!!
ECB
CBCCipher Block Chaining● Uses an "Initialization Vector"  ○   Helps "randomize" the plain-text  ○   Ensures no non-unique...
CBC
CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher  ○ Does not need to be padded● "Decryp...
CFB
Ciphers● AES 128 & 256  ○ Standard     ■ NIST Approved  ○ Also Known As RIJNDAEL-128     ■ 128 here refers to "block size"...
AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC  ○   Hash-based Message Authentication ...
All Together    Now!
Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mc...
Decrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$size = mcrypt_get_iv_size(     MCRYPT_RIJNDAEL_128,     MCRYPT_M...
Please Dont Do It!● Notice How Much Code It Took  ○ Without error checking● Notice How Complex It Is  ○ Without flexibilit...
If you MUST,Use a Library
Common Encryption Needs●   Between Client / Server    ○ Use SSL    ○ Really, just use SSL    ○ Im not kidding, just use SS...
Really,Dont Do It!
Encryption Resources● Zend Framework Encryption  ○ Very good and complete lib  ○ ZF2    ■ ZendCryptBlockCipher● PHP Sec Li...
Password Storage
Passwords  Should Be HASHED!Not Encrypted!
Password Hashes● Use A Salt  ○ Defeats Rainbow Tables  ○ Makes Each Hash a "Proof Of Work"  ○ Should be random!    ■ Stron...
Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash(    $password,    PASSWORD_BCRYPT);$pass...
Cost Parameter● Target: 0.25 - 0.5 Seconds  ○ As slow as you can afford● Depends on hardware  ○ Test it!● Good Defaults:  ...
SimplifiedPassword Hashing
New API for 5.5●   string password_hash($pass,         $algo, array $options =    array() )    ○   Generates Salt, hashes ...
Examplefunction register($user, $password) {    $hash = password_hash($password, PASSWORD_BCRYPT);    $this->store($user, ...
Hashing Resources● PHP 5.5 API  ○ wiki.php.net/rfc/password_hash● Password Compat  ○ PHP 5.5 Compatibility  ○ github/ircma...
Seriously,Hire an Expert!
You Have Been  Warned
Questions? Comments?Snide Remarks?
Anthony Ferrara    @ircmaxellblog.ircmaxell.comme@ircmaxell.com   joind.in/7939
Upcoming SlideShare
Loading in...5
×

Cryptography For The Average Developer

1,475

Published on

This talk was presented at Day Camp for Developers Master Series 2012

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,475
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cryptography For The Average Developer

  1. 1. Cryptography In PHPFor The Average Developer
  2. 2. Cryptography● Keeping Data Secure ○ Safe From Viewing ○ Safe From Tampering ○ Safe From Forgery● Not A Silver Bullet ○ XSS ○ SQLI ○ Social Engineering● Very Hard To Do ○ Any bug will cause problems
  3. 3. The First Ruleof Cryptography
  4. 4. Dont Do It!
  5. 5. Leave It ForExperts
  6. 6. Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
  7. 7. Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
  8. 8. Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
  9. 9. Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
  10. 10. Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
  11. 11. NEVER Use WeakFor Security
  12. 12. NEVER Use CSWhen Not Needed
  13. 13. If In Doubt Use StrongRandomness
  14. 14. Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box● Hashing ○ Signing ○ 1 Way / Non-Reversible ○ Taking a persons finger-print
  15. 15. Encryption
  16. 16. Seriously,Dont Do It!
  17. 17. Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
  18. 18. Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
  19. 19. Symmetric Encryption 101● Number: 01Scratch That● Numbers: 01 04 01 54 95 42 64 12
  20. 20. Symmetric Encryption 101 Lets Add A "Secret" Number!01 04 01 54 95 42 64 12+1011 14 11 64 05 52 74 22
  21. 21. Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
  22. 22. Symmetric Encryption 101 I Know: Lets Add A Different Number!01 04 01 54 95 42 64 12+10 43 21 95 42 67 31 8311 47 22 49 37 09 95 95
  23. 23. How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
  24. 24. Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
  25. 25. Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
  26. 26. ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
  27. 27. ECB
  28. 28. CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
  29. 29. CBC
  30. 30. CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher ○ Does not need to be padded● "Decrypt" Is Never Used● Secure!
  31. 31. CFB
  32. 32. Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
  33. 33. AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
  34. 34. All Together Now!
  35. 35. Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$iv = mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM);$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $plain, MCRYPT_MODE_CFB, $iv);$auth = hash_hmac(sha512, $cipherText, $authKey, true);$encrypted = base64_encode($iv . $cipherText . $auth);
  36. 36. Decrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$encrypted = base64_decode($encrypted);$iv = substr($encrypted, 0, $size);$auth = substr($encrypted, -64);$cipherText = substr($encrypted, $size, -64);if ($auth != hash_hmac(sha512, $cipherText, $authKey, true)) { // Auth Failed!!! return false;}$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $cipherText, MCRYPT_MODE_CFB, $iv);
  37. 37. Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
  38. 38. If you MUST,Use a Library
  39. 39. Common Encryption Needs● Between Client / Server ○ Use SSL ○ Really, just use SSL ○ Im not kidding, just use SSL● Storage ○ Use disk encryption ○ Use database encryption
  40. 40. Really,Dont Do It!
  41. 41. Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
  42. 42. Password Storage
  43. 43. Passwords Should Be HASHED!Not Encrypted!
  44. 44. Password Hashes● Use A Salt ○ Defeats Rainbow Tables ○ Makes Each Hash a "Proof Of Work" ○ Should be random! ■ Strong Randomness● Should Be SLOW! ○ Salt is not enough ○ Salted SHA256: 11 BILLION per second ○ bcrypt: 3200 per second
  45. 45. Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
  46. 46. Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
  47. 47. SimplifiedPassword Hashing
  48. 48. New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash
  49. 49. Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
  50. 50. Hashing Resources● PHP 5.5 API ○ wiki.php.net/rfc/password_hash● Password Compat ○ PHP 5.5 Compatibility ○ github/ircmaxell/password_compat● PasswordLib ○ 5.3+, Multiple Algorithms, Portable ○ github/ircmaxell/PHP-PasswordLib● PHPASS ○ PHP 4+ ○ openwall.com/phpass
  51. 51. Seriously,Hire an Expert!
  52. 52. You Have Been Warned
  53. 53. Questions? Comments?Snide Remarks?
  54. 54. Anthony Ferrara @ircmaxellblog.ircmaxell.comme@ircmaxell.com joind.in/7939
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×