Cryptography For The Average Developer
Upcoming SlideShare
Loading in...5
×
 

Cryptography For The Average Developer

on

  • 1,616 views

This talk was presented at Day Camp for Developers Master Series 2012

This talk was presented at Day Camp for Developers Master Series 2012

Statistics

Views

Total Views
1,616
Views on SlideShare
1,613
Embed Views
3

Actions

Likes
0
Downloads
27
Comments
0

3 Embeds 3

http://www.crowdlens.com 1
https://twimg0-a.akamaihd.net 1
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cryptography For The Average Developer Cryptography For The Average Developer Presentation Transcript

  • Cryptography In PHPFor The Average Developer
  • Cryptography● Keeping Data Secure ○ Safe From Viewing ○ Safe From Tampering ○ Safe From Forgery● Not A Silver Bullet ○ XSS ○ SQLI ○ Social Engineering● Very Hard To Do ○ Any bug will cause problems
  • The First Ruleof Cryptography
  • Dont Do It!
  • Leave It ForExperts
  • Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
  • Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
  • Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
  • Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
  • Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
  • NEVER Use WeakFor Security
  • NEVER Use CSWhen Not Needed
  • If In Doubt Use StrongRandomness
  • Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box● Hashing ○ Signing ○ 1 Way / Non-Reversible ○ Taking a persons finger-print
  • Encryption
  • Seriously,Dont Do It!
  • Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
  • Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
  • Symmetric Encryption 101● Number: 01Scratch That● Numbers: 01 04 01 54 95 42 64 12
  • Symmetric Encryption 101 Lets Add A "Secret" Number!01 04 01 54 95 42 64 12+1011 14 11 64 05 52 74 22
  • Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
  • Symmetric Encryption 101 I Know: Lets Add A Different Number!01 04 01 54 95 42 64 12+10 43 21 95 42 67 31 8311 47 22 49 37 09 95 95
  • How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
  • Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
  • Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
  • ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
  • ECB
  • CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
  • CBC
  • CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher ○ Does not need to be padded● "Decrypt" Is Never Used● Secure!
  • CFB
  • Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
  • AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
  • All Together Now!
  • Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$iv = mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM);$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $plain, MCRYPT_MODE_CFB, $iv);$auth = hash_hmac(sha512, $cipherText, $authKey, true);$encrypted = base64_encode($iv . $cipherText . $auth);
  • Decrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$encrypted = base64_decode($encrypted);$iv = substr($encrypted, 0, $size);$auth = substr($encrypted, -64);$cipherText = substr($encrypted, $size, -64);if ($auth != hash_hmac(sha512, $cipherText, $authKey, true)) { // Auth Failed!!! return false;}$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $cipherText, MCRYPT_MODE_CFB, $iv);
  • Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
  • If you MUST,Use a Library
  • Common Encryption Needs● Between Client / Server ○ Use SSL ○ Really, just use SSL ○ Im not kidding, just use SSL● Storage ○ Use disk encryption ○ Use database encryption
  • Really,Dont Do It!
  • Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
  • Password Storage
  • Passwords Should Be HASHED!Not Encrypted!
  • Password Hashes● Use A Salt ○ Defeats Rainbow Tables ○ Makes Each Hash a "Proof Of Work" ○ Should be random! ■ Strong Randomness● Should Be SLOW! ○ Salt is not enough ○ Salted SHA256: 11 BILLION per second ○ bcrypt: 3200 per second
  • Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
  • Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
  • SimplifiedPassword Hashing
  • New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash
  • Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
  • Hashing Resources● PHP 5.5 API ○ wiki.php.net/rfc/password_hash● Password Compat ○ PHP 5.5 Compatibility ○ github/ircmaxell/password_compat● PasswordLib ○ 5.3+, Multiple Algorithms, Portable ○ github/ircmaxell/PHP-PasswordLib● PHPASS ○ PHP 4+ ○ openwall.com/phpass
  • Seriously,Hire an Expert!
  • You Have Been Warned
  • Questions? Comments?Snide Remarks?
  • Anthony Ferrara @ircmaxellblog.ircmaxell.comme@ircmaxell.com joind.in/7939