Cryptography For The Average Developer - Sunshine PHP

  • 9,081 views
Uploaded on

Slides for a talk I gave on 2/9/13 at Sunshine PHP in Miami.

Slides for a talk I gave on 2/9/13 at Sunshine PHP in Miami.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
9,081
On Slideshare
0
From Embeds
0
Number of Embeds
5

Actions

Shares
Downloads
77
Comments
0
Likes
8

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cryptography In PHPFor The Average Developer
  • 2. Cryptography● Keeping Data Secure ○ Safe From Viewing ○ Safe From Tampering ○ Safe From Forgery● Not A Silver Bullet ○ XSS ○ SQLI ○ Social Engineering● Very Hard To Do ○ Any bug will cause problems
  • 3. The First Ruleof Cryptography
  • 4. Dont Do It!
  • 5. Leave It ForExperts
  • 6. Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
  • 7. Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
  • 8. Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
  • 9. Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
  • 10. Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
  • 11. NEVER Use WeakFor Security
  • 12. NEVER Use CSWhen Not Needed
  • 13. If In Doubt Use StrongRandomness
  • 14. Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box
  • 15. Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box● Hashing ○ Signing ○ 1 Way / Non-Reversible ○ Taking a persons finger-print
  • 16. Encryption
  • 17. Seriously,Dont Do It!
  • 18. Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
  • 19. Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key
  • 20. Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
  • 21. Symmetric Encryption 101● Number: 01Scratch That● Numbers: 01 04 01 54 95 42 64 12
  • 22. Symmetric Encryption 101 Lets Add A "Secret" Number!01 04 01 54 95 42 64 12+1011 14 11 64 05 52 74 22
  • 23. Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
  • 24. Symmetric Encryption 101 I Know: Lets Add A Different Number!01 04 01 54 95 42 64 12+10 43 21 95 42 67 31 8311 47 22 49 37 09 95 95
  • 25. How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
  • 26. Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
  • 27. Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
  • 28. ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
  • 29. ECB
  • 30. CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
  • 31. CBC
  • 32. CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher ○ Does not need to be padded● "Decrypt" Is Never Used● Secure!
  • 33. CFB
  • 34. Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
  • 35. AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
  • 36. All Together Now!
  • 37. Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$iv = mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM);$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $plain, MCRYPT_MODE_CFB, $iv);$auth = hash_hmac(sha512, $cipherText, $authKey, true);$encrypted = base64_encode($iv . $cipherText . $auth);
  • 38. Decrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$encrypted = base64_decode($encrypted);$iv = substr($encrypted, 0, $size);$auth = substr($encrypted, -64);$cipherText = substr($encrypted, $size, -64);if ($auth != hash_hmac(sha512, $cipherText, $authKey, true)) { // Auth Failed!!! return false;}$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $cipherText, MCRYPT_MODE_CFB, $iv);
  • 39. Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
  • 40. If you MUST,Use a Library
  • 41. Common Encryption Needs● Between Client / Server ○ Use SSL ○ Really, just use SSL ○ Im not kidding, just use SSL● Storage ○ Use disk encryption ○ Use database encryption
  • 42. Really,Dont Do It!
  • 43. Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
  • 44. Learn More● Coursera <-- FREE!!! ○ Cryptography 1 ○ Cryptography 2
  • 45. Password Storage
  • 46. Passwords Should Be HASHED!Not Encrypted!
  • 47. Password Hashes● Use A Salt ○ Defeats Rainbow Tables ○ Makes Each Hash a "Proof Of Work" ○ Should be random! ■ Strong Randomness● Should Be SLOW! ○ Salt is not enough
  • 48. Brute Forcing25 GPU Cluster- md5: 180 Billion per second- < $50,0006 char passwords: 4 seconds7 char passwords: 6 minutes8 char passwords: 10 hoursEntire English Language: microseconds"LEET" Permutations: 0.7 seconds
  • 49. Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
  • 50. Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
  • 51. SimplifiedPassword Hashing
  • 52. New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash
  • 53. Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
  • 54. Hashing Resources● PHP 5.5 API ○ wiki.php.net/rfc/password_hash ○ php.net/password● Password Compat ○ PHP 5.5 Compatibility ○ github/ircmaxell/password_compat● PasswordLib ○ 5.3+, Multiple Algorithms, Portable ○ github/ircmaxell/PHP-PasswordLib● PHPASS ○ PHP 4+ ○ openwall.com/phpass
  • 55. Seriously,Hire an Expert!
  • 56. You Have Been Warned
  • 57. Anthony Ferrara joind.in/8027 @ircmaxellblog.ircmaxell.comme@ircmaxell.comyoutube.com/ircmaxell