Cryptography● Keeping Data Secure ○ Safe From Viewing ○ Safe From Tampering ○ Safe From Forgery● Not A Silver Bullet ○ XSS ○ SQLI ○ Social Engineering● Very Hard To Do ○ Any bug will cause problems
The First Ruleof Cryptography
Dont Do It!
Leave It ForExperts
Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
NEVER Use WeakFor Security
NEVER Use CSWhen Not Needed
If In Doubt Use StrongRandomness
Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box
Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box● Hashing ○ Signing ○ 1 Way / Non-Reversible ○ Taking a persons finger-print
Seriously,Dont Do It!
Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key
Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher ○ Does not need to be padded● "Decrypt" Is Never Used● Secure!
Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
All Together Now!
Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$iv = mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM);$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $plain, MCRYPT_MODE_CFB, $iv);$auth = hash_hmac(sha512, $cipherText, $authKey, true);$encrypted = base64_encode($iv . $cipherText . $auth);
Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
If you MUST,Use a Library
Common Encryption Needs● Between Client / Server ○ Use SSL ○ Really, just use SSL ○ Im not kidding, just use SSL● Storage ○ Use disk encryption ○ Use database encryption
Really,Dont Do It!
Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash