Cryptography For The Average Developer - Sunshine PHP
Upcoming SlideShare
Loading in...5
×
 

Cryptography For The Average Developer - Sunshine PHP

on

  • 9,050 views

Slides for a talk I gave on 2/9/13 at Sunshine PHP in Miami.

Slides for a talk I gave on 2/9/13 at Sunshine PHP in Miami.

Statistics

Views

Total Views
9,050
Views on SlideShare
8,779
Embed Views
271

Actions

Likes
8
Downloads
71
Comments
0

9 Embeds 271

http://yosymfony.com 133
http://live.ritsi.org 60
https://twitter.com 38
http://librosweb.es 25
http://feeds.feedburner.com 5
http://www.linkedin.com 5
http://devi-vm.local 3
http://tweetedtimes.com 1
https://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cryptography For The Average Developer - Sunshine PHP Cryptography For The Average Developer - Sunshine PHP Presentation Transcript

  • Cryptography In PHPFor The Average Developer
  • Cryptography● Keeping Data Secure ○ Safe From Viewing ○ Safe From Tampering ○ Safe From Forgery● Not A Silver Bullet ○ XSS ○ SQLI ○ Social Engineering● Very Hard To Do ○ Any bug will cause problems
  • The First Ruleof Cryptography
  • Dont Do It!
  • Leave It ForExperts
  • Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
  • Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
  • Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
  • Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
  • Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
  • NEVER Use WeakFor Security
  • NEVER Use CSWhen Not Needed
  • If In Doubt Use StrongRandomness
  • Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box
  • Encryption vs Hashing● Encryption ○ Encoding ○ 2 Way / Reversible ○ Putting a lock on a box● Hashing ○ Signing ○ 1 Way / Non-Reversible ○ Taking a persons finger-print
  • Encryption
  • Seriously,Dont Do It!
  • Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
  • Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key
  • Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
  • Symmetric Encryption 101● Number: 01Scratch That● Numbers: 01 04 01 54 95 42 64 12
  • Symmetric Encryption 101 Lets Add A "Secret" Number!01 04 01 54 95 42 64 12+1011 14 11 64 05 52 74 22
  • Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
  • Symmetric Encryption 101 I Know: Lets Add A Different Number!01 04 01 54 95 42 64 12+10 43 21 95 42 67 31 8311 47 22 49 37 09 95 95
  • How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
  • Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
  • Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
  • ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
  • ECB
  • CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
  • CBC
  • CFBCipher FeedBack● Uses an "Initialization Vector"● Plain-Text never enters cipher ○ Does not need to be padded● "Decrypt" Is Never Used● Secure!
  • CFB
  • Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
  • AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
  • All Together Now!
  • Encrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$plain = This is plain text that I am going to encrypt;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$iv = mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM);$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $plain, MCRYPT_MODE_CFB, $iv);$auth = hash_hmac(sha512, $cipherText, $authKey, true);$encrypted = base64_encode($iv . $cipherText . $auth);
  • Decrypt$key = xxxxxxxxxxxxxxxx;$authKey = XXXXXXXXXXXXXX;$size = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB);$encrypted = base64_decode($encrypted);$iv = substr($encrypted, 0, $size);$auth = substr($encrypted, -64);$cipherText = substr($encrypted, $size, -64);if ($auth != hash_hmac(sha512, $cipherText, $authKey, true)) { // Auth Failed!!! return false;}$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $cipherText, MCRYPT_MODE_CFB, $iv);
  • Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
  • If you MUST,Use a Library
  • Common Encryption Needs● Between Client / Server ○ Use SSL ○ Really, just use SSL ○ Im not kidding, just use SSL● Storage ○ Use disk encryption ○ Use database encryption
  • Really,Dont Do It!
  • Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
  • Learn More● Coursera <-- FREE!!! ○ Cryptography 1 ○ Cryptography 2
  • Password Storage
  • Passwords Should Be HASHED!Not Encrypted!
  • Password Hashes● Use A Salt ○ Defeats Rainbow Tables ○ Makes Each Hash a "Proof Of Work" ○ Should be random! ■ Strong Randomness● Should Be SLOW! ○ Salt is not enough
  • Brute Forcing25 GPU Cluster- md5: 180 Billion per second- < $50,0006 char passwords: 4 seconds7 char passwords: 6 minutes8 char passwords: 10 hoursEntire English Language: microseconds"LEET" Permutations: 0.7 seconds
  • Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
  • Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
  • SimplifiedPassword Hashing
  • New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash
  • Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
  • Hashing Resources● PHP 5.5 API ○ wiki.php.net/rfc/password_hash ○ php.net/password● Password Compat ○ PHP 5.5 Compatibility ○ github/ircmaxell/password_compat● PasswordLib ○ 5.3+, Multiple Algorithms, Portable ○ github/ircmaxell/PHP-PasswordLib● PHPASS ○ PHP 4+ ○ openwall.com/phpass
  • Seriously,Hire an Expert!
  • You Have Been Warned
  • Anthony Ferrara joind.in/8027 @ircmaxellblog.ircmaxell.comme@ircmaxell.comyoutube.com/ircmaxell