Encryption: It's For More Than Just Password - tek13
Upcoming SlideShare
Loading in...5
×
 

Encryption: It's For More Than Just Password - tek13

on

  • 3,088 views

This presentation was given at php|tek13. It covers today's best practices for password hashing, and encryption techniques.

This presentation was given at php|tek13. It covers today's best practices for password hashing, and encryption techniques.

Statistics

Views

Total Views
3,088
Views on SlideShare
1,720
Embed Views
1,368

Actions

Likes
1
Downloads
35
Comments
0

10 Embeds 1,368

http://shocm.me 749
http://www.shocm.com 473
http://flavors.me 52
http://shocm.github.io 41
http://shocm-octopress.dev 15
http://librosweb.es 15
http://shocm.tumblr.com 11
http://www.sdphp.org 10
http://www.365dailyjournal.com 1
https://twitter.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Encryption: It's For More Than Just Password - tek13 Encryption: It's For More Than Just Password - tek13 Presentation Transcript

  • ENCRYPTIONIt’s For MoreThan Just Passwords1Thursday, May 16, 13
  • JOHN CONGDON2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 20032Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer•Sr PHP Developer for Networx Online2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer•Sr PHP Developer for Networx Online•PhoneBurner.com2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer•Sr PHP Developer for Networx Online•PhoneBurner.com•MeetingBurner.com2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer•Sr PHP Developer for Networx Online•PhoneBurner.com•MeetingBurner.com•FaxBurner.com2Thursday, May 16, 13
  • JOHN CONGDON•PHP Developer Since 2003•SDPHP User Group Organizer•Sr PHP Developer for Networx Online•PhoneBurner.com•MeetingBurner.com•FaxBurner.com•I Am Not A Cryptographer2Thursday, May 16, 13
  • HashingEncryptionToday’s Discussion Points3Thursday, May 16, 13
  • Plain Text$username = $_POST[‘username’];$password = $_POST[‘password’];$user = getUserByUserName($username);if ($user->password == $password) {$valid = true;} else {$valid = false;}4Thursday, May 16, 13
  • Plain Text: VulnerabilitiesSQL-Injection gives you every users password5Thursday, May 16, 13
  • Cryptographic Hashing6Thursday, May 16, 13
  • Cryptographic HashingWikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data andreturns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with veryhigh probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes calledthe message digest or simply digest.6Thursday, May 16, 13
  • Cryptographic HashingWikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data andreturns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with veryhigh probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes calledthe message digest or simply digest.HASH“message” “digest”6Thursday, May 16, 13
  • Cryptographic HashingWikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data andreturns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with veryhigh probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes calledthe message digest or simply digest.HASH“message” “digest”“unicorn” “1abcb33beeb811dca15f0ac3e47b88d9”6Thursday, May 16, 13
  • Cryptographic Hashing: One Way7Thursday, May 16, 13
  • Cryptographic Hashing: One WayHASH“message” “digest”“unicorn” “1abcb33beeb811dca15f0ac3e47b88d9”7Thursday, May 16, 13
  • Cryptographic Hashing: One WayHASH“message” “digest”“unicorn” “1abcb33beeb811dca15f0ac3e47b88d9”7Thursday, May 16, 13
  • Cryptographic Hashing: Algorithms<?phpprint_r(hash_algos());?>Array([0] => md2[1] => md4[2] => md5[3] => sha1[4] => sha224[5] => sha256[6] => sha384[7] => sha512[8] => ripemd128[9] => ripemd160[10] => ripemd256[11] => ripemd320[12] => whirlpool[13] => tiger128,3[14] => tiger160,3[15] => tiger192,3[16] => tiger128,4[17] => tiger160,4[18] => tiger192,4[19] => snefru[20] => snefru256[21] => gost[22] => adler32[23] => crc32[24] => crc32b[25] => salsa10[26] => salsa20[27] => haval128,3[28] => haval160,3[29] => haval192,3[30] => haval224,3[31] => haval256,3[32] => haval128,4[33] => haval160,4[34] => haval192,4[35] => haval224,4[36] => haval256,4[37] => haval128,5[38] => haval160,5[39] => haval192,5[40] => haval224,5[41] => haval256,5)8Thursday, May 16, 13
  • Cryptographic Hashing: VulnerabilitiesSQL-Injection gives you every users hashed password9Thursday, May 16, 13
  • Cryptographic Hashing: Vulnerabilities10Thursday, May 16, 13
  • Rainbow Table Example: Searched for a Hash11Thursday, May 16, 13
  • Rainbow Table Example: Searched for a Hash11Thursday, May 16, 13
  • Cryptographic Hashing: Vulnerabilities12Thursday, May 16, 13
  • Salting Cryptographic Hashes13Thursday, May 16, 13
  • Salting Cryptographic HashesWikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function thathashes a password or passphrase.A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated andprocessed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the saltin a database.13Thursday, May 16, 13
  • Salting Cryptographic HashesWikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function thathashes a password or passphrase.A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated andprocessed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the saltin a database.$hash = md5(‘RAND_SALT’ . $_POST[‘password’]);13Thursday, May 16, 13
  • Salting Cryptographic HashesWikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function thathashes a password or passphrase.A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated andprocessed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the saltin a database.$hash = md5(‘RAND_SALT’ . $_POST[‘password’]);RAND_SALT must come from a cryptographically secure source.Not From (rand, mt_rand, or uniqid)Use (/dev/urandom, mcrypt, openssl)13Thursday, May 16, 13
  • Today’s Best Practice: BCrypt14Thursday, May 16, 13
  • Today’s Best Practice: BCrypt•Slower by design14Thursday, May 16, 13
  • Today’s Best Practice: BCrypt•Slower by design•Configurable to help withstand the test of time (cost param)14Thursday, May 16, 13
  • Today’s Best Practice: BCrypt•Slower by design•Configurable to help withstand the test of time (cost param)•Should be configured to take 0.25 to 0.50 a second14Thursday, May 16, 13
  • Today’s Best Practice: BCrypt•Slower by design•Configurable to help withstand the test of time (cost param)•Should be configured to take 0.25 to 0.50 a second•Start with a cost of 10, use higher if possible14Thursday, May 16, 13
  • PHP 5.5 Password Hashing APIhttp://www.php.net/manual/en/ref.password.php15Thursday, May 16, 13
  • PHP 5.5 Password Hashing APIhttp://www.php.net/manual/en/ref.password.php16Thursday, May 16, 13
  • PHP 5.5 Password Hashing APIhttp://www.php.net/manual/en/ref.password.phparray password_get_info(string $hash)Returns 3 elementsalgorithm: Constant valuealgoName: bcryptoptions: the options provided to password_hashArray([algo] => 1[algoName] => bcrypt[options] => Array([cost] => 11))17Thursday, May 16, 13
  • PHP 5.5 Password Hashing APIhttp://www.php.net/manual/en/ref.password.phpboolean password_needs_rehash ( string $hash , string $algo [, string $options ] )Assuming password_verify was successful above:if (password_needs_rehash($hash,PASSWORD_DEFAULT,$options)) {$user->password = password_hash($password....);$user->update();}18Thursday, May 16, 13
  • I Lied: PHP >= 5.3.7 Password Hashing APIhttps://github.com/ircmaxell/password_compatA forward compatible password API implementation that will workuntil you are ready to upgrade to 5.5. This will work for all versionsof PHP that has the $2y fix.Upgrading to 5.5 will not break your current code if you use thislibrary.19Thursday, May 16, 13
  • Example: Creating a user<?phprequire password.php;$hash = password_hash($_POST[‘password’],PASSWORD_DEFAULT);if ($hash === false) {//handle this error case somehow...}$user = Model_User::createNewUser($_POST[‘username’]);$user->setPassword($hash);$user->update(); 20Thursday, May 16, 13
  • Example: Logging a user in<?phprequire password.php;$user = Model_User::getUserByUserName($_POST[‘username’]);if (password_verify($_POST[‘password’], $user->password)) {return true;} else {die(“Invalid credentials”);}21Thursday, May 16, 13
  • Example: Logging a user in and checking for rehash...$user = Model_User::getUserByUserName($_POST[‘username’]);if (password_verify($_POST[‘password’], $user->password)) {if (password_needs_rehash($user->password,$algo, $options)) {$hash = password_hash($_POST[‘password’],PASSWORD_DEFAULT, $options);$user->setPassword($hash);$user->update();}...22Thursday, May 16, 13
  • http://blog.ircmaxell.com/2013/01/password-storage-talk-at-php-benelux-13.htmlWant More? Get Statistics HereOne of my favorite data points from Anthony’s slides23Thursday, May 16, 13
  • Questions onPassword Hashing?24Thursday, May 16, 13
  • More Than Just Passwords25Thursday, May 16, 13
  • More Than Just PasswordsWe may store more sensitive data than just passwords.25Thursday, May 16, 13
  • More Than Just PasswordsWe may store more sensitive data than just passwords.Passwords are easy, we don’t care about the original value.25Thursday, May 16, 13
  • More Than Just PasswordsWe may store more sensitive data than just passwords.Passwords are easy, we don’t care about the original value.Decryption makes original value usable by us.25Thursday, May 16, 13
  • More Than Just PasswordsWe may store more sensitive data than just passwords.Passwords are easy, we don’t care about the original value.Decryption makes original value usable by us.•Credit Card Info•Social Security Numbers•Date of Birth•Personally Identifiable Information25Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!26Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!Clarification:Avoid keeping any data that you need to encrypt.26Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!Clarification:Avoid keeping any data that you need to encrypt.Before deciding to keep any of this information, ask yourself why you need it.26Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!Clarification:Avoid keeping any data that you need to encrypt.Before deciding to keep any of this information, ask yourself why you need it.Is the risk of potentially leaking this information worth the reward?26Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!Clarification:Avoid keeping any data that you need to encrypt.Before deciding to keep any of this information, ask yourself why you need it.Is the risk of potentially leaking this information worth the reward?Are there alternative solutions?26Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!Clarification:Avoid keeping any data that you need to encrypt.Before deciding to keep any of this information, ask yourself why you need it.Is the risk of potentially leaking this information worth the reward?Are there alternative solutions?Example: Credit card companies usually offer a token solution.26Thursday, May 16, 13
  • Symmetric vs Asymmetric27Thursday, May 16, 13
  • Symmetric vs AsymmetricSymmetricOnly one shared keySame key encrypts and decryptsEasiest to understand27Thursday, May 16, 13
  • Symmetric vs AsymmetricSymmetricOnly one shared keySame key encrypts and decryptsEasiest to understandAsymmetricTwo keys (Public & Private)Encryption/DecryptionPublic key encryptsPrivate key decryptsSigning/VerifyingPrivate key signsPublic key verifies27Thursday, May 16, 13
  • Common Asymmetric UsesSSH KeysHTTPS / SSLPGP: Pretty Good PrivacyEmailFilesReally any message28Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)• Avoid ECB (Electronic Code Book)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)• Avoid ECB (Electronic Code Book)• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)• Avoid ECB (Electronic Code Book)• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)• InitializationVectors29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)• Avoid ECB (Electronic Code Book)• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)• InitializationVectors• Similar to SALT in hashing (It’s not a secret)29Thursday, May 16, 13
  • Keys, Ciphers, Modes, and Initialization Vectors Oh My!• Keys, should be easy to understand (KEEP IT SECRET)• Ciphers• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)• Modes• Determines how the key stream is used (never cross them)• Avoid ECB (Electronic Code Book)• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)• InitializationVectors• Similar to SALT in hashing (It’s not a secret)• Must be random per encrypted text29Thursday, May 16, 13
  • Example: Encrypt using crypt$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;$message = ‘My Credit Card Number is 4123123412341234’;$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH,MCRYPT_MODE_CBC);$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);$cipher = mcrypt_encrypt(MCRYPT_BLOWFISH,$crypt_key,$message,MCRYPT_MODE_CBC,$iv);30Thursday, May 16, 13
  • HMAC: Hash-based Message Authentication CodeUsing a separate key, this will give us a signature letting us knowthat the data has not been tampered with.When Encrypting:Always encrypt first, and then get signature of the CipherText.Store it with your InitializationVector and CipherText.When Decrypting:Always verify signature first, and then decrypt if matched.31Thursday, May 16, 13
  • Example: Using HMAC$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;$hmac = hash_hmac(‘sha512’, $cipher_text, $hmac_key);//Store it with your encrypted data$encrypted = base64_encode($iv . $cipher . $hmac);32Thursday, May 16, 13
  • Example: Decrypt using HMAC and crypt$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH,MCRYPT_MODE_CBC);$encrypted = base64_decode($encrypted);$iv = substr($encrypted, 0, $iv_size);$hmac = substr($encrypted, -64);$cipher = substr($encrypted, $iv_size, -64);if ($hmac != hash_hmac(‘sha512’, $cipher, $hmac_key)) { return false; }$message = mcrypt_decrypt(MCRYPT_BLOWFISH,$crypt_key,$cipher,MCRYPT_MODE_CBC,$iv);33Thursday, May 16, 13
  • Use a Libraryhttp://phpseclib.sourceforge.net/They’ve done the hard parts, save yourself the headache and just use it.It’s even PHP4+ compatible, so no excuses.34Thursday, May 16, 13
  • Example: Using phpseclib35Thursday, May 16, 13
  • Example: Using phpseclib$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;$message = ‘My Credit Card Number is 4123123412341234’;require ‘Crypt/DES.php’;require ‘Crypt/Hash.php’;$des = new Crypt_DES();$des->setKey($crypt_key);$cipher = $des->encrypt($message);$hash = new Crypt_Hash(‘sha512’);$hash->setKey($hmac_key);$hmac = bin2hex($hash->hash($cipher));35Thursday, May 16, 13
  • Example: Using phpseclib$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;$message = ‘My Credit Card Number is 4123123412341234’;require ‘Crypt/DES.php’;require ‘Crypt/Hash.php’;$des = new Crypt_DES();$des->setKey($crypt_key);$cipher = $des->encrypt($message);$hash = new Crypt_Hash(‘sha512’);$hash->setKey($hmac_key);$hmac = bin2hex($hash->hash($cipher));require ‘Crypt/DES.php’;require ‘Crypt/Hash.php’;$hash = new Crypt_Hash(‘sha512’);$hash->setKey($hmac_key);$verify_hmac = bin2hex($hash->hash($ciphif ($verify_hmac == $hmac) {$des = new Crypt_DES();$des->setKey($crypt_key);$message = $des->decrypt($cipher);}35Thursday, May 16, 13
  • Encryption !== ProtectionData obtained through SQL Injection attacks or other nonsystem penetration attacks should be relatively secure.For us to encrypt/decrypt, we must have access to the key.Therefore, any breach of system security, will disclose the key tothe attacker, leaving ALL encryption useless.Apache environment variable, memory, config files, passwordentered during system startup, do not keep the key private.36Thursday, May 16, 13
  • AVOID ENCRYPTION AT ALL COSTS!There is no such thing as 100% secure.37Thursday, May 16, 13
  • Other Things To Consider38Thursday, May 16, 13
  • Other Things To Consider•Encrypt / decrypt on a separate server.38Thursday, May 16, 13
  • Other Things To Consider•Encrypt / decrypt on a separate server.•More overhead and complexity.38Thursday, May 16, 13
  • Other Things To Consider•Encrypt / decrypt on a separate server.•More overhead and complexity.•Any server breach can still decrypt data.38Thursday, May 16, 13
  • Other Things To Consider•Encrypt / decrypt on a separate server.•More overhead and complexity.•Any server breach can still decrypt data.•With enough thought and monitoring, you can kill thedecryption server to limit the damage done.38Thursday, May 16, 13
  • Other Things To Consider•Encrypt / decrypt on a separate server.•More overhead and complexity.•Any server breach can still decrypt data.•With enough thought and monitoring, you can kill thedecryption server to limit the damage done.•Think about restricting requests per second38Thursday, May 16, 13
  • Other Things To ConsiderParanoid about password safety? Consider encrypting the hash.Renders SQL-Injection and rainbow tables/brute force useless.•Encrypt / decrypt on a separate server.•More overhead and complexity.•Any server breach can still decrypt data.•With enough thought and monitoring, you can kill thedecryption server to limit the damage done.•Think about restricting requests per second38Thursday, May 16, 13
  • CreditsI’ve learned a lot while preparing this presentation.Thanks especially to Anthony Ferrara (@ircmaxell)http://blog.ircmaxell.com39Thursday, May 16, 13
  • Questions?40Thursday, May 16, 13
  • JOHN CONGDONPLEASE RATE ON JOIND.INhttps://joind.in/817941Thursday, May 16, 13
  • JOHN CONGDON•twitter: @johncongdonPLEASE RATE ON JOIND.INhttps://joind.in/817941Thursday, May 16, 13
  • JOHN CONGDON•twitter: @johncongdon•email: john@johncongdon.comPLEASE RATE ON JOIND.INhttps://joind.in/817941Thursday, May 16, 13
  • JOHN CONGDON•twitter: @johncongdon•email: john@johncongdon.com•irc: freednode.net (#sdphp)PLEASE RATE ON JOIND.INhttps://joind.in/817941Thursday, May 16, 13