Alice & Bob              Public key cryptography 101              Mail.ru techforum - 24 april 2012              Moskow - ...
Joshua Thijssen / Netherlands          Freelance consultant, developer and          trainer @ NoxLogic / Techademy        ...
An introduction into public key cryptography                                                        3vrijdag 20 april 12
Without this there would be                      no internet as we know today                                  (really)   ...
5vrijdag 20 april 12
Meet Alice,                                    5vrijdag 20 april 12
Meet Alice,                                    Hi Bob!   and Bob.                                                         ...
“bad” encryption algorithmshttp://www.flickr.com/photos/dpwk/1714014449/in/pool-1621478@N23/   6vrijdag 20 april 12
“algorithm”:                      A = 1, B = 2, C = 3, ...., Z = 26      ‣ SUBSTITUTION SCHEME                            ...
“algorithm”:                      A = 1, B = 2, C = 3, ...., Z = 26                               ciphertext:             ...
“algorithm”:                      A = 1, B = 2, C = 3, ...., Z = 26                               ciphertext:             ...
‣ SUBSTITUTION SCHEME   8vrijdag 20 april 12
ciphertext:                                    ‣ SUBSTITUTION SCHEME                  8vrijdag 20 april 12
ciphertext:                                                                  =                         WINGDINGS ...
“algorithm”:                                                                c = m + k mod 26     ‣ CAESARIAN CIPHER or CAE...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
“algorithm”:                                                                c = m + k mod 26               Message: C O D ...
‣ FLAWS IN THESE CIPHERS                                  10vrijdag 20 april 12
➡ Key is too easy to guess.       ‣ FLAWS IN THESE CIPHERS                                                    10vrijdag 20...
➡ Key is too easy to guess.                      ➡ Key has to be send to Bob.       ‣ FLAWS IN THESE CIPHERS              ...
➡ Key is too easy to guess.                      ➡ Key has to be send to Bob.                      ➡ Deterministic.       ...
➡ Key is too easy to guess.                      ➡ Key has to be send to Bob.                      ➡ Deterministic.       ...
11vrijdag 20 april 12
➡ The usage of every letter in the English (or                        any other language) can be represented by           ...
➡ The usage of every letter in the English (or                        any other language) can be represented by           ...
➡ The usage of every letter in the English (or                        any other language) can be represented by           ...
Once upon a midnight dreary, while I pondered, weak and weary,         Over many a quaint and curious volume of forgotten ...
A small bit of text can result in differences, but still there are                   some letters we can deduce.. ‣ “THE R...
We can deduce almost all letters just without even CARING              about the crypto algorithm used.   ‣ “THE RAVEN”, A...
‣ FLAWS IN THESE CIPHERS                                  15vrijdag 20 april 12
➡ Determinism and the ability to use                        frequency analysis are “bad things”       ‣ FLAWS IN THESE CIP...
‣ SYMMETRICAL ALGORITHMS   16vrijdag 20 april 12
➡ Previous examples were symmetrical encryptions.   ‣ SYMMETRICAL ALGORITHMS                               16vrijdag 20 ap...
➡ Previous examples were symmetrical encryptions.      ➡ Same key is used for both encryption and decryption.   ‣ SYMMETRI...
➡ Previous examples were symmetrical encryptions.      ➡ Same key is used for both encryption and decryption.      ➡ Good ...
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS   17vrijdag 20 april 12
How does Alice send over the key securely                           to Bob? Everybody’s listening!    ‣ THE PROBLEM WITH S...
Another encryption system:            Asymmetrical encryption or public key encryption.                                   ...
Two keys instead of one:                      public key - available for everybody.                        Can be publishe...
‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR                                                                               20ht...
It is NOT possible to decrypt the message                         with same key that is used to encrypt.                  ...
Encrypt with public key:           - only private key (thus Alice) can decrypt.           - message is only for Alice = en...
Encrypt with public key:           - only private key (thus Alice) can decrypt.           - message is only for Alice = en...
Symmetrical                   Asymmetrical                      ✓   quick.                    ✓ no need to send over the  ...
Use symmetrical encryption for the (large) message                        and encrypt the key used with an asymmetrical   ...
Hybrid                ✓     quick                ✓     not resource intensive                ✓     useful for small and la...
Hybrid                ✓     quick                ✓     not resource intensive                ✓     useful for small and la...
But how does it work?                                              26vrijdag 20 april 12
RSA                            27vrijdag 20 april 12
RSA                      Ron Rivest, Adi Shamir, Leonard Adleman                                                          ...
RSA                      Ron Rivest, Adi Shamir, Leonard Adleman                                       1978               ...
RSA                      Ron Rivest, Adi Shamir, Leonard Adleman                                       1978               ...
Public key encryption works on the premise that it              is practically impossible to refactor a large number      ...
Public key encryption works on the premise that it              is practically impossible to refactor a large number      ...
29vrijdag 20 april 12
“large” number: 221                                            29vrijdag 20 april 12
“large” number: 221                         but we cannot calculate its                      prime factors without brute f...
“large” number: 221                         but we cannot calculate its                      prime factors without brute f...
30vrijdag 20 april 12
➡ There is no proof that it’s impossible to refactor                      quickly (all tough it doesn’t look plausible)   ...
➡ There is no proof that it’s impossible to refactor                      quickly (all tough it doesn’t look plausible)   ...
The math                      behind the curtain                                           31vrijdag 20 april 12
32vrijdag 20 april 12
➡ p = (large) prime number                                               32vrijdag 20 april 12
➡ p = (large) prime number                  ➡ q = (large) prime number   (but not too close to p)                         ...
➡ p = (large) prime number                  ➡ q = (large) prime number             (but not too close to p)               ...
➡ p = (large) prime number                  ➡ q = (large) prime number             (but not too close to p)               ...
➡ p = (large) prime number                  ➡ q = (large) prime number             (but not too close to p)               ...
➡ p = (large) prime number                  ➡ q = (large) prime number              (but not too close to p)              ...
Step 1: select primes P and Q    ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?   33vrijdag 20 april 12
Step 1: select primes P and Q                      ‣ P = 11    ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?   33vrijd...
Step 1: select primes P and Q                      ‣ P = 11                      ‣ Q=3    ‣ P = ? | Q = ? | N = ? | Phi = ...
Step 2: calculate N and Phi   ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?   34vrijdag 20 april 12
Step 2: calculate N and Phi                      ➡ N = P . Q = 11 . 3 = 33   ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | ...
Step 2: calculate N and Phi                      ➡ N = P . Q = 11 . 3 = 33                      ➡ φ = (11-1) . (3-1) = 10 ...
Step 2: calculate N and Phi                      ➡ N = P . Q = 11 . 3 = 33                      ➡ φ = (11-1) . (3-1) = 10 ...
Step 2: calculate N and Phi                      ➡ N = P . Q = 11 . 3 = 33                      ➡ φ = (11-1) . (3-1) = 10 ...
Step 3: find e   ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?   35vrijdag 20 april 12
Step 3: find e                      ‣ e=3   ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?   35vrijdag 20 april 12
Step 3: find e                      ‣ e=3                      ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1   ‣ P = 11 | Q = 3 | N = ...
Step 3: find e                      ‣ e=3                      ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1                          ...
Step 3: find e                      ‣ e=3                      ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1                          ...
Step 4: find d   ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?   36vrijdag 20 april 12
Step 4: find d                      ‣ Extended Euclidean Algorithm gives 7   ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 |...
Step 4: find d                      ‣ Extended Euclidean Algorithm gives 7                      ‣ brute force: (e.d mod φ =...
Step 4: find d                      ‣ Extended Euclidean Algorithm gives 7                      ‣ brute force: (e.d mod φ =...
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7   37vrijdag 20 april 12
That’s it:                       ➡ public key = (n, e) = (33, 3)                       ➡ private key = (n, d) = (33, 7)   ...
The actual math is much more complex since                   we use very large numbers, but it all comes                  ...
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key                                                           ...
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key             Private-Key: (256 bit)             modulus:   ...
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key             Private-Key: (256 bit)             modulus:   ...
Encrypting a message:                         c = me mod n                      Decrypting a message:                     ...
Encrypting a message: private key = (n,d) = (33, 7):                      Decrypting a message: public key = (n,e) = (33, ...
Encrypting a message: private key = (n,d) = (33, 7):                      Decrypting a message: public key = (n,e) = (33, ...
42vrijdag 20 april 12
➡ A message is an “integer”                                                    42vrijdag 20 april 12
➡ A message is an “integer”                      ➡ A message must be between 2 and n-1.                                   ...
➡ A message is an “integer”                      ➡ A message must be between 2 and n-1.                      ➡ Determinist...
43vrijdag 20 april 12
➡ Public Key Cryptography Standard #1                                                              43vrijdag 20 april 12
➡ Public Key Cryptography Standard #1                      ➡ Pads data with (random) bytes up to n bits                   ...
➡ Public Key Cryptography Standard #1                      ➡ Pads data with (random) bytes up to n bits                   ...
Data = 4E636AF98E40F3ADCFCCB698F4E80B9F                      The encoded message block, EMB, after encoding but before enc...
Practical applications of PKE                                                      45vrijdag 20 april 12
HTTPS                              46vrijdag 20 april 12
HTTPS           ➡ HTTP encapsulated by TLS (previously SSL).                                                          46vr...
HTTPS           ➡ HTTP encapsulated by TLS (previously SSL).           ➡ More or less: an encryption layer on top of http....
HTTPS           ➡ HTTP encapsulated by TLS (previously SSL).           ➡ More or less: an encryption layer on top of http....
HTTPS           ➡ HTTP encapsulated by TLS (previously SSL).           ➡ More or less: an encryption layer on top of http....
jthijssen@debian-jth:~$ openssl x509 -text -noout -in github.pem              Certificate:                  Data:         ...
HTTPS                              48vrijdag 20 april 12
HTTPS                 ➡ Browser sends over its encryption methods.                                                        ...
HTTPS                 ➡ Browser sends over its encryption methods.                 ➡ Server decides which one to use.     ...
HTTPS                 ➡ Browser sends over its encryption methods.                 ➡ Server decides which one to use.     ...
HTTPS                 ➡ Browser sends over its encryption methods.                 ➡ Server decides which one to use.     ...
HTTPS                 ➡ Browser sends over its encryption methods.                 ➡ Server decides which one to use.     ...
HTTPS                              49vrijdag 20 april 12
HTTPS          ➡ Thus: Public/private encryption is only used in            establishing a secondary (better!?) encryption...
HTTPS          ➡ Thus: Public/private encryption is only used in            establishing a secondary (better!?) encryption...
HTTPS          ➡ Thus: Public/private encryption is only used in            establishing a secondary (better!?) encryption...
http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpghttp://torontoemerg.files.wordpress.com/2010/09/spa...
51vrijdag 20 april 12
Questions:                                   52vrijdag 20 april 12
Questions:                      ➡ Did Bill really send this email?                                                        ...
Questions:                      ➡ Did Bill really send this email?                      ➡ Do we know for sure that nobody ...
Questions:                      ➡ Did Bill really send this email?                      ➡ Do we know for sure that nobody ...
Questions:                      ➡ Did Bill really send this email?                      ➡ Do we know for sure that nobody ...
Signing a message                                          53vrijdag 20 april 12
Signing a message                      ➡ Signing a message means adding a signature                        that authentica...
Signing a message                      ➡ Signing a message means adding a signature                        that authentica...
Signing a message                      ➡ Signing a message means adding a signature                        that authentica...
Signing a message http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg                54vrijdag 20 april 12
Introduction a pretty-good-privacy                                                           55vrijdag 20 april 12
Introduction a pretty-good-privacy                      ➡ GPG / PGP: Application for signing and/or                       ...
Introduction a pretty-good-privacy                      ➡ GPG / PGP: Application for signing and/or                       ...
Introduction a pretty-good-privacy                      ➡ GPG / PGP: Application for signing and/or                       ...
56vrijdag 20 april 12
‣ Everybody can send emails that ONLY YOU can read.                                                         56vrijdag 20 a...
‣ Everybody can send emails that ONLY YOU can read.       ‣ Everybody can verify that YOU have send the email         and ...
‣ Everybody can send emails that ONLY YOU can read.       ‣ Everybody can verify that YOU have send the email         and ...
‣ Everybody can send emails that ONLY YOU can read.       ‣ Everybody can verify that YOU have send the email         and ...
57vrijdag 20 april 12
SSH                            58vrijdag 20 april 12
SSH                      ➡ Public key authentication                                                    58vrijdag 20 april...
SSH                      ➡ Public key authentication                      ➡ Because you suck at creating and/or           ...
➡ Run ssh-keygen                      ➡ copy id_rsa.pub over to server’s ~/.ssh/                        authorized_keys   ...
➡ Domain Key Identified Mail                        (spam protection)                      ➡ BitCoin                      ➡...
Some words of wisdom:                             (free of charge)                                                61vrijda...
62vrijdag 20 april 12
➡ Don’t “invent” your own encryption. It will                        NOT be secure, and it WILL fail.                     ...
➡ Don’t “invent” your own encryption. It will                        NOT be secure, and it WILL fail.                     ...
➡ Don’t “invent” your own encryption. It will                        NOT be secure, and it WILL fail.                     ...
➡ Don’t “invent” your own encryption. It will                        NOT be secure, and it WILL fail.                     ...
➡ Don’t “invent” your own encryption. It will                        NOT be secure, and it WILL fail.                     ...
Questions? http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg                63vrijdag 20 april 12
Thank you                                    Find me on twitter: @jaytaph                               Find me on email: ...
Upcoming SlideShare
Loading in...5
×

Joshua thijissen 1 6_alice & bob- pkc 101

264
-1

Published on

Published in: Technology, Art & Photos
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
264
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Joshua thijissen 1 6_alice & bob- pkc 101

  1. 1. Alice & Bob Public key cryptography 101 Mail.ru techforum - 24 april 2012 Moskow - Russiavrijdag 20 april 12
  2. 2. Joshua Thijssen / Netherlands Freelance consultant, developer and trainer @ NoxLogic / Techademy Development in PHP, Python, Perl, C, Java.... Blog: http://adayinthelifeof.nl Email: jthijssen@noxlogic.nl Twitter: @jaytaph 2vrijdag 20 april 12
  3. 3. An introduction into public key cryptography 3vrijdag 20 april 12
  4. 4. Without this there would be no internet as we know today (really) 4vrijdag 20 april 12
  5. 5. 5vrijdag 20 april 12
  6. 6. Meet Alice, 5vrijdag 20 april 12
  7. 7. Meet Alice, Hi Bob! and Bob. Hello Alice! 5vrijdag 20 april 12
  8. 8. “bad” encryption algorithmshttp://www.flickr.com/photos/dpwk/1714014449/in/pool-1621478@N23/ 6vrijdag 20 april 12
  9. 9. “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME 7vrijdag 20 april 12
  10. 10. “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ciphertext: 19, 5, 3, 18, 5, 20 ‣ SUBSTITUTION SCHEME 7vrijdag 20 april 12
  11. 11. “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ciphertext: 19, 5, 3, 18, 5, 20 = S E C R E T ‣ SUBSTITUTION SCHEME 7vrijdag 20 april 12
  12. 12. ‣ SUBSTITUTION SCHEME 8vrijdag 20 april 12
  13. 13. ciphertext:  ‣ SUBSTITUTION SCHEME 8vrijdag 20 april 12
  14. 14. ciphertext:  = WINGDINGS ‣ SUBSTITUTION SCHEME 8vrijdag 20 april 12
  15. 15. “algorithm”: c = m + k mod 26 ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  16. 16. “algorithm”: c = m + k mod 26 Message: C O D E ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  17. 17. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): DPEF ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  18. 18. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): DPEF Ciphertext (key=2): EQFG ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  19. 19. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  20. 20. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  21. 21. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E Ciphertext (key=2): E Q F G Ciphertext (key=26): C O D E Ciphertext (key=-1): B M C D ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  22. 22. “algorithm”: c = m + k mod 26 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E Ciphertext (key=2): E Q F G Ciphertext (key=26): C O D E Ciphertext (key=-1): B M C D Ciphertext (key=52): C O D E ‣ CAESARIAN CIPHER or CAESARIAN SHIFThttp://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg 9vrijdag 20 april 12
  23. 23. ‣ FLAWS IN THESE CIPHERS 10vrijdag 20 april 12
  24. 24. ➡ Key is too easy to guess. ‣ FLAWS IN THESE CIPHERS 10vrijdag 20 april 12
  25. 25. ➡ Key is too easy to guess. ➡ Key has to be send to Bob. ‣ FLAWS IN THESE CIPHERS 10vrijdag 20 april 12
  26. 26. ➡ Key is too easy to guess. ➡ Key has to be send to Bob. ➡ Deterministic. ‣ FLAWS IN THESE CIPHERS 10vrijdag 20 april 12
  27. 27. ➡ Key is too easy to guess. ➡ Key has to be send to Bob. ➡ Deterministic. ➡ Prone to frequency analysis. ‣ FLAWS IN THESE CIPHERS 10vrijdag 20 april 12
  28. 28. 11vrijdag 20 april 12
  29. 29. ➡ The usage of every letter in the English (or any other language) can be represented by a percentage. 11vrijdag 20 april 12
  30. 30. ➡ The usage of every letter in the English (or any other language) can be represented by a percentage. ➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. 11vrijdag 20 april 12
  31. 31. ➡ The usage of every letter in the English (or any other language) can be represented by a percentage. ➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. ➡ ‘O’ is used 11.07% of the times in russian texts, the ‘Ъ’ only 0.02%. 11vrijdag 20 april 12
  32. 32. Once upon a midnight dreary, while I pondered, weak and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more."http://www.gutenberg.org/cache/epub/14082/pg14082.txt 12vrijdag 20 april 12
  33. 33. A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH 13vrijdag 20 april 12
  34. 34. We can deduce almost all letters just without even CARING about the crypto algorithm used. ‣ “THE RAVEN”, ALL PARAGRAPHS 14vrijdag 20 april 12
  35. 35. ‣ FLAWS IN THESE CIPHERS 15vrijdag 20 april 12
  36. 36. ➡ Determinism and the ability to use frequency analysis are “bad things” ‣ FLAWS IN THESE CIPHERS 15vrijdag 20 april 12
  37. 37. ‣ SYMMETRICAL ALGORITHMS 16vrijdag 20 april 12
  38. 38. ➡ Previous examples were symmetrical encryptions. ‣ SYMMETRICAL ALGORITHMS 16vrijdag 20 april 12
  39. 39. ➡ Previous examples were symmetrical encryptions. ➡ Same key is used for both encryption and decryption. ‣ SYMMETRICAL ALGORITHMS 16vrijdag 20 april 12
  40. 40. ➡ Previous examples were symmetrical encryptions. ➡ Same key is used for both encryption and decryption. ➡ Good symmetrical encryptions: AES, Blowfish, (3)DES ‣ SYMMETRICAL ALGORITHMS 16vrijdag 20 april 12
  41. 41. ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17vrijdag 20 april 12
  42. 42. How does Alice send over the key securely to Bob? Everybody’s listening! ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17vrijdag 20 april 12
  43. 43. Another encryption system: Asymmetrical encryption or public key encryption. 18vrijdag 20 april 12
  44. 44. Two keys instead of one: public key - available for everybody. Can be published on your blog. private key - For your eyes only! 19vrijdag 20 april 12
  45. 45. ‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR 20http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svgvrijdag 20 april 12
  46. 46. It is NOT possible to decrypt the message with same key that is used to encrypt. 21vrijdag 20 april 12
  47. 47. Encrypt with public key: - only private key (thus Alice) can decrypt. - message is only for Alice = encryption 22vrijdag 20 april 12
  48. 48. Encrypt with public key: - only private key (thus Alice) can decrypt. - message is only for Alice = encryption Encrypt with private key: - only public key can decrypt. - message is guaranteed coming for Alice = signing 22vrijdag 20 april 12
  49. 49. Symmetrical Asymmetrical ✓ quick. ✓ no need to send over the ✓ not resource intensive. (whole) key. ✓useful for small and large ✓ can be used for encryption messages. and validation (signing). ✗ need to send over the key ✗ very resource intensive. to the other side. ✗ only useful for small messages. 23vrijdag 20 april 12
  50. 50. Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical encryption method. 24vrijdag 20 april 12
  51. 51. Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data 25vrijdag 20 april 12
  52. 52. Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data + http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg 25vrijdag 20 april 12
  53. 53. But how does it work? 26vrijdag 20 april 12
  54. 54. RSA 27vrijdag 20 april 12
  55. 55. RSA Ron Rivest, Adi Shamir, Leonard Adleman 27vrijdag 20 april 12
  56. 56. RSA Ron Rivest, Adi Shamir, Leonard Adleman 1978 27vrijdag 20 april 12
  57. 57. RSA Ron Rivest, Adi Shamir, Leonard Adleman 1978 Pierre de Fermat, Leonard Euler 17th - 18th century 27vrijdag 20 april 12
  58. 58. Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers 28vrijdag 20 april 12
  59. 59. Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc... 28vrijdag 20 april 12
  60. 60. 29vrijdag 20 april 12
  61. 61. “large” number: 221 29vrijdag 20 april 12
  62. 62. “large” number: 221 but we cannot calculate its prime factors without brute force. There is no “formula” (like e=mc2) 29vrijdag 20 april 12
  63. 63. “large” number: 221 but we cannot calculate its prime factors without brute force. There is no “formula” (like e=mc2) (13 and 17) 29vrijdag 20 april 12
  64. 64. 30vrijdag 20 april 12
  65. 65. ➡ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) 30vrijdag 20 april 12
  66. 66. ➡ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ➡ Brute-force decrypting is always lurking around (quicker machines, better algorithms). 30vrijdag 20 april 12
  67. 67. The math behind the curtain 31vrijdag 20 april 12
  68. 68. 32vrijdag 20 april 12
  69. 69. ➡ p = (large) prime number 32vrijdag 20 april 12
  70. 70. ➡ p = (large) prime number ➡ q = (large) prime number (but not too close to p) 32vrijdag 20 april 12
  71. 71. ➡ p = (large) prime number ➡ q = (large) prime number (but not too close to p) ➡ n = p .q (bit length of the RSA key) 32vrijdag 20 april 12
  72. 72. ➡ p = (large) prime number ➡ q = (large) prime number (but not too close to p) ➡ n = p .q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) 32vrijdag 20 april 12
  73. 73. ➡ p = (large) prime number ➡ q = (large) prime number (but not too close to p) ➡ n = p .q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) ➡ e = gcd(e, φ) = 1 32vrijdag 20 april 12
  74. 74. ➡ p = (large) prime number ➡ q = (large) prime number (but not too close to p) ➡ n = p .q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) ➡ e = gcd(e, φ) = 1 ➡ d = (d . e) mod φ = 1 32vrijdag 20 april 12
  75. 75. Step 1: select primes P and Q ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33vrijdag 20 april 12
  76. 76. Step 1: select primes P and Q ‣ P = 11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33vrijdag 20 april 12
  77. 77. Step 1: select primes P and Q ‣ P = 11 ‣ Q=3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33vrijdag 20 april 12
  78. 78. Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34vrijdag 20 april 12
  79. 79. Step 2: calculate N and Phi ➡ N = P . Q = 11 . 3 = 33 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34vrijdag 20 april 12
  80. 80. Step 2: calculate N and Phi ➡ N = P . Q = 11 . 3 = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34vrijdag 20 april 12
  81. 81. Step 2: calculate N and Phi ➡ N = P . Q = 11 . 3 = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 33 decimal is 100001 in binary == 6 bit key ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34vrijdag 20 april 12
  82. 82. Step 2: calculate N and Phi ➡ N = P . Q = 11 . 3 = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 33 decimal is 100001 in binary == 6 bit key There are 20 co primes for 33 : φ(33) = 20 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34vrijdag 20 april 12
  83. 83. Step 3: find e ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35vrijdag 20 april 12
  84. 84. Step 3: find e ‣ e=3 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35vrijdag 20 april 12
  85. 85. Step 3: find e ‣ e=3 ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35vrijdag 20 april 12
  86. 86. Step 3: find e ‣ e=3 ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1 n 2 Fermat number: 2 + 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35vrijdag 20 april 12
  87. 87. Step 3: find e ‣ e=3 ‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1 n 2 Fermat number: 2 + 1 Fermat prime: Fermat that is prime: 3, 5, 17, 257, 65537 Study shows that 98.5% of the time 65537 is used ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35vrijdag 20 april 12
  88. 88. Step 4: find d ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36vrijdag 20 april 12
  89. 89. Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36vrijdag 20 april 12
  90. 90. Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod φ = 1) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36vrijdag 20 april 12
  91. 91. Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod φ = 1) 3 . 1 = 3 mod 20 = 3 3 . 6 = 18 mod 20 = 18 3 . 2 = 6 mod 20 = 6 3 . 7 = 21 mod 20 = 1 3 . 3 = 9 mod 20 = 9 3 . 8 = 24 mod 20 = 4 3 . 4 = 12 mod 20 = 12 3 . 9 = 27 mod 20 = 7 3 . 5 = 15 mod 20 = 15 3.10 = 30 mod 20 = 10 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36vrijdag 20 april 12
  92. 92. ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37vrijdag 20 april 12
  93. 93. That’s it: ➡ public key = (n, e) = (33, 3) ➡ private key = (n, d) = (33, 7) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37vrijdag 20 april 12
  94. 94. The actual math is much more complex since we use very large numbers, but it all comes down to these (relatively simple) calculations.. 38vrijdag 20 april 12
  95. 95. jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key 39vrijdag 20 april 12
  96. 96. jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key Private-Key: (256 bit) modulus: 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19 publicExponent: 65537 (0x10001) privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d prime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17 prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f exponent1: 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95 exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b coefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d 39vrijdag 20 april 12
  97. 97. jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key Private-Key: (256 bit) modulus: n 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19 publicExponent: 65537 (0x10001) e privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: d 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d prime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17 p prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f exponent1: q 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95 exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b d mod (p-1) coefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d e mod (q-1) (inverse q) mod p 39vrijdag 20 april 12
  98. 98. Encrypting a message: c = me mod n Decrypting a message: m = cd mod n 40vrijdag 20 april 12
  99. 99. Encrypting a message: private key = (n,d) = (33, 7): Decrypting a message: public key = (n,e) = (33, 3): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14 41vrijdag 20 april 12
  100. 100. Encrypting a message: private key = (n,d) = (33, 7): Decrypting a message: public key = (n,e) = (33, 3): m = 13, 20, 15, 5 c = 7, 26, 27,14 13^7 mod 33 = 7 7^3 mod 33 = 13 20^7 mod 33 = 26 26^3 mod 33 = 20 15^7 mod 33 = 27 27^3 mod 33 = 15 5^7 mod 33 = 14 14^3 mod 33 =5 c = 7, 26, 27,14 m = 13, 20, 15, 5 41vrijdag 20 april 12
  101. 101. 42vrijdag 20 april 12
  102. 102. ➡ A message is an “integer” 42vrijdag 20 april 12
  103. 103. ➡ A message is an “integer” ➡ A message must be between 2 and n-1. 42vrijdag 20 april 12
  104. 104. ➡ A message is an “integer” ➡ A message must be between 2 and n-1. ➡ Deterministic, so we must use a padding scheme to make it non-deterministic. 42vrijdag 20 april 12
  105. 105. 43vrijdag 20 april 12
  106. 106. ➡ Public Key Cryptography Standard #1 43vrijdag 20 april 12
  107. 107. ➡ Public Key Cryptography Standard #1 ➡ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). 43vrijdag 20 april 12
  108. 108. ➡ Public Key Cryptography Standard #1 ➡ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ➡ Got it flaws and weaknesses too. Always use the latest available version (v2.1) 43vrijdag 20 april 12
  109. 109. Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes 44vrijdag 20 april 12
  110. 110. Practical applications of PKE 45vrijdag 20 april 12
  111. 111. HTTPS 46vrijdag 20 april 12
  112. 112. HTTPS ➡ HTTP encapsulated by TLS (previously SSL). 46vrijdag 20 april 12
  113. 113. HTTPS ➡ HTTP encapsulated by TLS (previously SSL). ➡ More or less: an encryption layer on top of http. 46vrijdag 20 april 12
  114. 114. HTTPS ➡ HTTP encapsulated by TLS (previously SSL). ➡ More or less: an encryption layer on top of http. ➡ Myth: HTTPS uses public key encryption for communication. 46vrijdag 20 april 12
  115. 115. HTTPS ➡ HTTP encapsulated by TLS (previously SSL). ➡ More or less: an encryption layer on top of http. ➡ Myth: HTTPS uses public key encryption for communication. ➡ Fact: HTTPS uses public key encryption to SETUP communication. 46vrijdag 20 april 12
  116. 116. jthijssen@debian-jth:~$ openssl x509 -text -noout -in github.pem Certificate: Data: Version: 3 (0x2) Serial Number: 0e:77:76:8a:5d:07:f0:e5:79:59:ca:2a:9d:50:82:b5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV CA-1 Validity Not Before: May 27 00:00:00 2011 GMT Not After : Jul 29 12:00:00 2013 GMT Subject: businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/ 1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C3268102, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ed:d3:89:c3:5d:70:72:09:f3:33:4f:1a:72:74: d9:b6:5a:95:50:bb:68:61:9f:f7:fb:1f:19:e1:da: 04:31:af:15:7c:1a:7f:f9:73:af:1d:e5:43:2b:56: 09:00:45:69:4a:e8:c4:5b:df:c2:77:52:51:19:5b: d1:2b:d9:39:65:36:a0:32:19:1c:41:73:fb:32:b2: 3d:9f:98:ec:82:5b:0b:37:64:39:2c:b7:10:83:72: cd:f0:ea:24:4b:fa:d9:94:2e:c3:85:15:39:a9:3a: f6:88:da:f4:27:89:a6:95:4f:84:a2:37:4e:7c:25: 78:3a:c9:83:6d:02:17:95:78:7d:47:a8:55:83:ee: 13:c8:19:1a:b3:3c:f1:5f:fe:3b:02:e1:85:fb:11: 66:ab:09:5d:9f:4c:43:f0:c7:24:5e:29:72:28:ce: d4:75:68:4f:24:72:29:ae:39:28:fc:df:8d:4f:4d: 83:73:74:0c:6f:11:9b:a7:dd:62:de:ff:e2:eb:17: e6:ff:0c:bf:c0:2d:31:3b:d6:59:a2:f2:dd:87:4a: 48:7b:6d:33:11:14:4d:34:9f:32:38:f6:c8:19:9d: f1:b6:3d:c5:46:ef:51:0b:8a:c6:33:ed:48:61:c4: 1d:17:1b:bd:7c:b6:67:e9:39:cf:a5:52:80:0a:f4: ea:cd Exponent: 65537 (0x10001) 47vrijdag 20 april 12
  117. 117. HTTPS 48vrijdag 20 april 12
  118. 118. HTTPS ➡ Browser sends over its encryption methods. 48vrijdag 20 april 12
  119. 119. HTTPS ➡ Browser sends over its encryption methods. ➡ Server decides which one to use. 48vrijdag 20 april 12
  120. 120. HTTPS ➡ Browser sends over its encryption methods. ➡ Server decides which one to use. ➡ Server send certificate(s). 48vrijdag 20 april 12
  121. 121. HTTPS ➡ Browser sends over its encryption methods. ➡ Server decides which one to use. ➡ Server send certificate(s). ➡ Client sends “session key” encrypted by the public key found in the server certificate. 48vrijdag 20 april 12
  122. 122. HTTPS ➡ Browser sends over its encryption methods. ➡ Server decides which one to use. ➡ Server send certificate(s). ➡ Client sends “session key” encrypted by the public key found in the server certificate. ➡ Server and client uses the “session key” for symmetrical encryption. 48vrijdag 20 april 12
  123. 123. HTTPS 49vrijdag 20 april 12
  124. 124. HTTPS ➡ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. 49vrijdag 20 april 12
  125. 125. HTTPS ➡ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. ➡ SSL/TLS is a separate talk (it’s way more complex as this) 49vrijdag 20 april 12
  126. 126. HTTPS ➡ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. ➡ SSL/TLS is a separate talk (it’s way more complex as this) ➡ http://www.moserware.com/2009/06/first-few- milliseconds-of-https.html 49vrijdag 20 april 12
  127. 127. http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpghttp://torontoemerg.files.wordpress.com/2010/09/spam.gif 50vrijdag 20 april 12
  128. 128. 51vrijdag 20 april 12
  129. 129. Questions: 52vrijdag 20 april 12
  130. 130. Questions: ➡ Did Bill really send this email? 52vrijdag 20 april 12
  131. 131. Questions: ➡ Did Bill really send this email? ➡ Do we know for sure that nobody has read this email (before it came to us?) 52vrijdag 20 april 12
  132. 132. Questions: ➡ Did Bill really send this email? ➡ Do we know for sure that nobody has read this email (before it came to us?) ➡ Do we know for sure that the contents of the message isn’t tampered with? 52vrijdag 20 april 12
  133. 133. Questions: ➡ Did Bill really send this email? ➡ Do we know for sure that nobody has read this email (before it came to us?) ➡ Do we know for sure that the contents of the message isn’t tampered with? ➡ We use signing! 52vrijdag 20 april 12
  134. 134. Signing a message 53vrijdag 20 april 12
  135. 135. Signing a message ➡ Signing a message means adding a signature that authenticates the validity of a message. 53vrijdag 20 april 12
  136. 136. Signing a message ➡ Signing a message means adding a signature that authenticates the validity of a message. ➡ Like md5 or sha1, so when the message changes, so will the signature. 53vrijdag 20 april 12
  137. 137. Signing a message ➡ Signing a message means adding a signature that authenticates the validity of a message. ➡ Like md5 or sha1, so when the message changes, so will the signature. ➡ This works on the premise that Alice and only Alice has the private key that can create the signature. 53vrijdag 20 april 12
  138. 138. Signing a message http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg 54vrijdag 20 april 12
  139. 139. Introduction a pretty-good-privacy 55vrijdag 20 april 12
  140. 140. Introduction a pretty-good-privacy ➡ GPG / PGP: Application for signing and/or encrypting data (or emails). 55vrijdag 20 april 12
  141. 141. Introduction a pretty-good-privacy ➡ GPG / PGP: Application for signing and/or encrypting data (or emails). ➡ Try it yourself with Thunderbird’s Enigmail extension. 55vrijdag 20 april 12
  142. 142. Introduction a pretty-good-privacy ➡ GPG / PGP: Application for signing and/or encrypting data (or emails). ➡ Try it yourself with Thunderbird’s Enigmail extension. ➡ Public keys can be send / found on PGP- servers so you don’t need to send your keys to everybody all the time. 55vrijdag 20 april 12
  143. 143. 56vrijdag 20 april 12
  144. 144. ‣ Everybody can send emails that ONLY YOU can read. 56vrijdag 20 april 12
  145. 145. ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. 56vrijdag 20 april 12
  146. 146. ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? 56vrijdag 20 april 12
  147. 147. ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ No really, why isn’t it the standard? 56vrijdag 20 april 12
  148. 148. 57vrijdag 20 april 12
  149. 149. SSH 58vrijdag 20 april 12
  150. 150. SSH ➡ Public key authentication 58vrijdag 20 april 12
  151. 151. SSH ➡ Public key authentication ➡ Because you suck at creating and/or remembering passwords 58vrijdag 20 april 12
  152. 152. ➡ Run ssh-keygen ➡ copy id_rsa.pub over to server’s ~/.ssh/ authorized_keys ➡ Easy for tools / scripts to connect ➡ Easy for you (no remembering passwords) ➡ More fine grained security model. 59vrijdag 20 april 12
  153. 153. ➡ Domain Key Identified Mail (spam protection) ➡ BitCoin ➡ IPSEC / PKI ➡ DRM 60vrijdag 20 april 12
  154. 154. Some words of wisdom: (free of charge) 61vrijdag 20 april 12
  155. 155. 62vrijdag 20 april 12
  156. 156. ➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail. 62vrijdag 20 april 12
  157. 157. ➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. 62vrijdag 20 april 12
  158. 158. ➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. 62vrijdag 20 april 12
  159. 159. ➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. ➡ Every encryption will become obsolete! 62vrijdag 20 april 12
  160. 160. ➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. ➡ Every encryption will become obsolete! ➡ Always follow the best practices. 62vrijdag 20 april 12
  161. 161. Questions? http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 63vrijdag 20 april 12
  162. 162. Thank you Find me on twitter: @jaytaph Find me on email: jthijssen@noxlogic.nl Find me for blogs: www.adayinthelifeof.nl Find me for development and training: www.noxlogic.nl http://xkcd.com/153/ 64vrijdag 20 april 12
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×