Cryptography for the mere mortals
Upcoming SlideShare
Loading in...5

Cryptography for the mere mortals



Cryptography in PHP, focusing newbies to mediocre

Cryptography in PHP, focusing newbies to mediocre



Total Views
Views on SlideShare
Embed Views



1 Embed 5 5


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • Plaintext The initial unencrypted (unscrambled) data to be communicated. CiphertextPlaintext is encrypted (scrambled) into something unintelligible – ciphertext for communication Example: “esqbsuibqsbujnebt” Encryption The process of converting ordinary information ( plaintext ) into ciphertext . Decryption The reverse process of moving from unintelligible ciphertext to plaintext . Cipher Pair of algorithms performing encryption & decryption. Key A secret parameter for the cipher algorithm. Key Management Management of generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. Provisions in Cryptosystem design, Cryptographic protocols in that design, User procedures, and so on. Crypto Analysis / Code Breaking The study of how to circumvent the confidentiality sought by using encryption.
  • To check if a given $password string is valid, for a given hash, you can use the following condition:If($hash==crypt($password,$hash)) echo ‘valid’;
  • Advanced encryption standard
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • H
  • rand() predictablea cryptographically strong random number in PHP you have to use the function openssl_random_pseudo_bytes() of the OpenSSL library, available at PHP 5.3
  • DES cipher uses 56-bit key, that means the key space is 2^56.

Cryptography for the mere mortals Cryptography for the mere mortals Presentation Transcript

  • julius caesar : caesar cipherkey = 3
  • julius caesar : caesar cipherkey = 3hasin = kdvlq
  • rise of the machines
  • cryptography in bangla way
  • !@#$%^&* The science of writing in secret code
  • daily cryptographySSLSession/Cookie EncryptionStoring Sensitive InformationSecure Message TransportationSigning Documents
  • terms Plaintext Key Cipher Encryption Ciphertext Decryption
  • techniques Symmetric Cryptography = shared secret key Asymmetric Cryptography = public key + private key Hash Cryptography = One way
  • cryptography in PHP cracklib hash mCrypt openSSL mHash
  • one way journey md5 sha1 Sha2  Sha 256  Sha 512
  • problems of MD5/SHA1 Collision Attack  hash(data1) = hash(data2)
  • why salt?
  • password!Use a salt value in hash functions or bcrypt hash( $salt . $password ); hash_hmac( ‘sha512’, $salt . $password ); crypt($password , $salt );
  • symmetric encryption One single key Shared between parties Popular
  • sample encryption - AES…$ivlength = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);$iv = mcrypt_create_iv( $ivlength, MCRYPT_RAND);
  • sample encryption - AES$encryptedText = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv);
  • sample decryption – AES$decryptedText = mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $key, $encryptedText, MCRYPT_MODE_CBC, $iv);
  • asymmetric encryption public / private key semi-shared
  • meet with bob and alice
  • bob and alice’s storyBob Asks Alice For her public keyBob signs msg with the public key of AliceAlice gets encrypted msgAlice decrypts msg with her secret private keyAlice reads It
  • public/private key encryption RSA openSSL
  • RSA key-pair ssh-keygen –t RSA –b <bit>Generating public/private rsa key pair.Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsaEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /tmp/pk_rsaYour public key has been saved in /tmp/
  • RSA key to PEM formatopenssl rsa -in pk_rsa -outform pem > pk_rsa.pem
  • generate RSA key in PEM format openssl genrsa -des3 -out pk_rsa.pem 2048
  • public key out of PEM fileopenssl rsa -pubout -in pk_rsa.pem -out pk_pub.pem
  • encrypt with public key$pub_key=openssl_get_publickey( file_get_contents("/tmp/pk_pub.pem"));$enc= openssl_public_encrypt( $source, $crypttext, $pub_key);
  • decrypt using private key…$passphrase = “<secret passphrase>";$key = openssl_get_privatekey( file_get_contents("/tmp/pk.pem"), $passphrase);
  • decrypt using private key$dec=openssl_private_decrypt( $decoded_source, $newsource, $res);
  • there are always some bad guys…
  • best practices PCI DSS Compliance
  • best practicesAES (RIJNDAEL)BLOWFISHTWOFISHSHA-256, 384, 512RSA
  • random!rand()mt_rand()openssl_random_pseudo_bytes()
  • key space Secret key space >= 128 bit Public key space >= 2048 bit
  • thanks M A Hossain Tonu Sr. Software Engineer, somewherein… Hasin Hayder Founder, Leevio