Cryptography for the mere mortals

julius caesar : caesar cipherkey = 3

julius caesar : caesar cipherkey = 3hasin = kdvlq

rise of the machines

cryptography in bangla way

!@#$%^&* The science of writing in secret code

daily cryptographySSLSession/Cookie EncryptionStoring Sensitive InformationSecure Message TransportationSigning Documents

terms Plaintext Key Cipher Encryption Ciphertext Decryption

techniques Symmetric Cryptography = shared secret key Asymmetric Cryptography = public key + private key Hash Cryptography = One way

cryptography in PHP cracklib hash mCrypt openSSL mHash

one way journey md5 sha1 Sha2  Sha 256  Sha 512

problems of MD5/SHA1 Collision Attack  hash(data1) = hash(data2)

why salt?

password!Use a salt value in hash functions or bcrypt hash( $salt . $password ); hash_hmac( ‘sha512’, $salt . $password ); crypt($password , $salt );

symmetric encryption One single key Shared between parties Popular

sample encryption - AES…$ivlength = mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);$iv = mcrypt_create_iv( $ivlength, MCRYPT_RAND);

sample encryption - AES$encryptedText = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv);

sample decryption – AES$decryptedText = mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $key, $encryptedText, MCRYPT_MODE_CBC, $iv);

asymmetric encryption public / private key semi-shared

meet with bob and alice

bob and alice’s storyBob Asks Alice For her public keyBob signs msg with the public key of AliceAlice gets encrypted msgAlice decrypts msg with her secret private keyAlice reads It

public/private key encryption RSA openSSL

RSA key-pair ssh-keygen –t RSA –b <bit>Generating public/private rsa key pair.Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsaEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /tmp/pk_rsaYour public key has been saved in /tmp/pk_rsa.pub

RSA key to PEM formatopenssl rsa -in pk_rsa -outform pem > pk_rsa.pem

generate RSA key in PEM format openssl genrsa -des3 -out pk_rsa.pem 2048

public key out of PEM fileopenssl rsa -pubout -in pk_rsa.pem -out pk_pub.pem

encrypt with public key$pub_key=openssl_get_publickey( file_get_contents("/tmp/pk_pub.pem"));$enc= openssl_public_encrypt( $source, $crypttext, $pub_key);

decrypt using private key…$passphrase = “<secret passphrase>";$key = openssl_get_privatekey( file_get_contents("/tmp/pk.pem"), $passphrase);

decrypt using private key$dec=openssl_private_decrypt( $decoded_source, $newsource, $res);

there are always some bad guys…

best practices PCI DSS Compliance

best practicesAES (RIJNDAEL)BLOWFISHTWOFISHSHA-256, 384, 512RSA

random!rand()mt_rand()openssl_random_pseudo_bytes()

key space Secret key space >= 128 bit Public key space >= 2048 bit

thanks M A Hossain Tonu Sr. Software Engineer, somewherein… http://mahtonu.wordpress.com Hasin Hayder Founder, Leevio http://hasin.wordpress.com

Cryptography for the mere mortals

by M A Hossain Tonu on Dec 19, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

Cryptography for the mere mortals — Presentation Transcript