Encryption Boot Camp at Øredev

3,263 views

Published on

Matthew McCullough's Encryption on the JVM presentation to Øredev 2010 in Malmö, Sweden.

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,263
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Encryption Boot Camp at Øredev

  1. 1. @matthewmccull ©MatthewMcCullough,AmbientIdeas,LLC
  2. 2. ENCRYPTION BOOT CAMP Security is the mission @matthewmccull ©MatthewMcCullough,AmbientIdeas,LLC
  3. 3. ©MatthewMcCullough,AmbientIdeas,LLC
  4. 4. ENCRYPTING? statistics say 76% are not
  5. 5. DATA BREACHED at 85% of companies in just the last 12 Months
  6. 6. ANCIENT HISTORY Everything old is new again
  7. 7. ANCIENT HISTORY Everything old is new again
  8. 8. 44 B.C. That’s 2,054 years ago...
  9. 9. Sensitive Data
  10. 10. Plain Sight Sensitive Data
  11. 11. Plain Sight Recipientor Storage Sensitive Data
  12. 12. Plain Sight Recipientor Storage Sensitive Data C ontents O bscured
  13. 13. Julius Caesar
  14. 14. Caesar Cipher A B C D E F G A B C D E F G a.k.a. ROT(2) Shift Cipher
  15. 15. Caesar Cipher A B C D E F G A B C D E F G a.k.a. ROT(2) Shift Cipher
  16. 16. Caesar Cipher A B C D E F G A B C D E F G a.k.a. ROT(2) Shift Cipher
  17. 17. Caesar Cipher a.k.a. ROT(2) Shift Cipher
  18. 18. 200 lines for a complete implementation of Caesar Cipher
  19. 19. Leave the ciphers to the career cryptographers
  20. 20. BROKEN Perfectly safe data is a myth
  21. 21. BROKEN Perfectly safe data is a myth
  22. 22. Compromised
  23. 23. Compromised ★ Every algorithm is vulnerable
  24. 24. Compromised ★ Every algorithm is vulnerable ★ Crack by real-time brute force
  25. 25. Compromised ★ Every algorithm is vulnerable ★ Crack by real-time brute force ★ Crack by pre-computed tables
  26. 26. Compromised ★ Every algorithm is vulnerable ★ Crack by real-time brute force ★ Crack by pre-computed tables ★ Function of time + money + hardware
  27. 27. and yet open algorithms are still the best
  28. 28. delicious.com/matthew.mccullough/encryption
  29. 29. JCE PRIMER The world of Java crypto
  30. 30. JCE PRIMER The world of Java crypto
  31. 31. JavaCryptographyExtension ★ Known as JCE ★ Included in all JREs Since Java 1.2 ★ Pluggable provider architecture ★ JCE extends Java Cryptography Architecture (JCA)
  32. 32. JCE Providers Default Sun JRE Providers ★ SUN ★ SunJCE ★ SunJSSE ★ SunRsaSign
  33. 33. RegisteringaProvider Static ★ <java-home>/lib/security/java.security ★ security.provider.n=masterClassName
  34. 34. RegisteringaProvider Dynamic★ java.security.Security class ★ addProvider() ★ insertProviderAt() ★ Not persistent across VM instances
  35. 35. Encryption Law & the JCE country borders stop bits
  36. 36. JCE Strength ★ Jurisdiction Policy Files ★ Two variants ★ Algorithm strength differences
  37. 37. Strong
  38. 38. Strong
  39. 39. Unlimited
  40. 40. Unlimited
  41. 41. JCE Strength
  42. 42. JCE Strength ★ Strongstrength included in all JREs
  43. 43. JCE Strength ★ Strongstrength included in all JREs ★ Unlimitedstrength is a separate download available based on US export rules
  44. 44. Strong Policy // File: default_local.policy // Some countries have import limits on crypto strength. // This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", 2048; permission javax.crypto.CryptoPermission *, 128; };
  45. 45. “Strong” Key Limits Algorithm Max Key Size DES 64 DESede 3des 168 RC2 128 RC4 128 RC5 128 RSA 2048 Others 128
  46. 46. “Unlimited” Key Limits Algorithm Max Key Size DES ∞ DESede 3des ∞ RC2 ∞ RC4 ∞ RC5 ∞ RSA ∞ Others ∞
  47. 47. Digests & Hashes One way functions
  48. 48. What is a Hash? ★ Small set of bytes representing a large message ★ Small change in message = large change in digest ★ Digests also known as hashes ★ Same algorithms, different purposes
  49. 49. What is a Digest? ★ Integrity check (MIC) for chunk of data or ★ Password storage mechanism
  50. 50. MessageDigest
  51. 51. MessageDigest ★ java.security.MessageDigest
  52. 52. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available
  53. 53. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2
  54. 54. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2 ★ MD5 (128 bit)
  55. 55. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2 ★ MD5 (128 bit) ★ SHA-1(160 bit)
  56. 56. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2 ★ MD5 (128 bit) ★ SHA-1(160 bit) ★ SHA-256
  57. 57. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2 ★ MD5 (128 bit) ★ SHA-1(160 bit) ★ SHA-256 ★ SHA-384
  58. 58. MessageDigest ★ java.security.MessageDigest ★ Many algorithms available ★ MD2 ★ MD5 (128 bit) ★ SHA-1(160 bit) ★ SHA-256 ★ SHA-384 ★ SHA-512
  59. 59. MessageDigest
  60. 60. MessageDigest
  61. 61. MessageDigest U. S. Department of Homeland Security said MD5is "considered cryptographically broken and unsuitable for further use"
  62. 62. download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
  63. 63. System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException { MessageDigest sha = MessageDigest.getInstance("SHA-1"); //Salt could be applied here //Integer salt = <some random number generator> //sha.update(salt.getBytes()); byte[] digest = sha.digest(message.getBytes()); return new sun.misc.BASE64Encoder().encode(digest); } }
  64. 64. * * Demonstrate that very similar messages * have radically different hashes. */ public class MessageDigestSHA { public static void main( String[] args ) throws NoSuchAlgorithmException { //Set up the message to be encoded String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException {
  65. 65. * * Demonstrate that very similar messages * have radically different hashes. */ public class MessageDigestSHA { public static void main( String[] args ) throws NoSuchAlgorithmException { //Set up the message to be encoded String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException {
  66. 66. Input Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38= Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc= String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; Result
  67. 67. SYMMETRIC My key is your key
  68. 68. SYMMETRIC My key is your key
  69. 69. Why Symmetric?
  70. 70. Why Symmetric? ★ Fast
  71. 71. Why Symmetric? ★ Fast ★ Well suited for bulk data
  72. 72. Using Symmetric
  73. 73. Using Symmetric ★ Secure network for passing keys or
  74. 74. Using Symmetric ★ Secure network for passing keys or ★ Never decrypted at remote end
  75. 75. Symmetric A B
  76. 76. Symmetric Message/FileA B
  77. 77. Symmetric A’s 256 bit symmetric key Message/FileA B
  78. 78. Encrypted with 256 bit symmetric key Symmetric A’s 256 bit symmetric key Message/FileA B
  79. 79. Encrypted with 256 bit symmetric key Symmetric A’s 256 bit symmetric key Message/FileA B
  80. 80. Symmetric A’s 256 bit symmetric key Message/FileA B
  81. 81. Symmetric A’s 256 bit symmetric key Message/FileA B
  82. 82. How do we securely get the key from Alice to Bob?
  83. 83. import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SymmetricEncrypt { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
  84. 84. import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SymmetricEncrypt { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; //Build a new encryption key final KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); keyGen.init(168); final SecretKey desKey = keyGen.generateKey(); //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText);
  85. 85. final String message1 = "Four score and seven years ago"; //Build a new encryption key final KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); keyGen.init(168); final SecretKey desKey = keyGen.generateKey(); //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); ////////////////////////////////////// //Put the cipher in decryption mode desCipher.init(Cipher.DECRYPT_MODE, desKey); //Decrypt and output the original string byte[] decryptedBytes = desCipher.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); }
  86. 86. //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); ////////////////////////////////////// //Put the cipher in decryption mode desCipher.init(Cipher.DECRYPT_MODE, desKey); //Decrypt and output the original string byte[] decryptedBytes = desCipher.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } }
  87. 87. Input Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g= Decrypted text: Four score and seven years ago String message1 = "Four score and seven years ago"; Result
  88. 88. SYMMETRIC Identical keys for encryption and decryption
  89. 89. Block
  90. 90. Block Predefined content length
  91. 91. Block Predefined content length ★ Well-known end to the content
  92. 92. Block Predefined content length ★ Well-known end to the content ★ Files on disk
  93. 93. Block Predefined content length ★ Well-known end to the content ★ Files on disk ★ Inefficient when padding
  94. 94. DES Data Encryption Standard ★ Block cipher ★ Banking industry ★ DES is known to be broken
  95. 95. 3DES Triple Data Encryption Standard ★ Block cipher ★ a.k.a DESede ★ Basically three passes of DES ★ Reasonably strong
  96. 96. Blowfish ★ Block cipher ★ Unpatented (intentionally) ★ Secure replacement for DES ★ Faster than DES ★ 32 to 448 bit keys ★ Overshadowed by AES
  97. 97. AES Advanced Encryption Standard ★ Block cipher ★ Government standard ★ Rijndael algorithm (Joan Daemen, Vincent Rijmen) ★ 4 years of evaluation ★ Final in December 2000 ★ Very Secure
  98. 98. ENCRYPTED = SAFE, RIGHT? information leakage from encrypted data
  99. 99. ENCRYPTED = SAFE, RIGHT? information leakage from encrypted data
  100. 100. Encryptedisn’tenough? http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
  101. 101. Use anything instead of ECB!
  102. 102. CBC, PCBC, CFB, OFB, GCM
  103. 103. SECURE KEY EXCHANGE securely swapping symmetric keys
  104. 104. SECURE KEY EXCHANGE securely swapping symmetric keys
  105. 105. Diffie-Hellman
  106. 106. Diffie-Hellman Key Agreement Protocol
  107. 107. Diffie-Hellman Key Agreement Protocol ★ Alice & Bob independently generate the shared (session) key
  108. 108. Diffie-Hellman Key Agreement Protocol ★ Alice & Bob independently generate the shared (session) key ★ Published 1976, but invented earlier
  109. 109. DH Diagrammed A B
  110. 110. DH Diagrammed A B predetermined and openly shared
  111. 111. DH Diagrammed A B predetermined and openly shared g = random g = 11
  112. 112. DH Diagrammed A B predetermined and openly shared g = random g = 11 p = prime p = 23
  113. 113. DH Diagrammed A picks a = 6 picks b = 4 B predetermined and openly shared g = random g = 11 p = prime p = 23
  114. 114. DH Diagrammed A picks a = 6 A= ga mod p picks b = 4 B B= gb mod p predetermined and openly shared g = random g = 11 p = prime p = 23
  115. 115. DH Diagrammed A picks a = 6 A= ga mod p 9=116 mod 23 picks b = 4 B B= gb mod p 13=114 mod 23 predetermined and openly shared g = random g = 11 p = prime p = 23
  116. 116. DH Diagrammed A picks a = 6 A= ga mod p 9=116 mod 23 picks b = 4 B B= gb mod p 13=114 mod 23 predetermined and openly shared g = random g = 11 A=9B=13 p = prime p = 23
  117. 117. DH Diagrammed A picks a = 6 A= ga mod p 9=116 mod 23 picks b = 4 B B= gb mod p 13=114 mod 23 K= Ba mod p K= Ab mod p predetermined and openly shared g = random g = 11 A=9B=13 p = prime p = 23
  118. 118. DH Diagrammed A picks a = 6 A= ga mod p 9=116 mod 23 picks b = 4 B B= gb mod p 13=114 mod 23 K= Ba mod p 6= 136 mod 23 K= Ab mod p 6= 94 mod 23 predetermined and openly shared g = random g = 11 A=9B=13 p = prime p = 23
  119. 119. DH Diagrammed A picks a = 6 A= ga mod p 9=116 mod 23 picks b = 4 B B= gb mod p 13=114 mod 23 K= Ba mod p 6= 136 mod 23 K= Ab mod p 6= 94 mod 23 predetermined and openly shared g = random g = 11 A=9B=13 p = prime p = 23 Encryption can begin
  120. 120. What’s wrong with this?
  121. 121. RANDOM NUMBERS Seed the machine
  122. 122. RANDOM NUMBERS Seed the machine
  123. 123. SecureRandom ★ java.security.SecureRandom ★ Cryptographically strong pseudo-random number generator (PRNG) ★ “Unable to distinguish from a true random source” ★ Used in combination with many ciphers
  124. 124. package com.ambientideas; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the
  125. 125. import java.security.SecureRandom; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the // random number generator instance SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); //Get the next random number String randomNum = new Integer( prng.nextInt() ).toString(); System.out.println("Random number: " + randomNum); } }
  126. 126. * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the // random number generator instance SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); //Get the next random number String randomNum = new Integer( prng.nextInt() ).toString(); System.out.println("Random number: " + randomNum); } }
  127. 127. Result Random number: 1633471380
  128. 128. ASYMMETRIC Throwing away keys faster than an intern locksmith
  129. 129. ASYMMETRIC Throwing away keys faster than an intern locksmith
  130. 130. RSA ★ Ron Rivest, Adi Shamir, Leonard Adleman ★ Published in 1978 ★ M.I.T. Patented in 1983 ★ Patent Expired in 2000
  131. 131. RSA A B
  132. 132. RSA Message/FileA B
  133. 133. RSA B’s 2048 bit public key Message/FileA B
  134. 134. Encrypted with 2048 bit RSA key RSA Message/FileA B
  135. 135. Encrypted with 2048 bit RSA key RSA B’s 2048 bit private key Message/FileA B
  136. 136. RSA Message/FileA B
  137. 137. RSA Message/FileA B
  138. 138. import java.io.IOException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random
  139. 139. public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; // Generate the Key Pair final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); final SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen.generateKeyPair(); final PrivateKey privKey = pair.getPrivate(); final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, pubKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder();
  140. 140. KeyPair pair = keyGen.generateKeyPair(); final PrivateKey privKey = pair.getPrivate(); final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, pubKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); //Decrypt using the private key rsa.init(Cipher.DECRYPT_MODE, privKey); byte[] decryptedBytes = rsa.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } }
  141. 141. final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, pubKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); //Decrypt using the private key rsa.init(Cipher.DECRYPT_MODE, privKey); byte[] decryptedBytes = rsa.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } }
  142. 142. Input Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/ ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF em7oNoim+ooTUDDZQ+E3qP6y/ DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf atpySkOhGqWS63bPNRs= Decrypted text: Four score and seven years ago String message1 = "Four score and seven years ago"; Result
  143. 143. Encryption Speed asymmetric can be 1000x slower than symmetric
  144. 144. Key Size & Security
  145. 145. Key Size & Security Symmetric KeySize 160bitDES
  146. 146. Key Size & Security Symmetric KeySize Asymmetric KeySize 1024bitRSA 160bitDES
  147. 147. Key Size & Security Symmetric KeySize Asymmetric KeySize Security 1024bitRSA 112bits 160bitDES
  148. 148. Key Size & Security Symmetric KeySize Asymmetric KeySize Security Security 1024bitRSA 112bits 160bitDES 128bits
  149. 149. What do we do about that?
  150. 150. BLENDED symmetric with a twist of asymmetric
  151. 151. BLENDED symmetric with a twist of asymmetric
  152. 152. PGP A B
  153. 153. PGP Message/File A B
  154. 154. PGP Random generated 256 bit symmetric key Message/File A B
  155. 155. Encrypted with 256 bit symmetric key PGP Random generated 256 bit symmetric key Message/File A B
  156. 156. Encrypted with 256 bit symmetric key PGP Random generated 256 bit symmetric key B’s 2048 bit public key Message/File A B
  157. 157. Encrypted with 256 bit symmetric key Encrypted with 2048 bit RSA key PGP Random generated 256 bit symmetric key Message/File A B
  158. 158. Encrypted with 256 bit symmetric key Encrypted with 2048 bit RSA key PGP Random generated 256 bit symmetric key Message/File A B
  159. 159. Encrypted with 256 bit symmetric key Encrypted with 2048 bit RSA key PGP Random generated 256 bit symmetric key B’s 2048 bit private key Message/File A B
  160. 160. Encrypted with 256 bit symmetric key PGP Random generated 256 bit symmetric key Message/File A B
  161. 161. PGP Message/File A B
  162. 162. PGP Message/File A B
  163. 163. Don’t forget the humans
  164. 164. http://xkcd.com/538/
  165. 165. http://xkcd.com/538/
  166. 166. ENCRYPTION BOOT CAMP Security is the Mission Email Twitter Blog Matthew McCullough matthewm@ambientideas.com @matthewmccull http://ambientideas.com/blog

×