Web cryptokarl von randow
I felt sorry for this theme
What’s wrong with plain text?
What’s wrong with MD5?
It’s beenCRACKEDIt has lots of vulnerabilitiessince 1996.Really bad since 2008.
What’s wrong with SHA1?
It’s beenCROAKEDActually it’s just a bitvulnerable maybe.
What aboutsalt?Effective againstrainbow tables
So salt isokayBut not against the othercollision attacks
PBKDF2• Password-Based Key DerivationFunction 2• Easy to remember acronym• It’s a standard
• Salted - hurts rainbow tables• Repeats a hash lots of times - keystretching• Adjustable difficulty
Can be implemented with asmall circuit and very littleRAMUh oh
bcrypt• Everything PBKDF2 has (except it’s nota standard)• Aims to be slow• Been around for ages and unbroken
• A bit of a pain when converting plaintext passwords in the database as ittakes a while
What about FPGAs?
Oh
What about scrypt?
scrypt• Like bcrypt but uses more RAM• Really new (2009)
Migrating from existing• Plain text - batch convert• PostgreSQL contrib package• Hashed - convert on successful login
Hashes in APIsSignature algorithms
2009• MD5 length extension hackdemonstrated on Flickr API(and others)
• Hashes are not good for signing
Use the right tool for the job
HMAC• Hash-based message authentication code• HMAC-SHA1• Uses a secret key
• Substantially less affected by collisions• No known extension attacks
What about SSL?
SSL• Privacy in between• Only secure when both parties have avested interest in security
• If you control the client• Tell system to trust a new CA• Man-in-the-middle
• Doesn’t protect your API from beingtinkered with or disclosed
Only $50
i have seen that yours isthe shittest software ever#@%! your mothers
“CWP was pivotal in helping me crack anhttps encrypted API for an iPhoneapplication. Thankfully, that was their onlymethod...
“... after seeing the URLs were GETrequests with username and passwords, Ifigured this was going to be VERY EASY.  Iactuall...
ThanksSir JBallfor the sweet vectorillustrations. They reallycleared things up.
What about validating thecertificate?
bcrypt &HMAC-SHA1SSL for privacy
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Web Crypto
Upcoming SlideShare
Loading in …5
×

Web Crypto

838 views
679 views

Published on

Karl von Randow's talk on Web Crypto for Auckland Web Dev Nights on the 9th of May 2013.

http://webdevnights.github.io

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
838
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Web Crypto

  1. 1. Web cryptokarl von randow
  2. 2. I felt sorry for this theme
  3. 3. What’s wrong with plain text?
  4. 4. What’s wrong with MD5?
  5. 5. It’s beenCRACKEDIt has lots of vulnerabilitiessince 1996.Really bad since 2008.
  6. 6. What’s wrong with SHA1?
  7. 7. It’s beenCROAKEDActually it’s just a bitvulnerable maybe.
  8. 8. What aboutsalt?Effective againstrainbow tables
  9. 9. So salt isokayBut not against the othercollision attacks
  10. 10. PBKDF2• Password-Based Key DerivationFunction 2• Easy to remember acronym• It’s a standard
  11. 11. • Salted - hurts rainbow tables• Repeats a hash lots of times - keystretching• Adjustable difficulty
  12. 12. Can be implemented with asmall circuit and very littleRAMUh oh
  13. 13. bcrypt• Everything PBKDF2 has (except it’s nota standard)• Aims to be slow• Been around for ages and unbroken
  14. 14. • A bit of a pain when converting plaintext passwords in the database as ittakes a while
  15. 15. What about FPGAs?
  16. 16. Oh
  17. 17. What about scrypt?
  18. 18. scrypt• Like bcrypt but uses more RAM• Really new (2009)
  19. 19. Migrating from existing• Plain text - batch convert• PostgreSQL contrib package• Hashed - convert on successful login
  20. 20. Hashes in APIsSignature algorithms
  21. 21. 2009• MD5 length extension hackdemonstrated on Flickr API(and others)
  22. 22. • Hashes are not good for signing
  23. 23. Use the right tool for the job
  24. 24. HMAC• Hash-based message authentication code• HMAC-SHA1• Uses a secret key
  25. 25. • Substantially less affected by collisions• No known extension attacks
  26. 26. What about SSL?
  27. 27. SSL• Privacy in between• Only secure when both parties have avested interest in security
  28. 28. • If you control the client• Tell system to trust a new CA• Man-in-the-middle
  29. 29. • Doesn’t protect your API from beingtinkered with or disclosed
  30. 30. Only $50
  31. 31. i have seen that yours isthe shittest software ever#@%! your mothers
  32. 32. “CWP was pivotal in helping me crack anhttps encrypted API for an iPhoneapplication. Thankfully, that was their onlymethod of securing the data, because itlead to me bringing online stats for a cult-classic video game called SSX... So, I justwanted to say thanks!”
  33. 33. “... after seeing the URLs were GETrequests with username and passwords, Ifigured this was going to be VERY EASY.  Iactually did it all during the 30 minute trialof the program. (that reminds me, I shouldbuy a license because it was so awesome).”Justin J.N.
  34. 34. ThanksSir JBallfor the sweet vectorillustrations. They reallycleared things up.
  35. 35. What about validating thecertificate?
  36. 36. bcrypt &HMAC-SHA1SSL for privacy

×