php[tek] 2108 - Cryptography Advances in PHP 7.2

1. @adam_englander PHP[TEK] 2018 Wiﬁ: Sheraton Conference Pass: phptek2018 Twitter: #phptek Rate the Talks https://joind.in/event/phptek-2018

2. @adam_englander Cryptography Advances in PHP 7.2 Adam Englander Software Architect, iovation

3. @adam_englander Half of the changes identiﬁed in the PHP7.2.0 release announcements were related to cryptography.

4. @adam_englander SSL is Dead! Long live TLS!

5. @adam_englander Streams ssl:// is now an alias of tls://

6. @adam_englander Steam Defaults STREAM_CRYPTO_METHOD_TLS_SERVER, STREAM_CRYPTO_METHOD_TLS_CLIENT, and tls:// default to TLSv1.0 + TLSv1.1 + TLSv1.2 Instead of TLSv1.0 only

7. @adam_englander Goodbye MCrypt!

8. @adam_englander

9. @adam_englander Hello NaCl! (Sodium)

10. @adam_englander Easy, Secure, and Fast

11. @adam_englander Easy Like Laravel

12. @adam_englander Opinionated for your pleasure

13. @adam_englander Simpliﬁes Common Tasks

14. @adam_englander Does a Lot of Heavy Lifting

15. @adam_englander Secure Like the Phantom Zone

16. @adam_englander Strong Authenticated Encryption

17. @adam_englander Modern Algorithms Poly1305 XSalsa20ChaCha20 Argon2i Blake2

18. @adam_englander Helpers for Security

19. @adam_englander Constant-Time Test for Equality "abcdefg" == "hijklmnop" sodium_memcmp("abcdefg", "hijklmnop") "abcdefg" == "abcdefq" sodium_memcmp("abcdefg", "abcdefq")

20. @adam_englander String Memory Overwrite sodium_memzero($value); $value = "000000"; $value = "secret";

21. @adam_englander Fast Like the Millennium Falcon

22. @adam_englander ChaCha20 vs AES https://security.googleblog.com/2014/04/speeding-up-and-strengthening-https.html

23. @adam_englander BLAKE2 vs Everything https://blake2.net/

24. @adam_englander Key Derivation a.k.a. password hashing

25. @adam_englander Argon2i

26. @adam_englander Best in Class

27. @adam_englander Blake2 Inside

28. @adam_englander Time based rather count based iterations

29. @adam_englander Parallelism and Memory Requirements

30. @adam_englander Exposed via Password Function

31. @adam_englander scrypt without PECL

32. @adam_englander Hashing Generic hashing

33. @adam_englander Blake2b for data validation

34. @adam_englander SipHash-2-4 for short hashes

35. @adam_englander Symmetric Key Encryption a.k.a secret key encryption

36. @adam_englander Authenticated encryption via auth tag

37. @adam_englander Stream based encryption

38. @adam_englander Encrypted message sets

39. @adam_englander XSalsa20-Poly1305

40. @adam_englander AES256-GCM if you like pain

41. @adam_englander Asymmetric Key Cryptography a.k.a. public key encryption

42. @adam_englander MAC authenticated encryption

43. @adam_englander Signatures can be attached or detached

44. @adam_englander XSalsa20-Poly1305

45. @adam_englander Example

46. @adam_englander Ed25519 signatures

47. @adam_englander Key Exchange Use with care!

48. @adam_englander Examples

49. @adam_englander Encryption

50. @adam_englander Key Generation $keyPair = sodium_crypto_box_keypair();

51. @adam_englander Getting Public/Private Key Pairs $secretKey = sodium_crypto_box_secretkey( $keyPair); $publicKey = sodium_crypto_box_publickey( $keyPair);

52. @adam_englander Creating Mixed Key Pairs sodium_crypto_box_keypair_from_secretkey_and_publickey( $mySecretKey, $theirPublicKey );

53. @adam_englander Encryption $nonce = random_bytes( SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = sodium_crypto_box( "Hello ,World!", $nonce, $keyPair);

54. @adam_englander Decryption $plaintext = sodium_crypto_box_open( $ciphertext, $nonce, $keyPair);

55. @adam_englander Digital Signatures

56. @adam_englander Key Generation $keyPair = sodium_crypto_sign_keypair();

57. @adam_englander Getting Public/Private Key Pairs $secretKey = sodium_crypto_sign_secretkey( $keyPair); $publicKey = sodium_crypto_sign_publickey( $keyPair);

58. @adam_englander Signing $signedMsg = sodium_crypto_sign( "Hello, World!", $secretKey );

59. @adam_englander Signature Veriﬁcation $originalMsg = sodium_crypto_sign_open( $signedMsg, $publicKey ); if ($originalMsg === false) { throw new Exception("Fail!"); }

60. @adam_englander Hashing

61. @adam_englander Standard Hash $h = sodium_crypto_generichash("Msg"); print base64_encode($h); URvIHd4RGAg4xWLIK7NfMiP0YGHr3kqVXCez9InPHgM=

62. @adam_englander Signed Hash $key = random_bytes( SODIUM_CRYPTO_GENERICHASH_KEYBYTES); $h = sodium_crypto_generichash( "Msg", $key); print base64_encode($h); /qV2j5MfGBjJ9g60PQnnQYSt1Y/1csjJzq37C1pE4SE=

63. @adam_englander Short Hash $key = random_bytes( SODIUM_CRYPTO_SHORTHASH_KEYBYTES); $h = sodium_crypto_shorthash( "Msg", $key); print base64_encode($h); eCTWVTKkkKw=

64. @adam_englander Key Derivation

65. @adam_englander Create KDF Hash $hash = sodium_crypto_pwhash_str( 'Password', SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); print base64_encode($hash); $argon2id$v=19$m=65536,t=2,p=1$qCcD3BqZjmbYEFMKxgsUjA$5BzYYNuACwp3Zq p29QnT9upRxVZykU/P8isst91uKYE==

66. @adam_englander Verify KDF Hash sodium_crypto_pwhash_str_verify( $hash, 'Password' );

67. @adam_englander Password Extension

68. @adam_englander Create Password Hash $hash = password_hash( 'Password', PASSWORD_ARGON2I ); $argon2i$v=19$m=1024,t=2,p=2$WW15cG1NLjR0cXZET3Nzeg$ImFwKTaVgDHme95M ROV5S9ssG+e458gdpLz9Cwwiba8

69. @adam_englander Resources https://download.libsodium.org/doc/ https://paragonie.com/book/pecl-libsodium http://php.net/manual/en/book.sodium.php http://php.net/manual/en/function.password-hash.php

70. @adam_englander Thanks to Our Sponsors

71. @adam_englander Rate This Talk https://joind.in/talk/48fbd

php[tek] 2108 - Cryptography Advances in PHP 7.2

php[tek] 2108 - Cryptography Advances in PHP 7.2

Recommended

More Related Content

What's hot

What's hot(6)

Similar to php[tek] 2108 - Cryptography Advances in PHP 7.2

Similar to php[tek] 2108 - Cryptography Advances in PHP 7.2(20)

More from Adam Englander

More from Adam Englander(20)

Recently uploaded

Recently uploaded(20)

php[tek] 2108 - Cryptography Advances in PHP 7.2