Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
@adam_englander
Cryptography for Beginners
Adam Englander
Software Architect, iovation
@adam_englander
I am a Virtual Crime Fighter
@adam_englander
I am a lover of PHP
@adam_englander
I Am Not…
• … a security researcher
• … a cryptographer
• … a mathematician
@adam_englander
What To Expect
• Gain a working understanding of common
terms used in cryptography.
• Understand the key d...
@adam_englander
What Not to Expect
• Deep dive into algorithms
• A lot of comparison between algorithms and
implementation...
@adam_englander
What Is Cryptography?
Cryptography…is	the	practice	and	study	of	
techniques	for	secure	communication	in	
t...
@adam_englander
My Definition of Cryptography
Cryptography	obscures	data	in	such	a	way	
that	it	is	difficult	and	costly	to	...
@adam_englander
How do you make it difficult?
@adam_englander
–Oxford Dictionary
Entropy:
Lack of order or predictability; gradual
decline into disorder.”
@adam_englander
The greater the entropy; the
greater the difficulty.
@adam_englander
@adam_englander
Achieving Maximum Entropy
• Use Cryptographically Secure Pseudo-Random Number
Generators (CSPRNG).
• Salts...
@adam_englander
Local vs Global Entropy
Local entropy is
entropy with a
singular pice of data
within a larger
system.
Glob...
@adam_englander
How Random Is Random?
• It turns out it can be quite random as long as you
use the correct tools.
• Since ...
@adam_englander
How do you make it expensive?
@adam_englander
Algorithms that are difficult to
crack with brute force
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
What Contributes to Cost?
Secrets
Computation
Entropy
@adam_englander
Computational Cost
• Complexity of algorithm increases cost.
• Key length increases cost.
• Some algorithm...
@adam_englander
Cryptography is based on
ciphers
@adam_englander
@adam_englander
@adam_englander
Encryption Signatures
Key Derivation Hashing
@adam_englander
Encryption
@adam_englander
Asymmetric Encryption
• Based on very large
prime numbers
• Computationally
expensive
• Padding for entrop...
@adam_englander
Asymmetric Key Cryptography
• RSA and DSA are available in PHP. Use RSA.
• Uses very large prime integers
...
@adam_englander
Super Duper Secret
• Private key can do encrypt, decrypt, sign, and
verify signature
• Public key does not...
@adam_englander
Key Size and Hash Algorithm
• Current minimum recommend key size is 2048
• SHA1 is considered safe but SHA...
@adam_englander
Data Limitations
• RSA can only encrypt or sign data up to the
length of the key size
• Signatures use has...
@adam_englander
Padding
• Padding is how RSA creates additional
entropy
• Use Optimal Asymmetric Encryption Padding
(OAEP)...
@adam_englander
Symmetric Encryption
• Uses small shared key
• Has modes for
encrypting data larger
than the key
• Fast en...
Block Cipher Modes
DO NOT USE Electronic Cookbook (ECB)!!!
@adam_englander
@adam_englander
Block	cipher	modes	determine	how	the	
blocks	of	clear	text	are	translated	into	
cipher	text.
What are Bloc...
@adam_englander
Cipher Block Chaining (CBC)
• Entire message is required for decryption
• Full cipher text block is used a...
@adam_englander
Cipher Block Chaining (CBC)
@adam_englander
Galois Counter Mode (GCM)
• Counter based cipher stream
• Entire message is required for decryption
• Encr...
@adam_englander
Galois Counter Mode (GCM)
@adam_englander
Hashing
@adam_englander
Hashes by themselves aren’t very useful!
@adam_englander
Signatures
@adam_englander
Digital Signature
• Used to verify integrity of data
• Used mostly for data transfer
• Can be used for ver...
@adam_englander
Digital Signatures (HMAC)
• Hash-based Message Authentication Code
(HMAC)
• Hashing combined with key
• SH...
@adam_englander
Key Derivation
@adam_englander
Key Derivation
• Uses salt for entropy
• Iterates to increase cost
• Can create cost via threads and memor...
@adam_englander
Which KDF Should I Use?
• argon2i is the new hotness
• scrypt is preferred
• bcrypt is acceptable
• PBKDF2...
@adam_englander
How Can I Use KDFs?
• PHP has the best package for managing that
PERIOD! Use the password extension. Just
...
@adam_englander
And now…an example
@adam_englander
@adam_englander
@adam_englander
@adam_englander
Hi Bob, I’m Alice.
Can you hear me?
Bob Alice
Client starts
TCP session by
sending a
synchronized
packet t...
@adam_englander
Bob Alice
Yes Alice, I can
hear you. Can you
hear me?
Server responds by
sending SYNchronize-
ACKnowledgem...
@adam_englander
Yes Bob, I can hear
you.
Bob Alice
Client completes
TCP session the
initialization by
sending
ACKnowledge
...
@adam_englander
This is
conversation
12345. I know
German and
Spanish.
Bob Alice
Client informs the
server the session
req...
@adam_englander
Bob Alice
Let’s use German.
Here’s my ID.
Server chooses
the cipher
settings and
sends
Certificate.
@adam_englander
Bob Alice
The
signature on his
ID matches. He’s
Bob.
Client verifies
the server’s
certificate by
verifying t...
@adam_englander
Ich denke an
eine Farbe, die Sie
mit gelb zu
machen.
Bob Alice
Client and
server begin a
conversation
that...
@adam_englander
The rest of the conversation would
be in German. But, we’ll show it in
English.
@adam_englander
 I have a color
that makes orange
with yellow with
yellow.
Bob Alice
Session symmetric key
negotiation beg...
@adam_englander
Bob Alice
I have a color
than makes green
with yellow.
The server generates its
own secret random
value an...
@adam_englander
Bob Alice
Our shared color
is purple.
Both determine a
new shared
value based on
combining the
two secret
...
@adam_englander
ログイン ページを
教えてください
Bob Alice
Client sends HTTP
request the server
for the login page
using symmetric
encryp...
@adam_englander
Bob Alice
ここで、ログイン
ページです
Server sends an HTTP
response with the
login page HTML
using symmetric
encryption...
@adam_englander
@adam_englander
Recommendations
@adam_englander
Disclaimers
• Although every app is different, commonalities
exist across most applications
• I am only re...
@adam_englander
Types
• Use RSA asymmetric key cryptography when
transferring data
• Mix with AES and random keys/IVs per ...
@adam_englander
Strength
• Use the strongest cryptography you can afford
• AES: aes-256-cbc / sha256 minimum
• RSA: 2048+ ...
@adam_englander
Packages/Libraries
• Use OpenSSL for encryption and digital signatures
• For extreme compatibility, use ph...
@adam_englander
MCrypt
DO NOT USE THIS!
IT IS DEPRECATED!
IF YOU ARE USING THIS. PLAN YOUR
MIGRATION AWAY NOW!
@adam_englander
Password Hashing
• password_hash to hash
• password_verify to check password against the
hashed value
• pa...
@adam_englander
Hash
• hash_hmac for hashing - sha256 for algorithm
@adam_englander
OpenSSL
• AES-CBC or AES-GCM
• RSA for asymmetric encryption
• PBKDF2 for key derivation - not so great
@adam_englander
libsodium
• AES-GCM or ChaCha20-Poly1305 for symmetric
encryption including auth tag
• XSalsa20-Poly1305 f...
@adam_englander
Resources
• https://secure.php.net/manual/en/book.openssl.php
• https://secure.php.net/manual/en/book.cspr...
Upcoming SlideShare
Loading in …5
×

ZendCon 2017 - Cryptography for Beginners

Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.

  • Login to see the comments

ZendCon 2017 - Cryptography for Beginners

  1. 1. @adam_englander Cryptography for Beginners Adam Englander Software Architect, iovation
  2. 2. @adam_englander I am a Virtual Crime Fighter
  3. 3. @adam_englander I am a lover of PHP
  4. 4. @adam_englander I Am Not… • … a security researcher • … a cryptographer • … a mathematician
  5. 5. @adam_englander What To Expect • Gain a working understanding of common terms used in cryptography. • Understand the key drivers for choosing cryptography methodologies, algorithms and strengths. • Know which PHP modules to use.
  6. 6. @adam_englander What Not to Expect • Deep dive into algorithms • A lot of comparison between algorithms and implementations • Become a cryptography expert
  7. 7. @adam_englander What Is Cryptography? Cryptography…is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Wikipedia
  8. 8. @adam_englander My Definition of Cryptography Cryptography obscures data in such a way that it is difficult and costly to duplicate or reverse.
  9. 9. @adam_englander How do you make it difficult?
  10. 10. @adam_englander –Oxford Dictionary Entropy: Lack of order or predictability; gradual decline into disorder.”
  11. 11. @adam_englander The greater the entropy; the greater the difficulty.
  12. 12. @adam_englander
  13. 13. @adam_englander Achieving Maximum Entropy • Use Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). • Salts add global randomness to hashing. • Feedback loops add local randomness to block ciphers. • Initialization Vectors add global randomness to block ciphers. • Some ciphers introduce randomness with padding.
  14. 14. @adam_englander Local vs Global Entropy Local entropy is entropy with a singular pice of data within a larger system. Global entropy is entropy of the same or similar data across the entirety of a larger system.
  15. 15. @adam_englander How Random Is Random? • It turns out it can be quite random as long as you use the correct tools. • Since PHP7, CSPRNG extension provides platform independent cryptographically secure pseudo- random data. • Until you move to PHP7, paragonie/random_compat package will give you the same functionality.
  16. 16. @adam_englander How do you make it expensive?
  17. 17. @adam_englander Algorithms that are difficult to crack with brute force
  18. 18. @adam_englander
  19. 19. @adam_englander
  20. 20. @adam_englander
  21. 21. @adam_englander
  22. 22. @adam_englander What Contributes to Cost? Secrets Computation Entropy
  23. 23. @adam_englander Computational Cost • Complexity of algorithm increases cost. • Key length increases cost. • Some algorithms specifically target memory and thread utilization to increase cost. • Feedback loops increase cost.
  24. 24. @adam_englander Cryptography is based on ciphers
  25. 25. @adam_englander
  26. 26. @adam_englander
  27. 27. @adam_englander Encryption Signatures Key Derivation Hashing
  28. 28. @adam_englander Encryption
  29. 29. @adam_englander Asymmetric Encryption • Based on very large prime numbers • Computationally expensive • Padding for entropy • Cannot encrypt data larger the the key
  30. 30. @adam_englander Asymmetric Key Cryptography • RSA and DSA are available in PHP. Use RSA. • Uses very large prime integers • Very computationally expensive • Uses key pairs to protect secret
  31. 31. @adam_englander Super Duper Secret • Private key can do encrypt, decrypt, sign, and verify signature • Public key does not have enough data to decrypt or sign. Can only encrypt and verify signature
  32. 32. @adam_englander Key Size and Hash Algorithm • Current minimum recommend key size is 2048 • SHA1 is considered safe but SHA-256 is better
  33. 33. @adam_englander Data Limitations • RSA can only encrypt or sign data up to the length of the key size • Signatures use hashing • Crypto often mixed with symmetric key cryptography
  34. 34. @adam_englander Padding • Padding is how RSA creates additional entropy • Use Optimal Asymmetric Encryption Padding (OAEP) • Do not use PKCS1-V1_5 as it is no longer considered cryptographically secure
  35. 35. @adam_englander Symmetric Encryption • Uses small shared key • Has modes for encrypting data larger than the key • Fast encryption • Uses initialization vector and key for entropy
  36. 36. Block Cipher Modes DO NOT USE Electronic Cookbook (ECB)!!!
  37. 37. @adam_englander
  38. 38. @adam_englander Block cipher modes determine how the blocks of clear text are translated into cipher text. What are Block Cipher Modes?
  39. 39. @adam_englander Cipher Block Chaining (CBC) • Entire message is required for decryption • Full cipher text block is used as the seed for the next block
  40. 40. @adam_englander Cipher Block Chaining (CBC)
  41. 41. @adam_englander Galois Counter Mode (GCM) • Counter based cipher stream • Entire message is required for decryption • Encrypts plain text and generates an authentication code similar to an HMAC simultaneously that is returned with the IV in the cipher text
  42. 42. @adam_englander Galois Counter Mode (GCM)
  43. 43. @adam_englander Hashing
  44. 44. @adam_englander Hashes by themselves aren’t very useful!
  45. 45. @adam_englander Signatures
  46. 46. @adam_englander Digital Signature • Used to verify integrity of data • Used mostly for data transfer • Can be used for verifying data at rest • Can not be reversed but can be reproduced for verification
  47. 47. @adam_englander Digital Signatures (HMAC) • Hash-based Message Authentication Code (HMAC) • Hashing combined with key • SHA-256 or better is preferred to ensure uniqueness
  48. 48. @adam_englander Key Derivation
  49. 49. @adam_englander Key Derivation • Uses salt for entropy • Iterates to increase cost • Can create cost via threads and memory • Bigger is better!
  50. 50. @adam_englander Which KDF Should I Use? • argon2i is the new hotness • scrypt is preferred • bcrypt is acceptable • PBKDF2 can be used in a pinch
  51. 51. @adam_englander How Can I Use KDFs? • PHP has the best package for managing that PERIOD! Use the password extension. Just use it! • For *cough* pre-5.5.0, you can use ircmaxell/ password-compat • Provides tools for hash upgrades. AWESOME!
  52. 52. @adam_englander And now…an example
  53. 53. @adam_englander
  54. 54. @adam_englander
  55. 55. @adam_englander
  56. 56. @adam_englander Hi Bob, I’m Alice. Can you hear me? Bob Alice Client starts TCP session by sending a synchronized packet to the server
  57. 57. @adam_englander Bob Alice Yes Alice, I can hear you. Can you hear me? Server responds by sending SYNchronize- ACKnowledgement packet to the client
  58. 58. @adam_englander Yes Bob, I can hear you. Bob Alice Client completes TCP session the initialization by sending ACKnowledge packet to the server
  59. 59. @adam_englander This is conversation 12345. I know German and Spanish. Bob Alice Client informs the server the session requires TLS and sends the TLS version number, cipher settings, public key, and session-specific data.
  60. 60. @adam_englander Bob Alice Let’s use German. Here’s my ID. Server chooses the cipher settings and sends Certificate.
  61. 61. @adam_englander Bob Alice The signature on his ID matches. He’s Bob. Client verifies the server’s certificate by verifying the signature against the known certificate authority.
  62. 62. @adam_englander Ich denke an eine Farbe, die Sie mit gelb zu machen. Bob Alice Client and server begin a conversation that is now encrypted using asymmetric encryption.
  63. 63. @adam_englander The rest of the conversation would be in German. But, we’ll show it in English.
  64. 64. @adam_englander  I have a color that makes orange with yellow with yellow. Bob Alice Session symmetric key negotiation begins with client generating a secret random value and sending a shared value and a value derived from the two. Alice’s secret is red, the shared value is yellow, and the derived value is orange.
  65. 65. @adam_englander Bob Alice I have a color than makes green with yellow. The server generates its own secret random value and sends a value derived from it and the shared value. Bobs secret is blue, the shared value is yellow, and the derived value is green.
  66. 66. @adam_englander Bob Alice Our shared color is purple. Both determine a new shared value based on combining the two secret values. Alice’s secret is red. Bob’s secret is blue. Their combined secrets are purple.
  67. 67. @adam_englander ログイン ページを 教えてください Bob Alice Client sends HTTP request the server for the login page using symmetric encryption with the newly negotiated key.
  68. 68. @adam_englander Bob Alice ここで、ログイン ページです Server sends an HTTP response with the login page HTML using symmetric encryption with the newly negotiated key to the client.
  69. 69. @adam_englander
  70. 70. @adam_englander Recommendations
  71. 71. @adam_englander Disclaimers • Although every app is different, commonalities exist across most applications • I am only recommending what I know and have vetted directly or indirectly via my work experience • If you think you are different, ask yourself if the advantages outweigh the risks
  72. 72. @adam_englander Types • Use RSA asymmetric key cryptography when transferring data • Mix with AES and random keys/IVs per transfer • Use CSPRNG extension/package for keys, salts and initialization vectors • Use password extension/package for passwords
  73. 73. @adam_englander Strength • Use the strongest cryptography you can afford • AES: aes-256-cbc / sha256 minimum • RSA: 2048+ PKCS1_OAEP / RSA-SHA256 • Hash until it hurts!
  74. 74. @adam_englander Packages/Libraries • Use OpenSSL for encryption and digital signatures • For extreme compatibility, use phpseclib/phpseclib • Use CSPRNG extension/package for keys, salts and initialization vectors • Use password extension/package for passwords
  75. 75. @adam_englander MCrypt DO NOT USE THIS! IT IS DEPRECATED! IF YOU ARE USING THIS. PLAN YOUR MIGRATION AWAY NOW!
  76. 76. @adam_englander Password Hashing • password_hash to hash • password_verify to check password against the hashed value • password_needs_rehash to ssh if the hash needs updated
  77. 77. @adam_englander Hash • hash_hmac for hashing - sha256 for algorithm
  78. 78. @adam_englander OpenSSL • AES-CBC or AES-GCM • RSA for asymmetric encryption • PBKDF2 for key derivation - not so great
  79. 79. @adam_englander libsodium • AES-GCM or ChaCha20-Poly1305 for symmetric encryption including auth tag • XSalsa20-Poly1305 for asymmetric encryption • Ed25519 for asymmetric digital signatures • Blake2b for hashing • Argon2 and Scrypt KDFs for password hashing
  80. 80. @adam_englander Resources • https://secure.php.net/manual/en/book.openssl.php • https://secure.php.net/manual/en/book.csprng.php • https://secure.php.net/manual/en/ book.password.php • https://packagist.org/packages/phpseclib/phpseclib • https://en.wikipedia.org/wiki/Cryptography

×