Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome 2018

1. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate WHY I'VE TO WASTE MY TIME ON CRYPTOGRAPHY? Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't

2. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate We have to Encrypt all!

3. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate

4. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate 2007 – Chosen-prefix MD5 collision attack (Flame 2012) 2011 – BEAST CBC attack 2013 – CRIME compression attack 2013 – Lucky Thirteen padding/timing attack 2013 – Chrome TLS truncation bug 2014 – iOS gotofail signature-verification bug 2014 – TLS Triple Handshake 2014 – Heartbleed buffer overread (OpenSSL) 2014 – POODLE padding-oracle attack 2015 – FREAK RSA-export factorization attack 2015 – Logjam discrete-log attack (DH) 2016 – DROWN attack TLS using SSLv2 2016 – Sweet32 birthday attacks on 64-bit block ciphers 2017 – SHAttered (Google) 2017 – KRACK WPA2 attack forcing nonce reuse

5. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate SSL_RSA_WITH_RC4_128_MD5

7. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate . . . The U.S. Department of State will grant export permission to any program that uses the RC2 or RC4 data-encryption algorithm with a key size of less than 40 bits http://simson.net/ref/NeXT/nextworld/NextWorld_Extra/92.09.Sept.NWE/92.09.Sept.NWExtra11.html

8. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate “Widespread dissemination could compromise the long-term effectiveness of the system . . . [RC4] has become the de facto coding standard for many popular software programs including Microsoft Windows, Apple’s Macintosh operating system and Lotus Notes. . . . ‘I have been told it was part of this deal that RC4 be kept confidential,’ Jim Bidzos, president of RSA, said.”

13. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate “Applications which pre-process the encryption key and IV by using hashing and/or which discard the first 256 bytes of pseudo-random output should be considered secure from the proposed attacks. . . . The ‘heart’ of RC4 is its exceptionally simple and extremely Efficient pseudo-random generator. . . . RC4 is likely to remain the algorithm of choice for many applications and embedded systems.”

17. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate “Up to 75% of SSL-enabled web sites are vulnerable [to BEAST] . . . OpenSSL v0.9.8w is the current version in broad use and it only supports TLS v1.0. . . . the interim fix is to prefer the RC4-128 cipher for TLS v1.0 and SSL v3 RC4-128 is faster and cheaper in processor time . . . Approximately 15% of SSL/TLS negotiations on the Akamai platform use RC4. . . Most browsers can support the RC4 fix for BEAST”

19. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate 2015.09: Google, Microsoft, Mozilla announce agreement to turn off RC4 in subsequent browser updates…

22. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate CHACHA20 DES AES 3DES RC4 IDEA Blowfish Twofish Serpent Camellia Kuznyechk Kasumi Cast Rabbit Scream Kalyna Lizard TEA Safer Mars A5/1

28. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate C’i-1 ?=  0x01Ci-1 Dk(Ci)  Ci-1 Pi= Dk(Ci)  ?  0x01Ci-1 ?  0x01Pi Dk(Ci)  C’i-1 =

38. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate “Designed before the turn-of-the-century, AES or Advanced Encryption Standard, is older than most of the cars on the road today, however, it forms the basis of our global data security protection. And its failing.”

39. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate 

40. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate https://en.wikipedia.org/wiki/TOP500 https://www.embedded.com/design/embedded-internet-design/4372428/How-secure-is-AES-against-brute-force-attacks-

41. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate Key Size Time to Crack DES (56 bit) 774 seconds (13 minutes) AES (128 bit) 1,16 x 1017 years AES (256 bit) 3,95 x 1055 years

43. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate × × × × https://pthree.org/2016/06/19/the-physics-of-brute-force/ × ×

44. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate × × × ×  × ×  × × 

46. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate Message or data block M (variable length) Fixed length hash value > Deterministic: the same message always results in the same hash > Efficient: quick for any message > Infeasible to reverse except by trying all possible messages > Avalanche effect: small changes extensively change the hash value > Infeasible to find two messages with the same hash value

53. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate y2 = x3 + ax + b

59. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate Appendix A. Equivalent Curves (Informative) All of the NIST curves [11] and several of the ANSI curves [7] are equivalent to curves listed in Section 5.1.1. ------------------------------------------ Curve names chosen by different standards organizations ------------+---------------+------------- SECG | ANSI X9.62 | NIST ------------+---------------+------------- sect163k1 | | NIST K-163 sect163r1 | | sect163r2 | | NIST B-163 ... sect233k1 | | NIST K-233 sect233r1 | | NIST B-233 sect239k1 | | sect283k1 | | NIST K-283 sect283r1 | | NIST B-283 sect409k1 | | NIST K-409 sect409r1 | | NIST B-409 sect571k1 | | NIST K-571 sect571r1 | | NIST B-571 ... secp192r1 | prime192v1 | NIST P-192 secp224k1 | | secp224r1 | | NIST P-224 secp256k1 | | secp256r1 | prime256v1 | NIST P-256 secp384r1 | | NIST P-384 secp521r1 | | NIST P-521 ------------+---------------+------------- https://safecurves.cr.yp.to/

65. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate https://keylength.com https://keylength.com

67. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate Peter Shor showed that factoring a number into its primitives is efficient on a quantum computer… “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer” https://arxiv.org/abs/quant-ph/9508027

68. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate "So come to PQCrypto and figure these things out before somebody builds a quantum computer.“ https://pqcrypto.org/ (2017) Imagine that it's fifteen years from now. Somebody announces that he's built a large quantum computer. RSA is dead. Elliptic curves, hyperelliptic curves, class groups, whatever, dead, dead, dead. So users are going to run around screaming and say 'Oh my God, what do we do?

69. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate https://events.ccc.de/congress/2010/Fahrplan/attachments/ 1780_27c3_console_hacking_2010.pdf

70. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 13-14.04.2018 www.codemotionworld.com Andrea Pompili andrea.pompili@cy4gate.com – Cy4gate Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ب‬ِ‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian

Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome 2018

Recommended

Recommended

More Related Content

Similar to Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome 2018

Similar to Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome 2018 (20)

More from Codemotion

More from Codemotion (20)

Recently uploaded

Recently uploaded (20)

Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome 2018