Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Why You Need
Cryptography
Junade Ali (@IcyApril)
What You Need To
Know About
Cryptography
Junade Ali (@IcyApril)
Back to Basics
This is a login form.
How do you store a
password in a database?
You hash it of course!
• Hashes are one-way cryptographic functions.
Maps any data to a fixed length string.
• The hash sh...
But how…?
• Use a key derivation function like PBKDF2 or
BCrypt.
• That way the crypto is handled for you,
preventing home...
PHP Password
Functions
• PHP 5.5.0 made things easy:
• password_hash - to hash passwords
• password_verify - Check a passw...
Homebrew Crypto is Bad
• You’re probably not a cryptographer.
• Real key derivation functions are peer reviewed
by mathema...
-Kerckhoffs's principle
“A cryptosystem should be secure even if
everything about the system, except the key, is
public kn...
-Shannon's maxim
"one ought to design systems under the
assumption that the enemy will immediately gain
full familiarity w...
-in layman’s terms
A strong cryptosystem is strong regardless of
whether the algorithm is known to the attacker.
Why We Salt
• Let’s hash a password without a salt:
• echo sha1(“p4$$w0rd”);
• 6c067b3288c1b5c791afa04e12fb013ed2e84d10
Rainbow Tables
Rainbow Tables are precomputed hashes.
Table from sha1.wisetock.com.
Dictionary Attack
• Rainbow Tables help you do Dictionary Attacks
quicker.
• You simply check if an unsalted hash appears ...
The Caveat…
• If a user’s password is not in any publicly known
database of pre-computed hashes, it is secure
from Rainbow...
Therefore…
• We hash our passwords.
• We salt our hashes.
• We use a unique salt for each password we
hash.
• This is easi...
Hashes have other uses
• Hashes aren’t great for just for key derivation.
• One other use is in file integrity validation,...
A Ideal Hash Algorithm
• A hash must be easy to compute.
• It must be impractical to turn the hash back into
the original ...
Collision Resistance
• Where h() is a hash function, a collision is where
h(A) = h(B), but A ≠ B.
• Where two different in...
Pigeonhole Principle
• Given a hash is a fixed length string there are
only a finite number of variations.
• On the other ...
The Birthday Problem
• The chance of 2 people having the same
birthday reaches 100% when you have 366
people according to ...
The Birthday Problem
The probability of two people with the same birthday.
The Birthday Attack
• The Birthday Problem can be used to find hash
collisions where amount of possible hashes
(pigeonhole...
Yuval’s Birthday Attack
• Let n be the bit-length of a hash output.
• With 2n/2 different permutations of the original
mes...
TLS (very basic overview)
• Server has a CipherSuite ordering.
• Client submits a list of supported ciphers and server cho...
Best Practice with TLS
• Disabling SSL protocols (and only enabling TLS),
note POODLE on SSLv3.
• HSTS (Strict Transport S...
Symmetric Encryption
• Caesar Cipher. Simple offsets, easy to brute
force.
• DES. Proceeded AES, insecure in a lot of
appl...
Plausible Deniability
• Stenography is the practice is hiding one file within another.
• The Rubberhose File System was wr...
Asymmetric Encryption
• Diffie-Hellman Key Exchange. Malcolm J.
Williamson at GCHQ had already conceived this a
year earli...
Trapdoor Functions
• Asymmetric encryption uses Trapdoor Functions.
• Easy to compute one way, hard the other way.
• For e...
RSA Revision
• Select two prime numbers p & q.
• n = pq. This is the modulus.
• φ = (p-1)(q-1). This is the totient.
• Cal...
RSA Revision
• Basic encrypt: me mod n
• Basic decrypt: cd mod n
• Fermat’s Little Theorem underlies this.
• In real life ...
The Problem
• RSA and Diffie-Hellman rely on the Discrete
Logarithm Problem being difficult to solve.
• RSA relies less he...
–Alex Stamos, CTO of Artemis in 2013
“Our conclusion is there is a small but definite
chance that RSA and classic Diffie-H...
Concluding with ECC
ECC provides the only viable and reasonable alternative
to RSA and Diffie-Hellman so far.
ECC
• Consists of points satisfying the equation: y2=x3+ax+b
• Faster (over 20 times!) than RSA.
• Already has a Digital S...
https://ju.je/cryptointro
• A (Relatively Easy To Understand) Primer on
Elliptic Curve Cryptography (Nick Sullivan):
https...
Upcoming SlideShare
Loading in …5
×

Why You Need Cryptography - Junade Ali at PHP Warwickshire

1,022 views

Published on

This is an introduction to cryptography talk I did at PHP Warwickshire. It was largely focussed at a PHP developer audience, hence the large focus on one-way cryptography.

For more info see: https://northernoptic.com/2015/10/29/why-you-need-cryptography-junade-ali-at-php-warwickshire

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Why You Need Cryptography - Junade Ali at PHP Warwickshire

  1. 1. Why You Need Cryptography Junade Ali (@IcyApril)
  2. 2. What You Need To Know About Cryptography Junade Ali (@IcyApril)
  3. 3. Back to Basics
  4. 4. This is a login form.
  5. 5. How do you store a password in a database?
  6. 6. You hash it of course! • Hashes are one-way cryptographic functions. Maps any data to a fixed length string. • The hash should be non-invertible, it is infeasible to turn the hash back into the input. • On a good algorithm, the Avalanche Effect means if you alter the input slightly, the output is completely different. This makes it harder to guess the input.
  7. 7. But how…? • Use a key derivation function like PBKDF2 or BCrypt. • That way the crypto is handled for you, preventing homebrew insecure crypto. • Some would argue BCrypt is better than PBKDF2 because it can’t be GPU accelerated.
  8. 8. PHP Password Functions • PHP 5.5.0 made things easy: • password_hash - to hash passwords • password_verify - Check a password matches the hash • password_needs_rehash - check if a hash matches the algorithm supplied
  9. 9. Homebrew Crypto is Bad • You’re probably not a cryptographer. • Real key derivation functions are peer reviewed by mathematicians, cryptographers, computer scientists; professional and amateur alike. • Complicated code doesn’t provide better security. Byte shuffling adds no security, neither does base64 encoding.
  10. 10. -Kerckhoffs's principle “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
  11. 11. -Shannon's maxim "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them"
  12. 12. -in layman’s terms A strong cryptosystem is strong regardless of whether the algorithm is known to the attacker.
  13. 13. Why We Salt • Let’s hash a password without a salt: • echo sha1(“p4$$w0rd”); • 6c067b3288c1b5c791afa04e12fb013ed2e84d10
  14. 14. Rainbow Tables Rainbow Tables are precomputed hashes. Table from sha1.wisetock.com.
  15. 15. Dictionary Attack • Rainbow Tables help you do Dictionary Attacks quicker. • You simply check if an unsalted hash appears in a pre-computed database of hashes. • If the hash is the same for every hash in the algorithm you can simply pre-compute a database of hashes using known passwords with that salt.
  16. 16. The Caveat… • If a user’s password is not in any publicly known database of pre-computed hashes, it is secure from Rainbow Tables. • Hence one reason why you should use strong unique passwords.
  17. 17. Therefore… • We hash our passwords. • We salt our hashes. • We use a unique salt for each password we hash. • This is easily handled by the password_hash function in PHP.
  18. 18. Hashes have other uses • Hashes aren’t great for just for key derivation. • One other use is in file integrity validation, this is particularly useful in SSL/TLS certificates.
  19. 19. A Ideal Hash Algorithm • A hash must be easy to compute. • It must be impractical to turn the hash back into the original input (non-invertible). • The hash does not have two inputs which lead to the same (collision resistance).
  20. 20. Collision Resistance • Where h() is a hash function, a collision is where h(A) = h(B), but A ≠ B. • Where two different inputs produce the same hash. • They are inevitable given the pigeonhole principle.
  21. 21. Pigeonhole Principle • Given a hash is a fixed length string there are only a finite number of variations. • On the other hand the input can be infinitely long. • Therefore there must be more than one input which has the same hash output. • I.e. A collision is inevitable.
  22. 22. The Birthday Problem • The chance of 2 people having the same birthday reaches 100% when you have 366 people according to the Pigeonhole Principle. • However the probability reaches 99% with just 57 people.
  23. 23. The Birthday Problem The probability of two people with the same birthday.
  24. 24. The Birthday Attack • The Birthday Problem can be used to find hash collisions where amount of possible hashes (pigeonholes) are limited. • Yuval’s Birthday Attack highlights this.
  25. 25. Yuval’s Birthday Attack • Let n be the bit-length of a hash output. • With 2n/2 different permutations of the original message compared to 2n/2 different permutations of a forged message; you should expect to find a collision.
  26. 26. TLS (very basic overview) • Server has a CipherSuite ordering. • Client submits a list of supported ciphers and server chooses the highest shared cipher (note SSLHonorCipherOrder in Apache or ssl_prefer_server_ciphers in Nginx). • Certificate Chain, root certificates sign intermediaries which eventually sign a site. Server sends this certificate. • Key exchange protocol to share keys for symmetric encryption (quicker than asymmetric). • Integrity check using Message Authentication Code.
  27. 27. Best Practice with TLS • Disabling SSL protocols (and only enabling TLS), note POODLE on SSLv3. • HSTS (Strict Transport Security), enforced TLS with cached time period. Mitigates SSLStrip by Moxie Marlinspike. • Forward Secrecy setting ciphers that support it to be preferred. • Qualys SSLLabs tests are a good idea.
  28. 28. Symmetric Encryption • Caesar Cipher. Simple offsets, easy to brute force. • DES. Proceeded AES, insecure in a lot of applications. • Rijndael (AES), TwoFish, Serpent.
  29. 29. Plausible Deniability • Stenography is the practice is hiding one file within another. • The Rubberhose File System was written by Julian Assange, Suelette Dreyfus, and Ralf Weinmann. • Available in VeraCrypt, the successor to TrueCrypt. • Uses the random padding data surrounding an encrypted volume to create alternative encrypted volumes. • Can be cascaded. • Initially designed for third world dictatorships, but found a use in the UK due to RIPA.
  30. 30. Asymmetric Encryption • Diffie-Hellman Key Exchange. Malcolm J. Williamson at GCHQ had already conceived this a year earlier. • RSA. Named after Ron Rivest, Adi Shamir, and Leonard Adleman but was discovered by Clifford Cocks and James H. Ellis at GCHQ 3 years earlier. • ECC (Elliptic Curve Cryptography). Entered wide use in 2004/2005.
  31. 31. Trapdoor Functions • Asymmetric encryption uses Trapdoor Functions. • Easy to compute one way, hard the other way. • For example it is easy to multiply 2 prime numbers together, harder to find the prime factors.
  32. 32. RSA Revision • Select two prime numbers p & q. • n = pq. This is the modulus. • φ = (p-1)(q-1). This is the totient. • Calculate integer e where 1 < e < φ and the greatest common divisor of e and φ is 1. • Calculate integer d where 1 < d < φ and the congruency relation ed ≡ 1(mod φ) is satisfied. • Public key is n & e whereas the the private key is n & d.
  33. 33. RSA Revision • Basic encrypt: me mod n • Basic decrypt: cd mod n • Fermat’s Little Theorem underlies this. • In real life padding is used. • Note: Mod is the modulo operator (% or the fmod function in PHP).
  34. 34. The Problem • RSA and Diffie-Hellman rely on the Discrete Logarithm Problem being difficult to solve. • RSA relies less heavily on the Discrete Log Problem than Diffie-Hellman does. • If a discrete logarithm can be computed easily, these forms of cryptography face an issue.
  35. 35. –Alex Stamos, CTO of Artemis in 2013 “Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years”
  36. 36. Concluding with ECC ECC provides the only viable and reasonable alternative to RSA and Diffie-Hellman so far.
  37. 37. ECC • Consists of points satisfying the equation: y2=x3+ax+b • Faster (over 20 times!) than RSA. • Already has a Digital Signature alternative to RSA called ECDSA. • But ECDSA does require a good source of entropy, a decent source of (pseudo)random numbers is required. • No mathematical proof of security. Question of whether one-way functions truly exist is open.
  38. 38. https://ju.je/cryptointro • A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography (Nick Sullivan): https://blog.cloudflare.com/a-relatively-easy-to- understand-primer-on-elliptic-curve- cryptography/ • Guide to Elliptic Curve Cryptography: http://math.boisestate.edu/~liljanab/MATH508/Gu ideEllipticCurveCryptography.PDF

×