2. Encryption Core Concepts
Do NOT attempt to create your
own encryption algorithms.
Encryption Choices
Hash Encryption One Way or Reversible?
(e.g., SHA-256 vs. AES)
Stream Cipher Block Cipher Bits vs. Blocks
(e.g., RC4 vs. AES)
Symmetric Asymmetric Shared vs. Public & Private Keys
(e.g., AES vs. RSA)
Stream Cipher
ECB CBC CTR … Which Mode to Use?ECB CTR
3. Encryption Words to Live By
If storing passwords – hash with a salt value
If you’re using authentication – encrypt data in transit
Properly seed random number generators
4. Encryption Words to Live By: #1
The problem
– The software uses a one-way cryptographic hash against an input
that should not be reversible, such as a password, but the software
does not also use a salt as part of the input.
If storing passwords – hash with a salt value
5. Real World Example – Hash Compromise
Remember the Anonymous attack discussed earlier?
6. Secure Coding …
Multiple rounds of hashing (>1000)
Use the latest available hashing algorithms (SHA-2)
How to create salt?
– Create small random value
– The salt should be different for each user
– Can use a hash of the userid in some use cases
Where to store salt?
– In the database with the userid/password
– Often pre-pended to the password in storage
Preferred method
– Pbkdf: https://en.wikipedia.org/wiki/PBKDF2
7. Encryption Words to Live By: #2
The problem
– Login pages not using adequate measures to protect the user name
and password while they are in transit from the client to the server.
– SSL (Secure Socket Layer) provides data confidentiality and
integrity to HTTP. By encrypting HTTP messages, SSL protects
from attackers eavesdropping or altering message contents.
If you’re using authentication – encrypt in transmission
9. Real World Example - POODLE
CBC encryption in SSL 3.0
– SSL has been around
for 18 years
Block cipher padding is
not deterministic
– not covered by the MAC
Man in the Middle
– control request
– padding fills an entire block
– reveals one byte at a time
Encryption is HARD!
POODLE = Padding Oracle On Downgraded Legacy Encryption
10. Encryption Words to Live By: #3
The problem
– The software may use insufficiently random numbers or values in a
security context that depends on unpredictable numbers.
– When software generates predictable values in a context requiring
unpredictability, it may be possible for an attacker to guess the next
value that will be generated, and use this guess to impersonate
another user or access sensitive information.
Properly seed random number generators
11. Use of Random Numbers
Symmetric keys and initialization vectors for block ciphers
Session IDs
Gambling games
– lotteries
– slot machines
Statistical sampling
Seed for a Pseudo Random Number Generator
12. Real World Example - Chip and Pin
Many ATMs and point-of-sale
terminals use a predictable
random number
Attack:
– attacker predicts “unpredictable
number” (UN)
– customer uses a controlled terminal
– "extra" transaction is performed
using the UN and a future date
– chip on credit card produces an
Authorization Request Cryptogram
(ARQC) based on UN
– when time is right, attacker uses
fake card with pre-recorded ARQC
at ATM to withdraw cash
13. Secure Coding …
Pitfalls
– Use of predictable random number generators
C: rand()
Java: java.util.Random()
– Forgetting to seed the random number generator -or- Using the
same seed every time
will generate identical sequences of numbers
Java.Security.SecureRandom
– (typically) uses the SHA1PRNG generator
– seeds itself using /dev/urandom
collects random data from disk reads, mouse movement, keystrokes, etc.
– be careful overriding the PRNG or seed, make sure you know what
you are doing