SlideShare a Scribd company logo

Practical Crypto Attacks Against Web Applications

Security BSides London
Security BSides London

The document discusses weaknesses in web application security related to encryption and random number generation. It describes how Electronic Code Book (ECB) mode and padding-based attacks can compromise confidentiality. It also explains how the use of deterministic random number generators and lack of integrity checks on encrypted data can enable side-channel attacks like the padding oracle attack. The document emphasizes the importance of using cryptographically secure random number generators and combining encryption with signatures to protect both confidentiality and integrity.

Technology
1 of 46
Against Web Applications Justin Clarke
!  IANAC !  Usage != security !  Pentesting? 2
!  Confidentiality – Prevent the disclosure of information to unauthorized individuals or systems !  Integrity – Ensure that data cannot be modified undetectably !  Authenticity - Validate that a party is who they claim they are 3
!  Symmetric Crypto Attacks !  ECB Mode Usage !  Padding-Based Attacks !  Secure Random Number Generation 4
!  Most block ciphers support multiple modes of operation !  The most common modes are : !  ECB – Electronic Code Book !  CBC – Cipher Block Chaining !  CFB - Cipher Feedback !  OFB - Output Feedback !  None provide integrity if used in isolation 5
6
!  Reason #1 ECB CONFIDENTIALITY 7
!  Reason #2 UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 8
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 9
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 10
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 11
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 12
ECB Mode Attack
14
CBC CONFIDENTIALITY 15
!  Original Ciphertext BLOCK 1 BLOCK 2 BLOCK 3 16
!  Block Swapping will result in data corruption BLOCK 1 BLOCK 3 BLOCK 2 17
!  “Padding Oracle” Attack !  Leverages byte flipping of ciphertext to generate invalid padding exceptions !  Data can be decrypted (and encrypted too) without knowledge of the secret key 18
19
!  Assuming this scheme, then there are only 8 possible valid padding sequences: !  0x01 !  0x02, 0x02 !  0x03, 0x03, 0x03, !  0x04, 0x04, 0x04, 0x04 !  0x05, 0x05, 0x05, 0x05, 0x05, !  0x06, 0x06, 0x06, 0x06, 0x06, 0x06 !  0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07 !  0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 20
21
!  Is the key the correct size? !  Invalid Key Exception !  Is the value (bytes) an even block multiple? !  Invalid Length Exception !  Is the decrypted block properly padded? !  Invalid Padding Exception CRITICAL !  Return the value 22
23
Call this “Byte X” Call this “Byte Y” Basic Premise: •  A change of Byte X (ciphertext) will change Byte Y (plaintext) •  There is a one-to-one correlation between Byte X values and Byte Y values •  Exception is thrown if plain-text does not end with a valid padding sequence 24
Byte X == 0x00 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 25
Byte X == 0x01 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 26
Byte X == 0x02 Byte Y == ??? Exception? YES •  Byte Y IS valid padding (must be 0x01) 27
!  What does that tell us? !  The altered byte value produced valid padding when XOR’ed with the intermediate value IF A ^ B = C THEN A ^ C = B AND C ^ B = A 28
!  What does that tell us? !  If the padding byte was 0x01: !  Our Byte (0x02) ^ Intermediate Byte (??) == 0x01 !  Intermediate Byte == Our Byte (0x02) ^ 0x01 !  The plain-text value is the intermediate value XOR’ed with the prior ciphertext byte 29
Padding Oracle Attack
!  As we’ve seen, encrypted data (while kept private) is still susceptible to tampering Message Encryption !  We need to ensure PRIVACY and INTEGRITY 31
!  Encrypt + Sign the Ciphertext Message SIGNATURE Encryption !  HMAC: Combines a cryptographic hash function with a secret key !  Cannot be re-computed without the key !  Verifies the integrity and authenticity of a message 32
!  Why not HMAC within the ciphertext? !  Does not prevent against side channel attacks during decryption !  Padding Oracle Attack in .NET Framework !  Discovered September 2010 !  Viewstate and Forms Authentication Cookies were affected even though an HMAC was included within the ciphertext !  Tampering was only be detected after decryption 33
!  When do you need a random number? !  Password Generator, Encryption Keys, Session Identifiers, etc… !  How random is “random”? Pseudo Random Number Generator vs. Cryptographically Secure Random Number Generator 34
!  Two common attacks against RNG’s !  Non-random Seed Values !  Formula used to produce random numbers 35
!  What do you think this code will produce? // Generate First Series byte[] bytes1 = new byte[100]; Random rnd1 = new Random(); rnd1.NextBytes(bytes1); Console.WriteLine("First Series:"); for (int ctr = bytes1.GetLowerBound(0); ctr <= bytes1.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes1[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } // Generate Second Series byte[] bytes2 = new byte[100]; Random rnd2 = new Random(); rnd2.NextBytes(bytes2); Console.WriteLine("Second Series:"); for (int ctr = bytes2.GetLowerBound(0); ctr <= bytes2.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes2[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } 36
!  Output from the previous code First Series: 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 Both series Second Series: are identical 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 37
!  If you don’t seed the random number generator, it will automatically be seeded !  With what? “By default, the parameterless constructor of the Random class uses the system clock to generate its seed value” http://msdn.microsoft.com/en-us/library/system.random.aspx 38
!  What if this code was in ResetPassword.aspx? StringBuilder password = new StringBuilder(); // Define all upper and lower chars with special chars char[] lCase = new char[] { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h, 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x, 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_' }; int lCaseIndex = 0; Random rand = new Random(); // Randomly select 12 characters from the values above for (int cnt = 0; cnt < 12; cnt++) { lCaseIndex = rand.Next(0, lCase.Length - 1); password.Append(lCase[lCaseIndex]); } string newPassword = password.ToString(); 39
!  Seed Race Condition Attack (Seed Racing) !  Based on a research experiment conducted in 2008 !  67,000 HTTP requests to a server with a random password generator similar to the one shown !  Results: 208 unique passwords !  322 duplicated in one or more accounts 40
!  Is Java.Random any better? !  Uses a Linear Congruential Formula for generating random data (LCG) One Dimensional LCG Plot 41
42
!"#$%&'(()*& +$,-(.&%(& ./01& 43
44
!2#((3*4&5& 6(7$&6(8& 9:/001& 45
!  Crypto is hard to get right !  Lots of ways to make mistakes !  When in doubt, ask an expert 46

Recommended

Securing data
Securing dataSecuring data
Securing dataDaniel Le
 
Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Anas Rock
 
End of Moore's Law?
End of Moore's Law? End of Moore's Law?
End of Moore's Law? Jeffrey Funk
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Ccent notes part 3
Ccent notes part 3Ccent notes part 3
Ccent notes part 3shreelaxmi4545
 
BERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackBERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackAlex Matrosov
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
notes.pdf
notes.pdfnotes.pdf
notes.pdftest643768
 

Recommended

Securing data
Securing dataSecuring data
Securing dataDaniel Le
 
Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Anas Rock
 
End of Moore's Law?
End of Moore's Law? End of Moore's Law?
End of Moore's Law? Jeffrey Funk
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Ccent notes part 3
Ccent notes part 3Ccent notes part 3
Ccent notes part 3shreelaxmi4545
 
BERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackBERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackAlex Matrosov
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
notes.pdf
notes.pdfnotes.pdf
notes.pdftest643768
 
Bitcoin Internals
Bitcoin InternalsBitcoin Internals
Bitcoin InternalsJames Turner
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfSayusAli
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Qais Ammari
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Cloudera, Inc.
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Julien Le Dem
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfAdithyaAR5
 
Blockchain101
Blockchain101Blockchain101
Blockchain101Chang-Wu Chen
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdfKrishnaKumar2309
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014Stefano Frontori
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applicationsSasin SEC
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)HYUNJEONG KIM
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)SoumyaBhattacharyya14
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineeringslicklash
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easyManjit Singh
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02Dmitry Vostokov
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfShifat Ahmed
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...CODE BLUE
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbookJorge Arroyo
 
Security YMCA
Security YMCASecurity YMCA
Security YMCASecurity BSides London
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must dieSecurity BSides London
 

More Related Content

Similar to Practical Crypto Attacks Against Web Applications

IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfSayusAli
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Qais Ammari
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Cloudera, Inc.
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Julien Le Dem
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfAdithyaAR5
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdfKrishnaKumar2309
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014Stefano Frontori
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applicationsSasin SEC
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)HYUNJEONG KIM
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)SoumyaBhattacharyya14
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineeringslicklash
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easyManjit Singh
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfShifat Ahmed
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...CODE BLUE
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbookJorge Arroyo
 

Similar to Practical Crypto Attacks Against Web Applications (20)

Bitcoin Internals
Bitcoin InternalsBitcoin Internals
Bitcoin Internals
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdf
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
 
Blockchain101
Blockchain101Blockchain101
Blockchain101
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applications
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineering
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdf
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbook
 

More from Security BSides London

Your money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialYour money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialSecurity BSides London
 
You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...Security BSides London
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programsSecurity BSides London
 

More from Security BSides London (12)

Security YMCA
Security YMCASecurity YMCA
Security YMCA
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
Your money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialYour money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorial
 
You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information Security
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
Breaking, Entering and Pentesting
Breaking, Entering and Pentesting Breaking, Entering and Pentesting
Breaking, Entering and Pentesting
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programs
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Cloud computing due diligence WTF?
Cloud computing due diligence WTF?Cloud computing due diligence WTF?
Cloud computing due diligence WTF?
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Practical Crypto Attacks Against Web Applications

  • 1. Against Web Applications Justin Clarke
  • 2. !  IANAC !  Usage != security !  Pentesting? 2
  • 3. !  Confidentiality – Prevent the disclosure of information to unauthorized individuals or systems !  Integrity – Ensure that data cannot be modified undetectably !  Authenticity - Validate that a party is who they claim they are 3
  • 4. !  Symmetric Crypto Attacks !  ECB Mode Usage !  Padding-Based Attacks !  Secure Random Number Generation 4
  • 5. !  Most block ciphers support multiple modes of operation !  The most common modes are : !  ECB – Electronic Code Book !  CBC – Cipher Block Chaining !  CFB - Cipher Feedback !  OFB - Output Feedback !  None provide integrity if used in isolation 5
  • 6. 6
  • 7. !  Reason #1 ECB CONFIDENTIALITY 7
  • 8. !  Reason #2 UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 8
  • 9. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 9
  • 10. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 10
  • 11. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 11
  • 12. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 12
  • 14. 14
  • 15. CBC CONFIDENTIALITY 15
  • 16. !  Original Ciphertext BLOCK 1 BLOCK 2 BLOCK 3 16
  • 17. !  Block Swapping will result in data corruption BLOCK 1 BLOCK 3 BLOCK 2 17
  • 18. !  “Padding Oracle” Attack !  Leverages byte flipping of ciphertext to generate invalid padding exceptions !  Data can be decrypted (and encrypted too) without knowledge of the secret key 18
  • 19. 19
  • 20. !  Assuming this scheme, then there are only 8 possible valid padding sequences: !  0x01 !  0x02, 0x02 !  0x03, 0x03, 0x03, !  0x04, 0x04, 0x04, 0x04 !  0x05, 0x05, 0x05, 0x05, 0x05, !  0x06, 0x06, 0x06, 0x06, 0x06, 0x06 !  0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07 !  0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 20
  • 21. 21
  • 22. !  Is the key the correct size? !  Invalid Key Exception !  Is the value (bytes) an even block multiple? !  Invalid Length Exception !  Is the decrypted block properly padded? !  Invalid Padding Exception CRITICAL !  Return the value 22
  • 23. 23
  • 24. Call this “Byte X” Call this “Byte Y” Basic Premise: •  A change of Byte X (ciphertext) will change Byte Y (plaintext) •  There is a one-to-one correlation between Byte X values and Byte Y values •  Exception is thrown if plain-text does not end with a valid padding sequence 24
  • 25. Byte X == 0x00 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 25
  • 26. Byte X == 0x01 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 26
  • 27. Byte X == 0x02 Byte Y == ??? Exception? YES •  Byte Y IS valid padding (must be 0x01) 27
  • 28. !  What does that tell us? !  The altered byte value produced valid padding when XOR’ed with the intermediate value IF A ^ B = C THEN A ^ C = B AND C ^ B = A 28
  • 29. !  What does that tell us? !  If the padding byte was 0x01: !  Our Byte (0x02) ^ Intermediate Byte (??) == 0x01 !  Intermediate Byte == Our Byte (0x02) ^ 0x01 !  The plain-text value is the intermediate value XOR’ed with the prior ciphertext byte 29
  • 31. !  As we’ve seen, encrypted data (while kept private) is still susceptible to tampering Message Encryption !  We need to ensure PRIVACY and INTEGRITY 31
  • 32. !  Encrypt + Sign the Ciphertext Message SIGNATURE Encryption !  HMAC: Combines a cryptographic hash function with a secret key !  Cannot be re-computed without the key !  Verifies the integrity and authenticity of a message 32
  • 33. !  Why not HMAC within the ciphertext? !  Does not prevent against side channel attacks during decryption !  Padding Oracle Attack in .NET Framework !  Discovered September 2010 !  Viewstate and Forms Authentication Cookies were affected even though an HMAC was included within the ciphertext !  Tampering was only be detected after decryption 33
  • 34. !  When do you need a random number? !  Password Generator, Encryption Keys, Session Identifiers, etc… !  How random is “random”? Pseudo Random Number Generator vs. Cryptographically Secure Random Number Generator 34
  • 35. !  Two common attacks against RNG’s !  Non-random Seed Values !  Formula used to produce random numbers 35
  • 36. !  What do you think this code will produce? // Generate First Series byte[] bytes1 = new byte[100]; Random rnd1 = new Random(); rnd1.NextBytes(bytes1); Console.WriteLine("First Series:"); for (int ctr = bytes1.GetLowerBound(0); ctr <= bytes1.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes1[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } // Generate Second Series byte[] bytes2 = new byte[100]; Random rnd2 = new Random(); rnd2.NextBytes(bytes2); Console.WriteLine("Second Series:"); for (int ctr = bytes2.GetLowerBound(0); ctr <= bytes2.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes2[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } 36
  • 37. !  Output from the previous code First Series: 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 Both series Second Series: are identical 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 37
  • 38. !  If you don’t seed the random number generator, it will automatically be seeded !  With what? “By default, the parameterless constructor of the Random class uses the system clock to generate its seed value” http://msdn.microsoft.com/en-us/library/system.random.aspx 38
  • 39. !  What if this code was in ResetPassword.aspx? StringBuilder password = new StringBuilder(); // Define all upper and lower chars with special chars char[] lCase = new char[] { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h, 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x, 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_' }; int lCaseIndex = 0; Random rand = new Random(); // Randomly select 12 characters from the values above for (int cnt = 0; cnt < 12; cnt++) { lCaseIndex = rand.Next(0, lCase.Length - 1); password.Append(lCase[lCaseIndex]); } string newPassword = password.ToString(); 39
  • 40. !  Seed Race Condition Attack (Seed Racing) !  Based on a research experiment conducted in 2008 !  67,000 HTTP requests to a server with a random password generator similar to the one shown !  Results: 208 unique passwords !  322 duplicated in one or more accounts 40
  • 41. !  Is Java.Random any better? !  Uses a Linear Congruential Formula for generating random data (LCG) One Dimensional LCG Plot 41
  • 42. 42
  • 43. !"#$%&'(()*& +$,-(.&%(& ./01& 43
  • 44. 44
  • 45. !2#((3*4&5& 6(7$&6(8& 9:/001& 45
  • 46. !  Crypto is hard to get right !  Lots of ways to make mistakes !  When in doubt, ask an expert 46