Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

3,305 views

Published on

Talk given to @phpbelfast PHP User Group - Feb 2014 by @faffyman

No Downloads

Total views

3,305

On SlideShare

0

From Embeds

0

Number of Embeds

1,138

Shares

0

Downloads

40

Comments

0

Likes

1

No embeds

No notes for slide

- 1. Introduction to Encryption 6th Feb 2014
- 2. Who am I? PHP Developer @faffyman @phpbelfast
- 3. What’s this talk about? Mostly the Why and the What And just a little bit of the How
- 4. What this talk is not about Probability Theory behind encryption encryption model definitions
- 5. Why Encrypt? Secure communications - TLS Email - SSL web Payment Gateways -Credit Cards -Bitcoins Filesystems -DVD -Memory Cards Cable TV Signals Online Voting DRM WEP Skype Calls
- 6. What is Encryption? Είναι όλα ελληνικά για μένα It’s all Greek to me
- 7. *Encryption is… “An algorithm that can encode a message such that it is only readable by authorized persons” *Generally speaking.
- 8. *Encryption is… a Cipher.. “A pair of algorithms such that the output ciphertext of the encoding algorithm can be efficiently transformed back to the original text by the decoding algorithm” *not always true
- 9. Examples of Encryption through history
- 10. The Caesar Cipher Also known as the shift cipher Or substitution cipher
- 11. Shift 3 chars left Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD Plaintext: the quick brown fox jumps over the lazy dog
- 12. The Vigener Cipher 16th Century Rome Is a Modulo shift cipher
- 13. Create a repeating key the same length as the message Plain : PHP BELFAST ENCRYTION TALK Key : BLI NKSTUDI OSBLINKST UDIO Cipher: RTY PPEZVWC TEEDHHTHH OEUZ P = 16 + B=2 = 18 = R H = 8 + L=12 = 20 = T L = 12 + S=19 = 31 % 26 = 5 = E
- 14. Playfair Mr Kennedy Famous WWII message involving JFK PHBEL FASTC DGIKM NOQRU VWXYZ http://j.mp/pFAIR IN TR OD UC TI ON TO EN CR YP TI ON DQ KY NG ZM SK QO AR PR TU VE SK QO
- 15. The One Time Pad 1917, Vernam Symantically secure, practically useless Very fast encode / decode Stream Cipher
- 16. The One Time Pad Uses A Random Key of equal length to the message AJDPWNCGS82NCPS03NCBS72HGTWX1EZMBLHPY04YDVS2D
- 17. Rotor Machines Lorenz Cipher (a.k.a. Tunny) Enigma “Nothing to report”
- 18. Encryption is just XOR? There is a lot if it - yes M: 0 1 1 0 1 1 1 Ke: 1 0 1 1 0 0 1 C: 1 1 0 1 1 1 0 Kd: 1 0 1 1 0 0 1 M: 0 1 1 0 1 1 1
- 19. Symmetric Ciphers D ( K, E(k, m) ) = M Decryption of Encrypted Message = Original Message
- 20. Symmetric Ciphers 2 Identical Inputs = 2 different outputs
- 21. Making It Practical Stream Ciphers And Block Ciphers In danger of getting complex now…
- 22. Pseudo Randomness Pseudo Random Key PRF – Pseudo Rand Function PRG – Pseudo Rand Generator PRP – Pseudo Rand Permutation
- 23. Pseudo Random Keys Short Input => Long Output
- 24. Data Encryption Standard DES 1970 – 1976 - IBMs Lucifer cipher approved as Fed. Standard 1997 - DES is broken by exhaustive search Internet search – took 3 months 1998 – Deep Crack does it in 3 days (cost $250K) 1999 – combined search 22 hours 2000 – New Fed Standard adopted. Rijndael or AES
- 25. Feistel Network Common Block Cipher Construction DES is a 16 round Fiestel construction http://j.mp/feistDES
- 26. Advanced Encryption Standard AES Uses block cipher – But NOT a Fiestel Construction 1997: DES Broken NIST requests proposal for new std 1999: 5 shortlisted options 2000: Rijndael chosen to be new AES
- 27. AES
- 28. Side Channel Attacks • • • • j.mp/1c9v9Vi Timing Attacks Power Attacks Sound Attacks Replay Attacks
- 29. ECB Electronic Code Book Encrypted with ECB j.mp/1kONKMk Encrypted in other modes show pseudo randomness
- 30. CBC Chain Block Cipher j.mp/1kONKMk
- 31. CTR Counter Mode
- 32. MICs and MACs Message Integrity or Authentication Code Basically - Hash Functions MD5 - weak SHA-1 - weak SHA-256 - better Anti-Tamper codes
- 33. Authenticated Encryption Encrypt then MAC - always provides A.E. MAC then Encrypt is open to CCA attacks - it’s ok IF you use rand-CBC or rand-CTR mode - still open to padding attacks
- 34. Key Exchange
- 35. Public/Private Keys Public key used to encrypt Private key used to decrypt Uses large primes (600+ digits) and modulus of the powers of factors of that prime
- 36. Public/Private Keys ALICE Generate array of public & private keys Alice decrypts with Secret key To obtain Bobs random number BOB Bob chooses one public key Chooses a random secret {0,1}128 encrypts it using Public Key They now have a shared secret or key (Bobs number) with which to encrypt future messages
- 37. PHP – password storage • • • • • • • Raw / Plaintext – do people really do this? Roll your own encryption mechanism MySQL Encrypt() MD5() – no collision too common SHA and store salt bcrypt – No salt storage required phpass – no salt storage required j.mp/1nPFttR
- 38. Golden Rule: Libraries, libraries, libraries Always use a tried & tested library *NEVER* Roll your own
- 39. PHP – MAC hash_hmac() hash_hmac ($algo, $data, $key [$raw_output = false]) hash_hmac(’sha256’,’phpbelfast rocks', ’MySecret'); php.net/hash_hmac
- 40. PHP crypt() j.mp/1nPFttR
- 41. PHP – openssl library openssl_get_cipher_methods() openssl_cipher_iv_length() openssl_encrypt() openssl_decrypt() j.mp/1dp8OTq
- 42. PHPass – for php v 5.4- j.mp/phpass
- 43. PHP password_hash() v5.5+ password_hash( $password, $algo [, $options] ) password_verify( $password, $hash ) php.net/password_hash j.mp/1err98n
- 44. Credits Cover image -Enigma Machine by Skittledog http://flic.kr/p/9VjJz5 Creative Commons http://creativecommons.org/licenses/by-nc-sa/2.0/ Fiestel Network Diagram Dan Boneh, Stanford Unversity (Coursera – Cryptography I course) Link Bundle j.mp/1iq3xA5
- 45. Final Thought “Only amateurs attack machines, professionals attack humans” - Bruce Schneier

No public clipboards found for this slide

×
### Save the most important slides with Clipping

Clipping is a handy way to collect and organize the most important slides from a presentation. You can keep your great finds in clipboards organized around topics.

Be the first to comment