Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Crypto storage

1,149 views

Published on

You don't need to (and probably shouldn't) write your own cryptographic storage implementation. Using the public-domain aescrypt library means you don't have to...but how does it work? In this presentation I examine the aescrypt file format and explain what it does and why.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Crypto storage

  1. 1. Cryptographic storagefor people in a hurry Graham Lee Smartphone security boffin, Fuzzy Aliens Ltd. fuzzyaliens.com
  2. 2. Cryptographic storagefor people in a hurry Graham Lee Smartphone security boffin, Fuzzy Aliens Ltd.
  3. 3. From App to Crap
  4. 4. From App to Crap
  5. 5. Nut[the problem]shell
  6. 6. Nut[the problem]shell• Want to store data
  7. 7. Nut[the problem]shell• Want to store data• But it must be secret
  8. 8. Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen
  9. 9. Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen
  10. 10. Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen• It must be tamper-proof
  11. 11. Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen• It must be tamper-proof• …to some extent
  12. 12. Solution: aescrypt
  13. 13. Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org
  14. 14. Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it
  15. 15. Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it• Mac, iOS, more
  16. 16. Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it• Mac, iOS, more• Let’s start at byte 0 :-)
  17. 17. ‘AES0020’• Magic number• Tells you the version of the crypto format
  18. 18. Meet a Data
  19. 19. Metadata
  20. 20. Metadata• Arbitrary ‘extensions’ section
  21. 21. Metadata• Arbitrary ‘extensions’ section• Creator ID, creation date…
  22. 22. Metadata• Arbitrary ‘extensions’ section• Creator ID, creation date…• …as long as that stuff isn’t a secret
  23. 23. What’s our vector, Victor? // We will use an initialization vector comprised of thecurrent time // process ID, and random data, all hashed togetherwith SHA-256. source: wikipedia
  24. 24. You can’t come in here unless you say “Swordfish” // Hash the IV and password 8192 times memset(digest, 0, 32); memcpy(digest, IV, 16); for(i=0; i<8192; i++) { sha256_starts( &sha_ctx); sha256_update( &sha_ctx, digest, 32); sha256_update( &sha_ctx, (unsigned char*)passwd, (unsigned long)passlen); sha256_finish( &sha_ctx, digest); }
  25. 25. Cutty say e cant HANG!
  26. 26. Cutty say e cant HANG! • The key we just derived is not used to encrypt the plaintext file • Instead, it’s used to encrypt a key, which is itself used to encrypt the file. • …why?
  27. 27. Irony: Eminem tribute actsinging “the real slim shady”…16 Octets - Initialization Vector (IV) used for encrypting the IV and symmetric key that is actually used to encrypt the bulk of the plaintext file.48 Octets - Encrypted IV and 256-bit AES key used to encrypt the bulk of the file 16 octets - initialization vector 32 octets - encryption key32 Octets - HMACnn Octets - Encrypted message (2^64 octets max) 1 Octet - File size modulo 16 in least significant bit positions32 Octets - HMAC…
  28. 28. Filler material…16 Octets - Initialization Vector (IV) used for encrypting the IV and symmetric key that is actually used to encrypt the bulk of the plaintext file.48 Octets - Encrypted IV and 256-bit AES key used to encrypt the bulk of the file 16 octets - initialization vector 32 octets - encryption key32 Octets - HMACnn Octets - Encrypted message (2^64 octets max) 1 Octet - File size modulo 16 in least significant bit positions32 Octets - HMAC…
  29. 29. To the Question Pit! @iamleeg
  30. 30. To the Question Pit! @iamleeg fuzzyaliens.com

×