Random!The Foundation of Cryptography● Classified Under Three Types: ○ Weak ■ For non-cryptographic usages ○ Strong ■ For cryptographic usages where security does not depend on the strength of randomness ○ Cryptographically Secure ■ For cryptographic usage when security does depend on the strength of randomness
Vulnerabilities of Randomness● Bias ○ Certain values tend to occur more often making it easier to predict future numbers● Predictability ○ Knowing past numbers helps predict future numbers● Poisoning ○ Ability to alter future random number generation
Weak Random in PHPNot to be used for cryptographic usages!!!● rand()● mt_rand()● uniqid()● lcg_value()
Strong Random in PHP● mcrypt_create_iv() ○ MCRYPT_DEV_URANDOM● openssl_random_pseudo_bytes()● /dev/urandom ○ For *nix systems only
Cryptographically Secure● mcrypt_create_iv() ○ MCRYPT_DEV_RANDOM● openssl_random_pseudo_bytes() ○ Maybe● /dev/random ○ For *nix systems only
Terms● Key ○ Secure string of data● Plain-Text ○ The text you want to keep secret● Cipher-Text ○ The encrypted output
Two Basic Types● Symmetric Encryption ○ Like a Pad-Lock with a shared key ○ The only secret is the key ○ Both sides must have the same key● Asymmetric Encryption ○ Like a pair of Pad-Locks ■ The "lock" is the public key ○ The only secret is the private key ○ Both sides have their own key
Secret Numbers● We just invented the Caesar Cipher ○ Commonly known as "ROT13"● But There Are Problems: ○ Vulnerable To Statistical Attacks ○ Vulnerable To Brute Forcing ■ Only 100 possible secret numbers!
How It WorksWe can generate the pads in two ways● Randomly ○ If we only use once, perfect security ■ Known as a one-time-pad ○ If we use multiple times, same as caesar cipher● With A Function ○ Give one or two inputs ■ A key, and an "input" ○ Generates a "stream" of pseudo random numbers
Ciphers● Take 2 inputs ○ A secret key ○ An "input"● Produces Pseudo-Random Output ○ Looks random (statistically) ○ Is deterministic ■ Reproducible given same inputs
Modes● Multiple ways to use the keystream● Each way is known as a "Mode"● Some are secure ○ Others are not
ECBElectronic Code Book● Uses plain-text as "input"● Uses output as cipher-text● VERY BROKEN!!!
CBCCipher Block Chaining● Uses an "Initialization Vector" ○ Helps "randomize" the plain-text ○ Ensures no non-unique blocks ○ Does NOT need to be secret● Chains each block together ○ Propagating the generated "randomness"● Plain-Text Must Be Padded ○ To a multiple of block-size● Secure!
Ciphers● AES 128 & 256 ○ Standard ■ NIST Approved ○ Also Known As RIJNDAEL-128 ■ 128 here refers to "block size" ○ Very Strong ○ Note, the number after AES is *key size*● Blowfish● TwoFish● Serpent
AuthenticationHow do you know it wasnt tamperedwith / came from your friend?● HMAC ○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC ○ Always MAC after encryption
Please Dont Do It!● Notice How Much Code It Took ○ Without error checking● Notice How Complex It Is ○ Without flexibility● Notice How Easy To Screw Up ○ Without Key Storage● Notice How Many Decisions To Make
Encryption Resources● Zend Framework Encryption ○ Very good and complete lib ○ ZF2 ■ ZendCryptBlockCipher● PHP Sec Lib ○ phpseclib.sourceforge.net ○ Pure PHP● Not Many Others ○ Beware of online tutorials!!!
Password Hashes● Use A Salt ○ Defeats Rainbow Tables ○ Makes Each Hash a "Proof Of Work" ○ Should be random! ■ Strong Randomness● Should Be SLOW! ○ Salt is not enough ○ Salted SHA256: 11 BILLION per second ○ bcrypt: 3200 per second
Good Algorithmscrypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
Cost Parameter● Target: 0.25 - 0.5 Seconds ○ As slow as you can afford● Depends on hardware ○ Test it!● Good Defaults: ○ BCrypt: 10 ○ PBKDF2: 10,000
New API for 5.5● string password_hash($pass, $algo, array $options = array() ) ○ Generates Salt, hashes password● bool password_verify($pass, $hash) ○ Verifies Hash with Password● bool password_needs_rehash($hash, $algo, array $options = array()) ○ Determines if the hash is the same as specified by algo and options● array password_get_info($hash) ○ Returns information about the hash