Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Encryption: It's For More Than Just Passwords

This is the version of the talk I gave for Nomad PHP on Jan 22, 2015. It's an improved version from my earlier ones.

  • Be the first to comment

  • Be the first to like this

Encryption: It's For More Than Just Passwords

  1. 1. ENCRYPTION It's For More Than Just Password
  2. 2. JOHN CONGDON
  3. 3. JOHN CONGDON • PHP Since 2003
  4. 4. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer
  5. 5. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer • Developer for Networx Online
  6. 6. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer • Developer for Networx Online • PhoneBurner.com
  7. 7. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer • Developer for Networx Online • PhoneBurner.com • MeetingBurner.com
  8. 8. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer • Developer for Networx Online • PhoneBurner.com • MeetingBurner.com • FaxBurner.com
  9. 9. JOHN CONGDON • PHP Since 2003 • SDPHP Organizer • Developer for Networx Online • PhoneBurner.com • MeetingBurner.com • FaxBurner.com • I am not a cryptographer
  10. 10. TODAY'S TOPICS Hashing & Encryption
  11. 11. The Evolution Of Password Maintenance
  12. 12. CLEAR TEXT $username = $_POST['username'];
 $password = $_POST['password'];
 
 $user = getUserByUsername($username);
 
 $authenticated = false;
 if ($user->password == $password) {
 $authenticated = true;
 } *example only: not meant to be used
  13. 13. MAJOR VULNERABILITY • Server compromise give complete username and password list • SQL-Injection does too
  14. 14. HASHING
  15. 15. CRYPTOGRAPHIC HASHING
  16. 16. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest.
  17. 17. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASH
  18. 18. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASHMessage
  19. 19. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASH DigestMessage
  20. 20. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASH DigestMessage
  21. 21. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASH DigestMessage 1abcb33beeb811dca15f0ac3e47b88d9unicorn
  22. 22. CRYPTOGRAPHIC HASHING Wikipedia Definition:A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply the digest. HASH DigestMessage 1abcb33beeb811dca15f0ac3e47b88d9unicorn
  23. 23. MD5 EXAMPLE $username = $_POST['username'];
 $password = $_POST['password'];
 
 $user = getUserByUsername($username);
 
 $authenticated = false;
 if ($user->password == md5($password)) {
 $authenticated = true;
 } *example only: not meant to be used
  24. 24. MD5 EXAMPLE $username = $_POST['username'];
 $password = $_POST['password'];
 
 $user = getUserByUsername($username);
 
 $authenticated = false;
 if ($user->password == md5($password)) {
 $authenticated = true;
 } *example only: not meant to be used
  25. 25. AVAILABLE ALGORITHMS <?php print_r(hash_algos()); Array ( [0] => md2 [1] => md4 [2] => md5 [3] => sha1 [4] => sha224 [5] => sha256 [6] => sha384 [7] => sha512 [8] => ripemd128 [9] => ripemd160 [10] => ripemd256 [11] => ripemd320 [12] => whirlpool [13] => tiger128,3 [14] => tiger160,3 [15] => tiger192,3 [16] => tiger128,4 [17] => tiger160,4 [18] => tiger192,4 [19] => snefru [20] => snefru256 [21] => gost [22] => gost-crypto [23] => adler32 [24] => crc32 [25] => crc32b [26] => fnv132 [27] => fnv1a32 [28] => fnv164 [29] => fnv1a64 [30] => joaat [31] => haval128,3 [32] => haval160,3 [33] => haval192,3 [34] => haval224,3 [35] => haval256,3 [36] => haval128,4 [37] => haval160,4 [38] => haval192,4 [39] => haval224,4 [40] => haval256,4 [41] => haval128,5 [42] => haval160,5 [43] => haval192,5 [44] => haval224,5 [45] => haval256,5 )
  26. 26. VULNERABILITIES • SQL-Injection gives you hashed passwords
  27. 27. ADDING SALT
  28. 28. ADDING SALT In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase.[1]The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks.
  29. 29. ADDING SALT In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase.[1]The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks. $hash = md5('RAND_SALT' . $password);
  30. 30. ADDING SALT In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase.[1]The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks. $hash = md5('RAND_SALT' . $password); RAND_SALT must come from a cryptographically secure source. Do not use (rand, mt_rand, uniqid) Do use (/dev/urandom, mcrypt, openssl)
  31. 31. $username = $_POST['username'];
 $password = $_POST['password'];
 
 $user = getUserByUsername($username);
 
 $authenticated = false;
 if ($user->password == md5($user->salt . $password)) {
 $authenticated = true;
 } *example only: not meant to be used MD5+SALT EXAMPLE
  32. 32. function generateUserPassword ($salt_string, $password)
 {
 $str1 = substr($salt_string, 0, 8);
 $str2 = substr($salt_string, 8);
 return md5($str1 . $password . $str2);
 }
  33. 33. function hashPassword($password)
 {
 return sha1(
 $this->Salt1 . $password . $this->Salt2
 );
 }
  34. 34. USE TODAY'S STANDARDS Currently: BCrypt • Slower by design • Configurable to help withstand the test of time • Should be configured to take 0.25 to 0.50 seconds • Start with a cost of 10, use higher if possible https://github.com/johncongdon/bcrypt-cost-finder
  35. 35. PHP 5.5 Password Hashing API http://www.php.net/manual/en/ref.password.php
  36. 36. PHP 5.5 Password Hashing API
  37. 37. PHP 5.5 Password Hashing API
  38. 38. PHP 5.5 Password Hashing API $authenticated = false;
 if ($user->password == md5($password)) {
 $authenticated = true;
 }
  39. 39. PHP 5.5 Password Hashing API function authenticate($user, $password) {
 $authenticated = false;
 if ($user->password == md5($password)) {
 $authenticated = true;
 }
 return $authenticated
 }
  40. 40. PHP 5.5 Password Hashing API function authenticate($user, $password) {
 $authenticated = false;
 $hash = $user->password;
 if (password_verify($password, $hash)) {
 $authenticated = true;
 }
 if ($user->password == md5($password)) {
 $authenticated = true;
 }
 return $authenticated
 }
  41. 41. PHP 5.5 Password Hashing API $username = $_POST['username'];
 $password = $_POST['password'];
 
 $user = getUserByUsername($username);
 if (authenticate($user, $password)) {
 if (password_needs_rehash
 ($user->password, PASSWORD_DEFAULT))
 {
 $user->password = 
 password_hash($password, PASSWORD_DEFAULT);
 $user->save();
 }
 }
  42. 42. I Lied: Available in PHP >= 5.3.7 https://github.com/ircmaxell/password_compat A forward compatible password API implementation that will work until you are ready to upgrade to 5.5. This will work for all versions of PHP that has the $2y fix. Upgrading to 5.5 will not break your current code if you use this library.
  43. 43. Want More? Get Statistics Here http://blog.ircmaxell.com/2013/01/password-storage-talk-at-php-benelux-13.html
  44. 44. Passwords Are Easy We don't need to know it, except for user login
  45. 45. ENCRYPTION
  46. 46. AVOID ENCRYPTION AT ALL COSTS!
  47. 47. AVOID ENCRYPTION AT ALL COSTS! Clarification: Avoid storing any data that you need to encrypt.
  48. 48. AVOID ENCRYPTION AT ALL COSTS! Clarification: Avoid storing any data that you need to encrypt. Before deciding to collect and store this information, ask yourself why you need it.
  49. 49. AVOID ENCRYPTION AT ALL COSTS! Clarification: Avoid storing any data that you need to encrypt. Before deciding to collect and store this information, ask yourself why you need it. Is the risk of potentially leaking this information worth the reward?
  50. 50. AVOID ENCRYPTION AT ALL COSTS! Clarification: Avoid storing any data that you need to encrypt. Before deciding to collect and store this information, ask yourself why you need it. Is the risk of potentially leaking this information worth the reward? Are there any alternative solutions available to you?
  51. 51. AVOID ENCRYPTION AT ALL COSTS! Clarification: Avoid storing any data that you need to encrypt. Before deciding to collect and store this information, ask yourself why you need it. Is the risk of potentially leaking this information worth the reward? Are there any alternative solutions available to you? Example: Credit card companies usually offer a token solution
  52. 52. SYMMETRIC VS ASYMMETRIC
  53. 53. SYMMETRIC VS ASYMMETRIC Symmetric Only one shared key Same key encrypts and decrypts Easiest to understand
  54. 54. SYMMETRIC VS ASYMMETRIC Symmetric Only one shared key Same key encrypts and decrypts Easiest to understand Asymmetric Two keys (Public and Private) Encryption/Decryption Public key encrypts Private key decrypts Signing/Verifying Private key signs Public key verifies
  55. 55. SYMMETRIC ENCRYPTION a.k.a. Shared-Key Encryption
  56. 56. KEYS, CIPHERS, MODES, AND IV OH MY!
  57. 57. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret)
  58. 58. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers
  59. 59. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish)
  60. 60. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes
  61. 61. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them)
  62. 62. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them) Avoid ECB (Electronic Code Book)
  63. 63. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them) Avoid ECB (Electronic Code Book) Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)
  64. 64. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them) Avoid ECB (Electronic Code Book) Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack) Initialization Vectors
  65. 65. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them) Avoid ECB (Electronic Code Book) Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack) Initialization Vectors Similar to SALT in hashing (It's not a secret)
  66. 66. KEYS, CIPHERS, MODES, AND IV OH MY! Keys should be easy enough (Keep it secret) Ciphers Deterministic algorithm (Ex: 3DES, Blowfish, TwoFish) Modes Determines how the key stream is used (never cross them) Avoid ECB (Electronic Code Book) Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack) Initialization Vectors Similar to SALT in hashing (It's not a secret) Must be random per encrypted text
  67. 67. EXAMPLE: ENCRYPT USING CRYPT $crypt_key = 'MySecretKey';
 $message = "Do not tell my boss, but I did xyz";
 $iv_size = mcrypt_get_iv_size(
 MCRYPT_BLOWFISH,
 MCRYPT_MODE_CBC
 ); $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
 $cipher = mcrypt_encrypt(
 MCRYPT_BLOWFISH,
 $crypt_key,
 $message,
 MCRYPT_MODE_CBC,
 $iv
 );
  68. 68. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE
  69. 69. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with.
  70. 70. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with. When encrypting:
  71. 71. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with. When encrypting: Always encrypt first, and then get the signature of the Cipher Text.
  72. 72. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with. When encrypting: Always encrypt first, and then get the signature of the Cipher Text. Store the signature with your IV and Cipher Text.
  73. 73. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with. When encrypting: Always encrypt first, and then get the signature of the Cipher Text. Store the signature with your IV and Cipher Text. When Decrypting:
  74. 74. HMAC: HASH-BASED MESSAGE AUTHENTICATION CODE Using a separate key, this will give us a signature of the encryption. We can use this to ensure that the data has not been tampered with. When encrypting: Always encrypt first, and then get the signature of the Cipher Text. Store the signature with your IV and Cipher Text. When Decrypting: Always verify the signature first, and then decrypt if successful.
  75. 75. EXAMPLE: USING HMAC $crypt_key = 'MySecretKey';
 $hmac_key = 'HashingKey';
 
 $hmac = hash_hmac('sha512', $cipher, $hmac_key);
 
 //Store it with your encrypted data
 $encoded_data = base64_encode($iv . $cipher . $hmac);
  76. 76. $decoded_data = base64_decode($encoded_data);
 $iv = substr($decoded_data, 0, $iv_size);
 $hmac = substr($decoded_data, -128);
 $cipher = substr($decoded_data, $iv_size, -128);
 
 if ($hmac != hash_hmac('sha512', $cipher, $hmac_key))
 {
 throw new Exception('HMAC does not match');
 }
 $message = mcrypt_decrypt(
 MCRYPT_BLOWFISH,
 $crypt_key,
 $cipher,
 MCRYPT_MODE_CBC,
 $iv
 ); EXAMPLE: DECRYPTING USING HMAC
  77. 77. USE A LIBRARY http://phpseclib.sourceforge.net They've done the hard parts, save yourself the headache and just use it. It's even PHP4+ compatible, so no excuses.
  78. 78. EXAMPLE: USING PHPSECLIB $crypt_key = 'MySecretKey';
 $hmac_key = 'HashingKey';
 $message = "Do not tell my boss, but I did xyz";
 
 require 'Crypt/DES.php';
 require 'Crypt/Hash.php';
 
 $des = new Crypt_DES();
 $des->setKey($crypt_key);
 $cipher = $des->encrypt($message);
 
 $hash = new Crypt_Hash('sha512');
 $hash->setKey($hmac_key);
 $hmac = bin2hex($hash->hash($cipher));
  79. 79. EXAMPLE: USING PHPSECLIB require 'Crypt/DES.php';
 require 'Crypt/Hash.php';
 
 $hash = new Crypt_Hash('sha512');
 $hash->setKey($hmac_key);
 $verify_hmac = bin2hex($hash->hash($cipher));
 
 if ($verify_hmac == $hmac) {
 $des = new Crypt_DES();
 $des->setKey($crypt_key);
 $message = $des->decrypt($cipher);
 }
  80. 80. ASYMMETRIC ENCRYPTION a.k.a. Public-Key Encryption
  81. 81. COMMON ASYMMETRIC USES SSH Keys HTTPS / SSL PGP: Pretty Good Privacy Email Files Really any message
  82. 82. EXAMPLE: ASYMMETRIC CODE http://codereaper.com/blog/2014/asymmetric-encryption-in-php/
  83. 83. EXAMPLE: ASYMMETRIC CODE http://codereaper.com/blog/2014/asymmetric-encryption-in-php/ openssl req -x509 -newkey rsa:2048 -keyout private.pem -out public.pem -days 365
  84. 84. EXAMPLE: ASYMMETRIC CODE http://codereaper.com/blog/2014/asymmetric-encryption-in-php/ $key = file_get_contents('public.pem');
 $public_key = openssl_get_publickey($key);
 
 $message = "Do not tell my boss, but I did xyz";
 $cipher = $e = null;
 openssl_seal($message, $cipher, $e, array($public_key));
 
 $sealed_data = base64_encode($cipher);
 $envelope = base64_encode($e[0]); openssl req -x509 -newkey rsa:2048 -keyout private.pem -out public.pem -days 365
  85. 85. EXAMPLE: ASYMMETRIC CODE http://codereaper.com/blog/2014/asymmetric-encryption-in-php/ $key = file_get_contents('private.pem');
 $priv_key = openssl_get_privatekey($key, $passphrase);
 $input = base64_decode($sealed_data);
 $einput = base64_decode($envelope);
 
 $message = null;
 openssl_open($input, $message, $einput, $priv_key);
  86. 86. ENCRYPTION !== PROTECTION
  87. 87. ENCRYPTION !== PROTECTION Data obtained through SQL Injection attacks should be relatively secure.
  88. 88. ENCRYPTION !== PROTECTION Data obtained through SQL Injection attacks should be relatively secure. For us to encrypt/decrypt, we must have access to the key. Therefore, any breach of the system will disclose the key to the attacker, leaving ALL encryption useless.
  89. 89. ENCRYPTION !== PROTECTION Data obtained through SQL Injection attacks should be relatively secure. For us to encrypt/decrypt, we must have access to the key. Therefore, any breach of the system will disclose the key to the attacker, leaving ALL encryption useless. Apache environment variable, memory, config files, password entered during system start, etc... do not keep the key private.
  90. 90. AVOID ENCRYPTION AT ALL COSTS! There is no such thing as 100% secure.
  91. 91. OTHER THINGS TO CONSIDER
  92. 92. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server
  93. 93. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server • More overhead and complexity
  94. 94. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server • More overhead and complexity • Any server breach can still decrypt data
  95. 95. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server • More overhead and complexity • Any server breach can still decrypt data • With enough thought and monitoring, you can kill the decryption server to limit the damage done
  96. 96. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server • More overhead and complexity • Any server breach can still decrypt data • With enough thought and monitoring, you can kill the decryption server to limit the damage done • Think about restricting requests per second
  97. 97. OTHER THINGS TO CONSIDER • Encrypt / decrypt on a separate server • More overhead and complexity • Any server breach can still decrypt data • With enough thought and monitoring, you can kill the decryption server to limit the damage done • Think about restricting requests per second Paranoid about password safety? Consider encrypting the hash. Renders SQL Injection and rainbow tables/brute force mostly useless without the key.
  98. 98. OTHER THINGS TO CONSIDER
  99. 99. OTHER THINGS TO CONSIDER Do you need access to the user's information without them on the system?
  100. 100. OTHER THINGS TO CONSIDER Do you need access to the user's information without them on the system? If your user must be present, then consider making them partially responsible for the security. Have them use a second password or passphrase that you can add to your key to use in the encryption.
  101. 101. FINAL WORDS... I've learned a ton while preparing this presentation. Thanks especially to Anthony Ferrara (@ircmaxell) http://blog.ircmaxell.com
  102. 102. THANK YOU!

×