Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PHP7.2와 모던 암호학

1,336 views

Published on

모던 암호학의 이슈와 PHP7.2에 추가된 Libsodium에 대한 설명

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

PHP7.2와 모던 암호학

  1. 1. PHP7.2 Johney Park
  2. 2. Use Libsodium TL; DR
  3. 3. ? ?
  4. 4. Side Channel Attack • , ( ) ? • , , , , , , ? • 
 Meltdown, Spectre • Large Prime Number
  5. 5. Elliptic Curve Cryptography • • RSA 3072bit = ECC 256bit • key • • Side Channel Attack
  6. 6. Authenticated Encryption • Message Authentication Code • • (nonce) •
  7. 7. Post-Quantum Cryptography • •
  8. 8. PHP 7.2 ? Libsodium & Argon2
  9. 9. Libsodium • NaCl(salt) (2008-2010) • Networking and cryptography library, high-speed software library for network communication, encryption, decryption, signature, etc. • US EU Funding • C(with inline assembler), C++, Python Wrapper • Libsodium NaCl Cross-Platform (2013) • • 2017 PHP7.2
  10. 10. Argon2 • Side Channel Attack Hash Algorithm • 2015 • password_hash Libsodium , Libsodium password_hash BCRYPT . ( 7.2 ) • password_hash Libsodium • Libsodium • hash
  11. 11. Argon2 $password = 'secret password'; $hash = password_hash($password, PASSWORD_ARGON2I); echo $hash . PHP_EOL; if (password_verify($password, $hash)) { echo 'valid password' . PHP_EOL; if(password_needs_rehash($hash, PASSWORD_ARGON2I)) { echo 'save new password hash' . PHP_EOL; } } else { echo 'invalid password!' . PHP_EOL; } $argon2i$v=19$m=1024,t=2,p=2$RWRRb01PMnRETU8zMXNrag$/ BKnBpq0Yl82OsimPaNn/SlnAuaGsYWi3H95bfZKFSc valid password
  12. 12. Argon2 $password = 'secret password'; $hash = sodium_crypto_pwhash_str( $password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); echo $hash . PHP_EOL; if (sodium_crypto_pwhash_str_verify($hash, $password)) { sodium_memzero($password); echo 'valid password' . PHP_EOL; if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)) { echo 'save new password hash' . PHP_EOL; } } else { sodium_memzero($password); echo 'invalid password!' . PHP_EOL; } $argon2id$v=19$m=65536,t=2,p=1$zYnVgQGMf+YpTKZzTvqv2g$XHM3XJpOOgeQvibBX9fY4OB 6CA06aJVcsF+DmMFOMtc valid password
  13. 13. Hash • Rainbow table , Collision Attack • Libsodium generic hash BLAKE2b • short hash SipHash-2-4 • Libsodium • PHP hash MD5 SHA-1 . SHA-256 SHA-512
  14. 14. Hash $hash = sodium_bin2hex(sodium_crypto_generichash('message')); echo $hash . PHP_EOL; 2e7836cc18ab1db2a2e239ebf4043772b3359520198b5fd55443b01a1023a5b0 $key = random_bytes(SODIUM_CRYPTO_SHORTHASH_KEYBYTES); $hash = sodium_bin2hex(sodium_crypto_shorthash('message', $key)); echo $hash . PHP_EOL; 7b02d09fb8bd2289 $hash = hash('sha256', 'message'); echo $hash . PHP_EOL; ab530a13e45914982b79f9b7e3fba994cfd1f3fb22f71cea1afbf02b460c6d1d
  15. 15. Secret Key • XSalsa20 • Poly1305 MAC • nonce • AEAD AEAD . ( ..)
  16. 16. Secret Key $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); $message = 'secret message'; $cipher_text = sodium_bin2hex(sodium_crypto_secretbox($message, $nonce, $key)); sodium_memzero($message); echo $cipher_text . PHP_EOL; 9bb7d572868a8ddb773398fd107b3ccbf8f6dd010809bb1f76008a4a2abc $plain_text = sodium_crypto_secretbox_open(sodium_hex2bin($cipher_text), $nonce, $key); echo $plain_text . PHP_EOL; secret message
  17. 17. Public Key • X25519 XSalsa20 • Poly1305 MAC
  18. 18. Public Key $key_pair = sodium_crypto_box_keypair(); $public_key = sodium_crypto_box_publickey($key_pair); $message = 'secret message'; $cipher_text = sodium_bin2hex(sodium_crypto_box_seal($message, $public_key)); sodium_memzero($message); echo $cipher_text . PHP_EOL; 03fb2a60f2dbbe74c5f5eb2a9d13ea6a58c44badd2aa0963ff096c5b344bc5358a724badf814fa22c5566d 8b36867ddbf9ceb4fccbb77a3f303a037429ea $plain_text = sodium_crypto_box_seal_open(sodium_hex2bin($cipher_text), $key_pair); echo $plain_text . PHP_EOL; secret message
  19. 19. Libsodium 7.1
  20. 20. Reference • Official site
 https://www.gitbook.com/book/jedisct1/ libsodium/details • Paragon IE
 https://paragonie.com/book/pecl- libsodium

×