Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerAdam Englander
This presentation is meant to help PHP developers gain a working understanding of common terms used in cryptography, understand the key drivers for choosing cryptography methodologies, algorithms and strengths,
and know which PHP modules and packages to use.
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerAdam Englander
This presentation is meant to help PHP developers gain a working understanding of common terms used in cryptography, understand the key drivers for choosing cryptography methodologies, algorithms and strengths,
and know which PHP modules and packages to use.
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Padding oracle attacks are a class of relatively misunderstood attacks. Whilst they are generally well understood on the theoretical side, there practical impact is generally less clear. The talk will take a tour of padding oracle attacks, from discovery to remediation through exploitation.
It will focus mostly on the Bleichenbacher attack on PKCS1 padding, but will take a detour through the better understood PKCS7 attack on CBC mode if time permits.
I will present a tool I have written to exploit Bleichenbacher type attacks.
Strong cryptography is the usage of systems or components that are considered highly resistant to cryptanalysis, the study of methods to cracking the codes. In this talk I would like to present the usage of strong cryptography in PHP. Security is a very important aspect of web applications especially when they manipulate data like passwords, credit card numbers, or sensitive data (as health, financial activities, sexual behavior or sexual orientation, social security numbers, etc). In particular I will present the extensions mcrypt, Hash, and OpenSSL that are been improved in the last version of PHP. These are the slides presented during my talk at PHP Dutch Conference 2011.
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
This presentation given in 2011 during the first Ruxcon Monthly (Ruxmon) Sydney focuses on proprietary protocols reverse engineering and vulnerability audits.
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
- Basics of IPv6
- How to use IPv6 for network penetration test.
- How to configure network security with respect to IPv6
- Tools of the trade for IPv6
A lecture for a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Padding oracle attacks are a class of relatively misunderstood attacks. Whilst they are generally well understood on the theoretical side, there practical impact is generally less clear. The talk will take a tour of padding oracle attacks, from discovery to remediation through exploitation.
It will focus mostly on the Bleichenbacher attack on PKCS1 padding, but will take a detour through the better understood PKCS7 attack on CBC mode if time permits.
I will present a tool I have written to exploit Bleichenbacher type attacks.
Strong cryptography is the usage of systems or components that are considered highly resistant to cryptanalysis, the study of methods to cracking the codes. In this talk I would like to present the usage of strong cryptography in PHP. Security is a very important aspect of web applications especially when they manipulate data like passwords, credit card numbers, or sensitive data (as health, financial activities, sexual behavior or sexual orientation, social security numbers, etc). In particular I will present the extensions mcrypt, Hash, and OpenSSL that are been improved in the last version of PHP. These are the slides presented during my talk at PHP Dutch Conference 2011.
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
This presentation given in 2011 during the first Ruxcon Monthly (Ruxmon) Sydney focuses on proprietary protocols reverse engineering and vulnerability audits.
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
- Basics of IPv6
- How to use IPv6 for network penetration test.
- How to configure network security with respect to IPv6
- Tools of the trade for IPv6
A lecture for a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
A lecture at CCSF (updated 8-27-2020)
More info: https://samsclass.info/141/141_F20.shtml
Based on Serious Cryptography: A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slide
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Similar to Applied cryptanalysis - stream ciphers (20)
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
2. Intro
•Why do I need to learn about Crypto generally?
• It’s often used to create Cookies, hidden parameters
• To do TLS the right way
• For hashes and data integrity checks
• Password and sensitive info storage
• To have more marketable skills during an interview
•To whom is this useful?
• Devs, QA, anyone interested in security and crypto
•What do I need to understand this?
• School math knowledge
• Desire to learn
3. Overview
•Symmetric encryption
• Stream ciphers
• Block ciphers
• Modes of operation
•Cryptographic hash
• Key derivation
• Authenticated Encryption, AEAD
•Asymmetric encryption
•Conclusions and best practices
5. Symmetric Crypto basics
•To Encrypt is to take Plaintext, key and convert
them into Ciphertext: C = E(P, k)
•To Decrypt is to take Ciphertext, key and convert
them back into Plaintext: P = D(C, k)
•An attacker must, ideally, try (bruteforce) all
possible keys – for 256 bit key – 1077 combinations
7. Symmetric Crypto basics
•OK, what’s a cryptographic attack?
• Anything better than bruteforce
•What’s a practical attack?
• Any attack an adversary with best technology available
can conduct in “reasonable” amount of time
• “reasonable” is determined based on how long the plaintext keeps it’s
value
• Normally, due to exponential nature of cryptanalytic difficulty, attacks
are either impossible or very much possible
8. Symmetric Crypto basics
Main cryptanalytic methods, at a glance
•Known plaintext
•Chosen plaintext (encryption oracles)
•Chosen ciphertext (decryption oracles, bit
flipping)
•Statistical cryptanalysis
•Differential cryptanalysis
•Side-channel attacks
11. Symmetric Crypto basics
XOR ⊕ Refresher
1. A ⊕ A = 0
2. A ⊕ 0 = A
3. A ⊕ B = B ⊕ A (commutativity)
4. A ⊕ ( B ⊕ C ) = ( A ⊕ B) ⊕ C (associativity)
5. Let K ⊕ M = C , then:
C ⊕ K = K ⊕ M ⊕ K = K ⊕ K ⊕ M = 0 ⊕ M = M
12. Stream ciphers
•Historic stream cipher example – One-time Pads
• Sender and Receiver must have identical Pads
• Pads fully filled with random data
• Sender computes Message ⊕ Pad and sends result
• Receiver does Ciphertext ⊕ Pad to get Message
•One-time Pads are mathematically proven to be
unbreakable! YAY! VICTORY! Let’s all go home now.
14. Stream ciphers
•Historic stream cipher example – One-time Pads
• Sender and Receiver must have identical Pads
• Pads fully filled with random data
• Sender computes Message ⊕ Pad and sends result
• Receiver does Ciphertext ⊕ Pad to get Message
•One-time Pads are mathematically proven to be
unbreakable! YAY! VICTORY! Let’s all go home now.
•Cons? One-time Pads are horribly impractical
• And unbreakable, well… Only as long as Pads’ data is
truly random and they are never used twice
15. Stream ciphers
•Modern electronic Stream Ciphers
• Were inspired by One-time pads
• Have almost all of their problems + some more!
• Derive high entropy Key from Passphrase
• Generate Keystream via a PRNG algorithm from Key
• It’s output is effectively used instead of one-time pads
• Employ Initialization Vectors - transmitted in cleartext
• They are mixed with the Key to avoid key reuse (pad reuse)
16. Stream ciphers
Basic vulnerabilities: bit flipping
•With Steam Ciphers, a flipped bit in the Ciphertext
ALWAYS results in a flipped bit in the Plaintext
•Having only a Ciphertext, an attacker can make it
say ANYTHING when decrypted!
• Needs to know the target position in the plaintext
• How? E.g. via reverse engineering the app or Crib-dragging
•Requires no knowledge of the encryption key
•Every stream cipher is vulnerable to it!
17. Stream ciphers
Basic vulnerabilities: bit flipping example
•Given: an encrypted cookie with data like
…&user=john.doe&admin=0&…
•Whose encrypted bytes in binary look like
…10010011 11011001 01101000…
•A flip of only 1 bit of ciphertext is necessary
…10010011 11011000 01101000…
•To make the decrypted plaintext say
…&user=john.doe&admin=1&…
18. Stream ciphers
Basic vulnerabilities: key reuse
What’s so terrible about key (pad) reuse?
•So we have 2 plaintexts P1 and P2, and we encrypt
them separately under the same Key, IV pair:
C1=P1⊕F(Key,IV)
C2=P2⊕F(Key,IV)
When attacker intercepts them, he can then
compute:
C1⊕C2=P1⊕P2
•“Oh, please! How bad could that possibly be?..”
20. Stream ciphers
Basic vulnerabilities: key reuse
•Edge case: if one of the plaintexts, e.g. P1, is known,
restoring the other one is trivial
C1⊕C2⊕P1 = (P1⊕K)⊕(P2⊕K)⊕P1 = 0⊕P2 = P2
•Edge case: if a portion of Plaintext is known, the
Keystream in corresponding position is revealed
C = P⊕E(Key,IV) C⊕P = E(Key,IV)
• Now, having the Keystream at some position, we can
decrypt data at that position from ALL other ciphertexts
• We can also change and re-encrypt any data there
21. Stream ciphers
Basic vulnerabilities: Why does key reuse happen?
•No IV is used
•Static IV
• For example, the encryption key itself
• Or a hash of the password – good entropy, still useless
•Very short IV
• E.g. WEP had a 24 bit IV == 16777216 values
• Birthday paradox - in 4096 packets IV is reused with P=0.5
• Birthday paradox??
22. Stream ciphers
Birthday paradox
• For what number of people, the chances that two of them
share a birthday are 50-50?
• 𝑛 ≈ 2𝑚 × 𝑝 𝑛 → 2 × 224 × 0.5 = 212
= 4096
23. Stream ciphers
Basic vulnerabilities: Why does key reuse happen?
•Bad IV
• Caused by bad random
• Specifically, where a PRNG is used instead of CSPRNG
• “Oh please, what’s the difference?”
27. Stream ciphers: random
Hacking Java’s Random(): predicting the future
•Linear Congruential PRNG:
seed = (seed * multiplier + addend) mod (2 ^ precision)
• Has 48 bits of state, but discloses only 32 at a time e.g. nextInt()
• The remaining 16 bits are easily bruteforcible on modern PCs:
28. Stream ciphers: random
Hacking Java’s Random(): peeking into the past
• Long story short, one bit at a time we unwind the changes a
previous seed would’ve had on the current number
• And can do so recursively as far back as we wish
29. Stream ciphers
Case-study
•Used a circular XOR cipher
• Meaning, “keystream”, the passphrase, was reused
• Well, not exactly XOR operation but close enough
•With a hardcoded key
• That had barely any entropy
•Without an IV
•All this made it vulnerable to every kind of attack
30. Stream ciphers
Case-study
Differential Cryptanalysis via chosen plaintext attack
1. ‘aaaaa’ user session cookie, first 10 “bytes” :
131!167!208!205!204!194!184!192!164!124!...
2. ‘bbbbb’ user session cookie:
131!167!209!206!205!195!185!192!164!124!...
3. This is basically an “encryption” oracle
4. From this, we can already deduce the
“keystream”
5. But it’s revealed clearly if we use ‘0’ for
username
6. But what if we couldn’t control the plaintext?..
31. Stream ciphers
Case-study
Statistical analysis
• Only the end part of cookies changed between sessions
• We can already see what’s encrypted here
• Now just bruteforce 1 byte for each column
• Voila! We have our keystream symbol!
32. Stream ciphers
So, how to do it right?
•NEVER be clever and invent your own crypto!
•Use well-known Crypto suits, e.g. Bouncy Castle
•Never use a vulnerable cipher! E.g., RC4
• Instead, go for ChaCha20 – no known attacks
•When you’re asked for an IV, get it from CSPRNG!
• And make it LOOOOONG
•Never use the Passphrase as the Key!
• Instead, google how to use PBKDF2 from RFC 2898