SlideShare a Scribd company logo

Cargo Cult Security UJUG Sep2015

Download as PPTX, PDF
Derrick Isaacson
Derrick Isaacson

This document discusses common security anti-patterns and cargo cult programming practices related to cryptography. It describes how using cryptographic primitives incorrectly or for the wrong purposes can significantly weaken security. For example, using non-cryptographic random number generators, reusing initialization vectors, or rolling your own encryption when libraries are available. The document advocates identifying true security goals, using the correct cryptographic primitive, and relying on proven libraries instead of writing custom crypto code whenever possible.

Technology
1 of 40
Cargo Cult Security - Utah Java User Group 2015 https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
http://en.wikipedia.org/wiki/Cargo_cult
Richard Feynman
Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
The Big Picture
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
PlaintextCiphertext Cipher
Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
Anti-pattern: Authentication /private_image?secure_id=573146feb41e
Anti-pattern: Authentication /private_image?secure_id=573146feb41e import javax.crypto.* public static String getPrivateURL(String plainTextId) { Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector); byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes()); return bytesToHex(cipherBytes); } String plainTextId = "100000"; String cipherTextId = Auth.getPrivateURL(plainTextId);
/private_image?secure_id=573146feb41e public static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector); byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId)); String plainTextId = new String(plainBytes, "UTF-8"); return getImage(plainTextId); } 573146feb41e 100000 Team Photo
/private_image?secure_id=573146feb41e /private_image?secure_id=573146feb41f public static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector); byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId)); String plainTextId = new String(plainBytes, "UTF-8"); return new String(plainBytes, "UTF-8"); } 573146feb41f 100001 Attack Plan
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
HMAC SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA1"); Mac mac = Mac.getInstance("HmacSHA1"); mac.init(signingKey); byte[] hmacBytes = mac.doFinal(message.getBytes()); return bytesToHex(hmacBytes);
Anti-pattern: Authentication 2 /private_image?user_id=3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777 String plainTextId = “834"; String cipherTextId = Auth.getPrivateURL(plainTextId); public static String getPrivateURL(String plainTextId) { Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector); byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes()); return bytesToHex(cipherBytes); }
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Anti-pattern: Bank Deposit
cipher = Cipher.getInstance(“AES/CBC/NoPadding"); … return cipher.doFinal(plainText.getBytes()); msg[45] = (byte)(msg[45] ^ “0".getBytes()[0] ^ "t".getBytes()[0]); cipher = Cipher.getInstance(“AES/CBC/NoPadding"); … return cipher.doFinal(cipherText);
Or… Replay it 1000 times
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Encryption Parameters Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
Anti-pattern: Encryption Modes cipher = Cipher.getInstance(“AES/ECB/NoPadding");
Cipher-block Chaining Mode cipher = Cipher.getInstance(“AES/CBC/NoPadding");
Encryption Parameters Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
Anti-pattern: Initialization Vector plainText = “Hold"; cryptText = cipher.doFinal(plainText.getBytes()); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
Generating Keys & Initialization Vectors key = “koicy37m8ao2nl07"; iv = new java.util.Random().nextLong(); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • Warning: The IV parameter must be as long as the blocksize in … • Use • javax.crypto • SecretKey key = KeyGenerator.getInstance("AES").generateKey(); • IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(secureRandBytes);
Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <% Long csrfToken = new java.lang.Random().nextLong(); setCookie("csrfToken", csrfToken); print(String.format("<input type="hidden" value=%s">“, csrfToken); %> <input type="submit" value="Submit"> </form>
Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
Anti-pattern: Psuedo-random Session IDs <% uid = "12345678"; sessionId = md5(uid + rand.nextLong() + System.currentTimeMillis()); setCookie(“session_id", sessionId); %> Really < 20 bits of entropy. A modern GPU can calculate that in a second!9,12
HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <% Long csrfToken = new java.security.SecureRandom().nextLong(); setCookie("csrfToken", csrfToken); print(String.format("<input type="hidden" value=%s">“, csrfToken)); %> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Questions? derrick@lucidchart.com https://github.com/disaacson/cargo-cult-security
References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. http://www.slideshare.net/javagroup2006/data-security-essentials-java-one-2013 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104

Recommended

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWest
Derrick Isaacson
 
Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18
Derrick Isaacson
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
Michel Schudel
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
Ernie Turner
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
 

Recommended

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWest
Derrick Isaacson
 
Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18
Derrick Isaacson
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
Michel Schudel
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
Ernie Turner
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
 
Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012
DefCamp
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
 
Geth important commands
Geth important commandsGeth important commands
Geth important commands
NexThoughts Technologies
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Svetlin Nakov
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average Developer
Anthony Ferrara
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
Aaron Zauner
 
How to get rid of terraform plan diffs
How to get rid of terraform plan diffsHow to get rid of terraform plan diffs
How to get rid of terraform plan diffs
Yukiya Hayashi
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
Encryption Boot Camp on the JVM
Encryption Boot Camp on the JVMEncryption Boot Camp on the JVM
Encryption Boot Camp on the JVM
Matthew McCullough
 
9 password security
9 password security9 password security
9 password security
drewz lin
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...
Brian Campbell
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
Jose Manuel Ortega Candel
 
Onward15
Onward15Onward15
Onward15
sarah_nadi
 
Concept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized ApplicationConcept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized Application
Seiji Takahashi
 
Web security
Web securityWeb security
Web security
davidahaskins
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
Ajay Ohri
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
Positive Hack Days
 
Prisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesPrisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented Architectures
Derrick Isaacson
 
Revisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networksRevisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networks
Karthik Raman
 

More Related Content

What's hot

Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012
DefCamp
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
 
Geth important commands
Geth important commandsGeth important commands
Geth important commands
NexThoughts Technologies
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Svetlin Nakov
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average Developer
Anthony Ferrara
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
Aaron Zauner
 
How to get rid of terraform plan diffs
How to get rid of terraform plan diffsHow to get rid of terraform plan diffs
How to get rid of terraform plan diffs
Yukiya Hayashi
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
Encryption Boot Camp on the JVM
Encryption Boot Camp on the JVMEncryption Boot Camp on the JVM
Encryption Boot Camp on the JVM
Matthew McCullough
 
9 password security
9 password security9 password security
9 password security
drewz lin
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...
Brian Campbell
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
Jose Manuel Ortega Candel
 
Onward15
Onward15Onward15
Onward15
sarah_nadi
 
Concept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized ApplicationConcept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized Application
Seiji Takahashi
 
Web security
Web securityWeb security
Web security
davidahaskins
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
Ajay Ohri
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
Positive Hack Days
 

What's hot (20)

Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012Top Ten Web Defenses - DefCamp 2012
Top Ten Web Defenses - DefCamp 2012
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Geth important commands
Geth important commandsGeth important commands
Geth important commands
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average Developer
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
 
How to get rid of terraform plan diffs
How to get rid of terraform plan diffsHow to get rid of terraform plan diffs
How to get rid of terraform plan diffs
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
 
Encryption Boot Camp on the JVM
Encryption Boot Camp on the JVMEncryption Boot Camp on the JVM
Encryption Boot Camp on the JVM
 
9 password security
9 password security9 password security
9 password security
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
Onward15
Onward15Onward15
Onward15
 
Concept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized ApplicationConcept of BlockChain & Decentralized Application
Concept of BlockChain & Decentralized Application
 
Web security
Web securityWeb security
Web security
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 

Viewers also liked

Prisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesPrisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented Architectures
Derrick Isaacson
 
Revisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networksRevisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networks
Karthik Raman
 
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Derrick Isaacson
 
Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27
Derrick Isaacson
 
Effective SOA
Effective SOAEffective SOA
Effective SOA
Derrick Isaacson
 
Desigining for evolvability
Desigining for evolvabilityDesigining for evolvability
Desigining for evolvability
Aslak Hellesøy
 

Viewers also liked (6)

Prisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesPrisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented Architectures
 
Revisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networksRevisiting robustness and evolvability: evolution on weighted genotype networks
Revisiting robustness and evolvability: evolution on weighted genotype networks
 
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
 
Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27
 
Effective SOA
Effective SOAEffective SOA
Effective SOA
 
Desigining for evolvability
Desigining for evolvabilityDesigining for evolvability
Desigining for evolvability
 

Similar to Cargo Cult Security UJUG Sep2015

Django cryptography
Django cryptographyDjango cryptography
Django cryptography
Erik LaBianca
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
Graham Lee
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
thomashtkim
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
preethihp4500
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
phanleson
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)
James Titcumb
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
tcloudcomputing-tw
 
Security via Java
Security via JavaSecurity via Java
Security via Java
Bahaa Zaid
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
Felipe Prado
 
Encryption Boot Camp at Øredev
Encryption Boot Camp at ØredevEncryption Boot Camp at Øredev
Encryption Boot Camp at Øredev
Matthew McCullough
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Krzysztof Kotowicz
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)
James Titcumb
 
Cryptography In Silverlight
Cryptography In SilverlightCryptography In Silverlight
Cryptography In Silverlight
Barry Dorrans
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
John Congdon
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security Stance
Sara Goodison
 
Network security
Network securityNetwork security
Network security
babyangle
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
Duy Do Phan
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
 

Similar to Cargo Cult Security UJUG Sep2015 (20)

Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
Security via Java
Security via JavaSecurity via Java
Security via Java
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
 
Encryption Boot Camp at Øredev
Encryption Boot Camp at ØredevEncryption Boot Camp at Øredev
Encryption Boot Camp at Øredev
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)
 
Cryptography In Silverlight
Cryptography In SilverlightCryptography In Silverlight
Cryptography In Silverlight
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security Stance
 
Network security
Network securityNetwork security
Network security
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
 

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 

Cargo Cult Security UJUG Sep2015

  • 1. Cargo Cult Security - Utah Java User Group 2015 https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
  • 4. Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
  • 6. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 7. Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 9. Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
  • 11. Anti-pattern: Authentication /private_image?secure_id=573146feb41e import javax.crypto.* public static String getPrivateURL(String plainTextId) { Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector); byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes()); return bytesToHex(cipherBytes); } String plainTextId = "100000"; String cipherTextId = Auth.getPrivateURL(plainTextId);
  • 12. /private_image?secure_id=573146feb41e public static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector); byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId)); String plainTextId = new String(plainBytes, "UTF-8"); return getImage(plainTextId); } 573146feb41e 100000 Team Photo
  • 13. /private_image?secure_id=573146feb41e /private_image?secure_id=573146feb41f public static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector); byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId)); String plainTextId = new String(plainBytes, "UTF-8"); return new String(plainBytes, "UTF-8"); } 573146feb41f 100001 Attack Plan
  • 14. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 15. Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
  • 16. HMAC SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA1"); Mac mac = Mac.getInstance("HmacSHA1"); mac.init(signingKey); byte[] hmacBytes = mac.doFinal(message.getBytes()); return bytesToHex(hmacBytes);
  • 17. Anti-pattern: Authentication 2 /private_image?user_id=3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777 String plainTextId = “834"; String cipherTextId = Auth.getPrivateURL(plainTextId); public static String getPrivateURL(String plainTextId) { Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector); byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes()); return bytesToHex(cipherBytes); }
  • 18. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 20. cipher = Cipher.getInstance(“AES/CBC/NoPadding"); … return cipher.doFinal(plainText.getBytes()); msg[45] = (byte)(msg[45] ^ “0".getBytes()[0] ^ "t".getBytes()[0]); cipher = Cipher.getInstance(“AES/CBC/NoPadding"); … return cipher.doFinal(cipherText);
  • 22. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 23. Encryption Parameters Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
  • 24. Anti-pattern: Encryption Modes cipher = Cipher.getInstance(“AES/ECB/NoPadding");
  • 25.
  • 26. Cipher-block Chaining Mode cipher = Cipher.getInstance(“AES/CBC/NoPadding");
  • 27. Encryption Parameters Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
  • 28. May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
  • 29. Anti-pattern: Initialization Vector plainText = “Hold"; cryptText = cipher.doFinal(plainText.getBytes()); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
  • 30. Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
  • 31. Generating Keys & Initialization Vectors key = “koicy37m8ao2nl07"; iv = new java.util.Random().nextLong(); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • Warning: The IV parameter must be as long as the blocksize in … • Use • javax.crypto • SecretKey key = KeyGenerator.getInstance("AES").generateKey(); • IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(secureRandBytes);
  • 32. Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <% Long csrfToken = new java.lang.Random().nextLong(); setCookie("csrfToken", csrfToken); print(String.format("<input type="hidden" value=%s">“, csrfToken); %> <input type="submit" value="Submit"> </form>
  • 33. Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
  • 34. Anti-pattern: Psuedo-random Session IDs <% uid = "12345678"; sessionId = md5(uid + rand.nextLong() + System.currentTimeMillis()); setCookie(“session_id", sessionId); %> Really < 20 bits of entropy. A modern GPU can calculate that in a second!9,12
  • 35. HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <% Long csrfToken = new java.security.SecureRandom().nextLong(); setCookie("csrfToken", csrfToken); print(String.format("<input type="hidden" value=%s">“, csrfToken)); %> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
  • 36. No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
  • 37. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 38. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 40. References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. http://www.slideshare.net/javagroup2006/data-security-essentials-java-one-2013 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104

Editor's Notes

  1. “The term "cargo cult" has been used metaphorically to describe an attempt to recreate successful outcomes by replicating circumstances associated with those outcomes, although those circumstances are either unrelated to the causes of outcomes or insufficient to produce them by themselves.” http://en.wikipedia.org/wiki/Cargo_cult
  2. Zimmerman Telegram – January 1917 diplomatic proposal from Germany to Mexico to join the Central Powers (Germany, Austria-Hungary) if the United States entered the war on the side of the Allies (France, Russian, United Kingdom). It was intercepted by British intelligence and decoded. It outraged the US and induced the country to declare war on Germany just a few months later (April). The text of the original telegram is known as ciphertext. Ciphertext is the result of encryption performed on plaintext using a cipher. (http://en.wikipedia.org/wiki/Ciphertext)
  3. http://blowfish.online-domain-tools.com/
  4. Icons on left
  5. Use CBC (cipher-block chaining) mode instead of ECB (electronic codebook) mode to hide patterns.