Cryptography for Developers provides an overview of cryptography concepts for developers. It defines cryptography as the encryption of plaintext into ciphertext and back again. It discusses symmetric and asymmetric cryptography, including examples like the Caesar cipher. It covers hashing of passwords for storage and discusses popular algorithms like MD5 and SHA-2. The document also summarizes public key cryptography techniques like RSA and references materials for further learning.

1. Cryptography for
Developers
Kai Koenig
@AgentK

2. Agenda
What is Cryptography?
Definitions
Symmetric and Asymmetric cryptography
Hashing
Some examples
References

3. You might know me from...
Being active in the CF/web dev community in
AU and NZ
Having a very strong opinion on SOAP-based
web services
Having been at many webDUs in the last few
years

4. What you might not know...
I’m also a fully trained mathematician
THERE IS A NEED FOR DEVELOPER
EDUCATION ON CRYPTOGRAPHY

5. What is Cryptography?
(and what is it good for)

6. Essentially
Encryption of plaintext to ciphertext
Decryption of ciphertext to plaintext

7. Essentially
Encryption of plaintext to ciphertext
Decryption of ciphertext to plaintext
“Secrets”

12. Confidentiality
(“Don’t worry, no one can hear us here”)

13. Authentication
(“Who are you?”)

14. Integrity
(“I really work for the FBI, trust me!”)

15. Anonymity
(“Surely no one can trace this movie download via Torrent”)

16. Definition of a crypto system (I)
Crypto system S = <M,C,K,E,D>
M - set of plaintexts (messages)
C - set of ciphertexts (encrypted messages)
K - set keys
E - set of encryption transforms Ek: M -> C
D - set of decryption transforms Dk: C ->M

17. Definition of a crypto system (II)
Every m∊M can be decrypted again after
being encrypted (∀m∊M: Dk(Ek(m))=m)
Different m∊M can not be encrypted to the
same c∊C (∀k∊K,c∊C ∃! m∊M: Ek(m)=c)

18. Desired properties of a crypto system
Both E, D must be efficient and easy to use.
Both E, D should be assumed known.
It should be infeasible to deduce (without
knowing k):
m from c
Dk from c (even if m is known)
Ek from m (even if c is known)
c, unless Ek and m are known

19. Practical application
If your crypto system doesn’t fulfill the desired
properties, it’s most likely not secure.
Common attack vectors:
Ciphertext-only
Known plaintext
Chosen plaintext
Chosen ciphertext

20. Warning!

21. DISCO
Don’t Invent Super-Crypto of your Own

22. Common setup
Sender - Alice
Receiver - Bob
Adversary - “Evil person who wants to steal
the message”

23. Private-key (symmetric) Cryptography
Caesar cipher
plaintext
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ciphertext
EFGHIJKLMNOPQRSTUVWXYZABCD
WEBDU → AIFHY

24. Implementation of Caesar cipher
Very easy to implement via modulo operation:
For an integer m and a positive integer n, m mod n is
the smallest non-negative integer r so that m=nq+r
for some integer q.
Caesar cipher is essentially a transformation
from position n to position (n+s) mod 26.

25. Problems
Easy to crack with dictionary attacks
(frequency of characters)
Rotation cipher is too simple, make algorithm
more complex? Mix alphabet? Or even more
complex:
Good?

27. Problems
Symmetric cryptography (any scheme that
uses a codebook or private key) suffers from a
few drawbacks:
Adversary learns what the code is → decoding
becomes trivial
If the coding scheme is used often enough over time
& adversary has enough time and computing power
they could break the code

29. Plaintext: renaissance
Ciphertext: seadjsfdocr
Decode the following ciphertext: hobgxenwiee

30. Polyalphabetical ciphers - try it yourself
Plaintext: renaissance
Ciphertext: seadjsfdocr
Decode the following ciphertext: hobgxenwiee

31. What’s considered good and secure?
Block ciphers: a block of data is encrypted at a
time, using the same key on each block. Block
ciphers have various modes:
ECB, CBC, CFB, OFB etc...
Stream ciphers: operate on a single bit at a
time and provide a feedback mechanism to
change the key

33. What’s considered good and secure?
DES (Data Encryption Standard) - considered
to be insecure, mainly due to 56-bit keysize
TripleDES (key bundle of 3 56-bit keys) -
practically secure-ish with known theoretical
attack vectors & slow!!!!
AES (128-,192-,256-bit keys) - considered
mostly secure, there are some related-key
attack vectors
(All block ciphers)

34. What’s considered good and secure?
Blowfish (variable key length) - there are some
limited (# of rounds) attack vectors, but
there’s currently no known cryptanalytic
weakness
Blowfish is also patent- and royalty-free.
Others: Serpent, Twofish, RC6, MARS etc

35. Public-key (asymmetric) Cryptography
Protocol:
Both Alice and Bob have a public and private key (key
pair)
Each participant’s public key is made public
Alice encrypts a message to Bob with Bob’s public
key. Bob decrypts the message with his private key:
m = Sb(Pb(m))

36. WTF?

37. Let’s compare symmetric and asymmetric

38. The hard part of public-key cryptography
Bob’s dilemma: Sb and Pb have to be easily
computable for him. Also: Sb has to be
extremely hard to compute for everyone else
but him (even if Pb is open and well known).
Creating proper public-key cryptography
needs a lot of know-how in discrete
mathematics.

39. A simple (unsecure) public-key example
Messages: integers between 1 and 999
Bob’s public key is Pb(M)=rev(1000-M)
Bob’s private key is Sb(C)=1000-rev(C)
Alice: M=167 therefore
C=rev(1000-167)=rev(833)=338
Bob: Receives C=338 therefore M=1000-
rev(338)=1000-833=167

40. So... WHAT EXACTLY is the challenge?

41. Example was flawed because if you know Pb,
you can easily figure out Sb.
The challenge is to design a function Pb so that
even if you know Pb and C=Pb(M) it is
exceptionally difficult to figure out what M is.

42. A better (and more famous PK crypto system)
RSA: Rivest-Shamir-Adleman
Built on the idea of “mod n” calculations in
arithmetic body Zn
Let’s do that!

44. Nope, sorry!

45. We don’t have enough time to introduce:
Zn and arithmetic in Zn
Inverses, Greatest Common Divisors
Euclid’s Division Theorem
Fermat’s Little Theorem
(this is the core of RSA)

46. How does RSA work though?
Bob’s chooses an RSA key:
(1) Choose 2 large prime numbers p and q
(2) n = p·q
(3) Choose e ≠ 1 so that e is relatively prime to (p − 1)·(q − 1)
(4) Compute d = e−1 mod (p − 1)·(q − 1)
(5) Publish e and n
(6) Keep d secret and keep the factorisation n = p·q secret
Alice sends to Bob:
(1) Alice reads the public directory for Bob’s keys e and n
(2) Compute y = xe mod n
(3) Send y to Bob
Bob does the following:
(4) Receive y from Alice
(5) Compute z = yd mod n, using secret key d
(6) Read z

48. The trick is:
There’s no scheme or algorithm to calculate
the e-th root mod n (and break the code).
Someone who doesn’t know the prime
factorisation of n = p·q can not break the
code analytically.
Modular exponentiation is a one-way function.
Note: BRUTE FORCE is still possible!

49. What’s considered good and secure?
RSA (min suggested key length today is 2048-
bit, rather 3072-bit) - still the most common
public key crypto system and with long keys
very secure
Others: Diffie-Hellman, DSA, various PKCS
Worth mentioning:
Elliptic Curve Cryptography - field of current
research

50. Hashing
Speaking of one-way functions...how do you
store passwords?
A hash function is a one-way function that
can’t be reversed. You always want to store
hashed passwords in your DB.

51. Problems with MD5 hashing
Even though hashing is one-way, there are
MD5 hash libraries/websites
Google the hash
http://www.lib.muohio.edu/multifacet/record/az-4602da187c6e221d00d02826db1bfd6a
MD5 is not collision resistant and
considered insecure now, use SHA-2
instead!

53. Salting
The same hash input creates the same hash
output:
test12→60474c9c10d7142b7508ce7a50acf414
But if you salt every password, the hash value
is much harder to reverse-engineer:
<userID>test12<RandomSalt>→...

54. References
An Overview of Cryptography
http://garykessler.net/library/crypto.html
CS651 (Principles of Cryptography) Lecture Notes
http://www.cs.virginia.edu/~shelat/651/www/index.html
CS70 (Discrete Mathematics for Computer Scientists) Lecture Notes
http://www.cs.berkeley.edu/~daw/teaching/cs70-s05/
Various Cryptography and Number Theory Articles
http://di-mgt.com.au/crypto.html
RSA in Javascript
http://www.ohdave.com/rsa/
Recommended text books with further (deeper) information:
Discrete Mathematics for Computer Scientists
http://www.amazon.com/Discrete-Mathematics-Computer-Scientists-Cliff/dp/0132122715/ref=pd_sim_b_1
Introduction to Modern Cryptography: Principles and Protocols
http://www.amazon.com/Introduction-Cryptography-Chapman-Network-Security/dp/1584885513/

55. Photo credits
http://www.flickr.com/photos/stevensnodgrass/4459943069
http://www.flickr.com/photos/mattkieffer/6212412212/
http://www.flickr.com/photos/-marlith-/6118342742/
http://www.flickr.com/photos/wikidave/6878554296
http://www.flickr.com/photos/thomasleuthard/5853471062
http://www.flickr.com/photos/contemplativechristian/2538196687
http://www.flickr.com/photos/klg19/5979330604
http://www.flickr.com/photos/sloshay/5382691989/
http://www.flickr.com/photos/11939863@N08/3794105536
http://www.flickr.com/photos/franganillo/3734200307
http://en.wikipedia.org/wiki/File:Enigma_rotors_with_alphabet_rings.jpg
http://www.cs.rit.edu/~ark/lectures/https02/https.shtml