SlideShare a Scribd company logo

Defeating the entropy downgrade attack

Download as PPTX, PDF
S
Seth Wahle

2016 - HackMiami Conference presentation

Technology
1 of 25
Defeating the entropy downgrade attack
Bio: Seth Wahle Founding Partner: www.Cyberdonix.com Founder: www.DemonBucket.com Electronics engineer and Hardware Hacker Previously spoken at Hackmiami and B-sides Las Vegas Featured in Forbes and BBC for hacking android phones using an implanted NFC chip. & Lead engineer twitter.com/SethWahle Linkedin.com/in/seth-wahle-92b28269 Website: SethWahle.com
"Browser Exploit Against SSL/TLS" BEAST Factoring RSA Export Keys FREAK buying and selling a product or service. It includes advertising, selling and delivering products BRANDING COMPANY "Padding Oracle On Downgraded Legacy Encryption" POODLE Security Losses from Obsolete and Truncated Transcript Hashes SLOTH 20152011 2015 2014 2016 Brief Company History
Background Info Demon Bucket server kept locking up mysteriously. Many user doing 2048 bit or 4096 bit encryption /random ● Uses entropy gathered from actual entropy sources. ● Locks CPU until entropy is collected to complete encryption ● Used for critical random(encryption) /urandom ● sudo random random numbers based on an openly distributed algorithm ● Does not lock CPU ever ● acceptable for low grade random generation (games,etc)
Continued ● Spurred an interest and a need to learn about encryption and entropy to make my server work properly. ● Implemented several modifications that we will go over shortly. ● Later learned of the possibility of an entropy downgrade attack.
1. Choose two prime numbers 2. Multiply the prime numbers together to form a semi-prime number (N) 3. This becomes the modulus 4. Find the (phi) function of the modulus 5. Choose an encryption number(E) where E is between 1 and (phi) of N and is coprime with the modulus 1: P = 2 ,Q = 7 2: N = 14 is the modulus 3:(phi)N=(P-1)(Q-1) = 1*6 = 6 4: E = 5 5: E,N = public key 6: M= message so we will encrypt using the equation Encrypt M5(mod 14)=Cypher Text (C)
1. Choose a decryption number(D) where the decryption times the encryption number to the modulus of (phi)N is equal to 1 2. D and N are the private key 5*D(mod 6) = 1 D = every 6th multiple, so we choose 11 D=11 Decryption Remember: P = 2 , Q = 7, N = 14, (phi)N= 6, E=5 M= Message, C = Cypher Text Decrypt using the equation CD mod N = M
How This Applies 1. Choose a RANDOM prime number = P 2. Choose a RANDOM prime number = Q 3. Choose a RANDOM number that fits a criteria E 4. Choose a RANDOM number that fits a criteria D This all requires RANDOM numbers! and random numbers come from entropy.
How the entropy downgrade attack works.
Choose P = Select any random number, Then find find the next prime number larger than the chosen number. (uses blah blah blah algorithm, ask me if you wanna see how it’s done) Random Numbers are generated using ENTROPY Entropy - Random noise # cat /proc/sys/kernel/random/entropy_avail Computers average between 50 and 1000 bits of entropy when not modified for better entropy gathering VM’s are worse due to a lack of IO.
Breaking an Encryption ● Capture the public key ● Guess the second Prime ● Run that though the RSA algorithms ● See if it comes out clear text Rinse and repeat until it comes out clear text. This is extremely hard to do against large primes (1024 bit+) trivial to do against small primes
Entropy Vs Encryption Perform a 1024 bit encryption with 2000 bits of entropy out of the entropy pool remove 1024 bits of entropy from the pool and use it to generate a 1024 character long number then find the next higher number that is prime. Prime = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX~ Perform a 1024 bit encryption with 1 bit of entropy in the pool Prime = X00000000000000000000000000000000000~ = X X = 1 or 0 Only 2 combinations to try!
Downgrading Entropy Find a server serving employing SSL Hit it with thousands of session requests a second Capture legitimate sessions and decrypt with ease
The Pool size Problem # cat /proc/sys/kernel/random/poolsize all current linux systems hard coded in kernel at 4096
Pool Size Fix Recompile The Kernel with a larger poolsize It’s easy, ask me after and I will show you how.
Watermarking Problem 100% 0% 35% 85% 4096 Bit Pool Start Collecting Entropy Stop Collecting Entropy SysCtl has a watermarking feature that stops and starts collecting entropy on to the entropy pool at certain levels +/- churn This was done to save ridiculously tiny amounts of system resources. This is hardcoded as well : (
Watermarking Fix 100% 0% 75% 16,384 Bit Pool Start Collecting Entropy Stop Collecting Entropy Install RNG-tools and set new watermark RNG-tools over writes some of the systems entropy setting one of them being the watermarking options, This allows you to fix the watermarking without recompiling sysctl RNG-tools also give you control over entropy sources and setting and optimizations
The Sourcing Problem
The Sourcing Fix Install haveged - This generates entropy based on system timing and will generally bump your entropy up to 2000-3500 Get a Hardware RNG - $50 Make Your own HRNG from an RTL-SDR dongle ~$10 (do your homework on making it a secure source or ask me after) Borrow some entropy From a friend??? https://github.com/pwarren/rtl-entropy
https://github.com/dustinkirkland/pollinate Seeds startup entropy from another computer on boot to get things started faster. Easy to install good for VM’s A good codebase to start from
Entropy Broker https://www.vanheusden.com/entropybroker/
Prime Caching ● Generate large random numbers in small chunks over time to reduce impact and requirements against the entropy pool. ● Use these to generate large primes ● Store a list of these cached large primes locally ● Roll a random selection against the cached ● Use and delete the randomly selected large prime ● Rinse and repeat
Where's The Easy Mode? I have written a script that will apply the minimal basic changes to better protect your systems entropy as well as increase system performance! Entropy-upgrade.sh Is available at http://pastebin.com/tKTwt471
DEMO TIME! YAY!
Check entropy pool_size -- cat /proc/sys/kernel/random/pool_size check entropy level -- cat /proc/sys/kernel/random/entropy_avail Pull some random data -- cat /dev/random | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 Demo Notes

Recommended

Lecture 2
Lecture 2Lecture 2
Lecture 2fadwa_stuka
 
CNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsCNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsSam Bowne
 
Cool crypto concepts JavaZone
Cool crypto concepts JavaZoneCool crypto concepts JavaZone
Cool crypto concepts JavaZoneRoy Wasse
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
CNIT 141: 10. Digital Signatures
CNIT 141: 10. Digital SignaturesCNIT 141: 10. Digital Signatures
CNIT 141: 10. Digital SignaturesSam Bowne
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
CNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPCNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
 
Playing CTFs for Fun & Profit
Playing CTFs for Fun & ProfitPlaying CTFs for Fun & Profit
Playing CTFs for Fun & Profitimpdefined
 

Recommended

Lecture 2
Lecture 2Lecture 2
Lecture 2fadwa_stuka
 
CNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsCNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsSam Bowne
 
Cool crypto concepts JavaZone
Cool crypto concepts JavaZoneCool crypto concepts JavaZone
Cool crypto concepts JavaZoneRoy Wasse
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
CNIT 141: 10. Digital Signatures
CNIT 141: 10. Digital SignaturesCNIT 141: 10. Digital Signatures
CNIT 141: 10. Digital SignaturesSam Bowne
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
CNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPCNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
 
Playing CTFs for Fun & Profit
Playing CTFs for Fun & ProfitPlaying CTFs for Fun & Profit
Playing CTFs for Fun & Profitimpdefined
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharman|u - The Open Security Community
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Exploiting buffer overflows
Exploiting buffer overflowsExploiting buffer overflows
Exploiting buffer overflowsPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasurestharindunew
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsSam Bowne
 
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesIS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesSarthak Patel
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Mohamed Loey
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary ExploitationFlorian Müller
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 MarsRémi Dubois
 
Cool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFOCool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFORoy Wasse
 
Classic Information encryption techniques
Classic Information encryption techniquesClassic Information encryption techniques
Classic Information encryption techniquesJay Nagar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbelleurobsdcon
 

More Related Content

What's hot

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasurestharindunew
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsSam Bowne
 
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesIS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesSarthak Patel
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Mohamed Loey
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary ExploitationFlorian Müller
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 MarsRémi Dubois
 
Cool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFOCool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFORoy Wasse
 
Classic Information encryption techniques
Classic Information encryption techniquesClassic Information encryption techniques
Classic Information encryption techniquesJay Nagar
 

What's hot (20)

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Exploiting buffer overflows
Exploiting buffer overflowsExploiting buffer overflows
Exploiting buffer overflows
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniques
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve Cryptosystems
 
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesIS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
 
Network configuration
Network configurationNetwork configuration
Network configuration
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
 
Ch03
Ch03Ch03
Ch03
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphers
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
Cool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFOCool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFO
 
Classic Information encryption techniques
Classic Information encryption techniquesClassic Information encryption techniques
Classic Information encryption techniques
 

Similar to Defeating the entropy downgrade attack

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbelleurobsdcon
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsMarian Marinov
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developersKai Koenig
 
Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developerssluge
 
Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationPriyanka Aash
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...POSSCON
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryptionMizi Mohamad
 
anti-ddos GNTC based on P4 /BIH
anti-ddos GNTC based on P4 /BIHanti-ddos GNTC based on P4 /BIH
anti-ddos GNTC based on P4 /BIHLeo Chu
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerDavid Sweigert
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
 

Similar to Defeating the entropy downgrade attack (20)

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big Data
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developers
 
Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotation
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
 
Cryptography 202
Cryptography 202Cryptography 202
Cryptography 202
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryption
 
anti-ddos GNTC based on P4 /BIH
anti-ddos GNTC based on P4 /BIHanti-ddos GNTC based on P4 /BIH
anti-ddos GNTC based on P4 /BIH
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Defeating the entropy downgrade attack

  • 2. Bio: Seth Wahle Founding Partner: www.Cyberdonix.com Founder: www.DemonBucket.com Electronics engineer and Hardware Hacker Previously spoken at Hackmiami and B-sides Las Vegas Featured in Forbes and BBC for hacking android phones using an implanted NFC chip. & Lead engineer twitter.com/SethWahle Linkedin.com/in/seth-wahle-92b28269 Website: SethWahle.com
  • 3. "Browser Exploit Against SSL/TLS" BEAST Factoring RSA Export Keys FREAK buying and selling a product or service. It includes advertising, selling and delivering products BRANDING COMPANY "Padding Oracle On Downgraded Legacy Encryption" POODLE Security Losses from Obsolete and Truncated Transcript Hashes SLOTH 20152011 2015 2014 2016 Brief Company History
  • 4. Background Info Demon Bucket server kept locking up mysteriously. Many user doing 2048 bit or 4096 bit encryption /random ● Uses entropy gathered from actual entropy sources. ● Locks CPU until entropy is collected to complete encryption ● Used for critical random(encryption) /urandom ● sudo random random numbers based on an openly distributed algorithm ● Does not lock CPU ever ● acceptable for low grade random generation (games,etc)
  • 5. Continued ● Spurred an interest and a need to learn about encryption and entropy to make my server work properly. ● Implemented several modifications that we will go over shortly. ● Later learned of the possibility of an entropy downgrade attack.
  • 6. 1. Choose two prime numbers 2. Multiply the prime numbers together to form a semi-prime number (N) 3. This becomes the modulus 4. Find the (phi) function of the modulus 5. Choose an encryption number(E) where E is between 1 and (phi) of N and is coprime with the modulus 1: P = 2 ,Q = 7 2: N = 14 is the modulus 3:(phi)N=(P-1)(Q-1) = 1*6 = 6 4: E = 5 5: E,N = public key 6: M= message so we will encrypt using the equation Encrypt M5(mod 14)=Cypher Text (C)
  • 7. 1. Choose a decryption number(D) where the decryption times the encryption number to the modulus of (phi)N is equal to 1 2. D and N are the private key 5*D(mod 6) = 1 D = every 6th multiple, so we choose 11 D=11 Decryption Remember: P = 2 , Q = 7, N = 14, (phi)N= 6, E=5 M= Message, C = Cypher Text Decrypt using the equation CD mod N = M
  • 8. How This Applies 1. Choose a RANDOM prime number = P 2. Choose a RANDOM prime number = Q 3. Choose a RANDOM number that fits a criteria E 4. Choose a RANDOM number that fits a criteria D This all requires RANDOM numbers! and random numbers come from entropy.
  • 10. Choose P = Select any random number, Then find find the next prime number larger than the chosen number. (uses blah blah blah algorithm, ask me if you wanna see how it’s done) Random Numbers are generated using ENTROPY Entropy - Random noise # cat /proc/sys/kernel/random/entropy_avail Computers average between 50 and 1000 bits of entropy when not modified for better entropy gathering VM’s are worse due to a lack of IO.
  • 11. Breaking an Encryption ● Capture the public key ● Guess the second Prime ● Run that though the RSA algorithms ● See if it comes out clear text Rinse and repeat until it comes out clear text. This is extremely hard to do against large primes (1024 bit+) trivial to do against small primes
  • 12. Entropy Vs Encryption Perform a 1024 bit encryption with 2000 bits of entropy out of the entropy pool remove 1024 bits of entropy from the pool and use it to generate a 1024 character long number then find the next higher number that is prime. Prime = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX~ Perform a 1024 bit encryption with 1 bit of entropy in the pool Prime = X00000000000000000000000000000000000~ = X X = 1 or 0 Only 2 combinations to try!
  • 13. Downgrading Entropy Find a server serving employing SSL Hit it with thousands of session requests a second Capture legitimate sessions and decrypt with ease
  • 14. The Pool size Problem # cat /proc/sys/kernel/random/poolsize all current linux systems hard coded in kernel at 4096
  • 15. Pool Size Fix Recompile The Kernel with a larger poolsize It’s easy, ask me after and I will show you how.
  • 16. Watermarking Problem 100% 0% 35% 85% 4096 Bit Pool Start Collecting Entropy Stop Collecting Entropy SysCtl has a watermarking feature that stops and starts collecting entropy on to the entropy pool at certain levels +/- churn This was done to save ridiculously tiny amounts of system resources. This is hardcoded as well : (
  • 17. Watermarking Fix 100% 0% 75% 16,384 Bit Pool Start Collecting Entropy Stop Collecting Entropy Install RNG-tools and set new watermark RNG-tools over writes some of the systems entropy setting one of them being the watermarking options, This allows you to fix the watermarking without recompiling sysctl RNG-tools also give you control over entropy sources and setting and optimizations
  • 19. The Sourcing Fix Install haveged - This generates entropy based on system timing and will generally bump your entropy up to 2000-3500 Get a Hardware RNG - $50 Make Your own HRNG from an RTL-SDR dongle ~$10 (do your homework on making it a secure source or ask me after) Borrow some entropy From a friend??? https://github.com/pwarren/rtl-entropy
  • 20. https://github.com/dustinkirkland/pollinate Seeds startup entropy from another computer on boot to get things started faster. Easy to install good for VM’s A good codebase to start from
  • 22. Prime Caching ● Generate large random numbers in small chunks over time to reduce impact and requirements against the entropy pool. ● Use these to generate large primes ● Store a list of these cached large primes locally ● Roll a random selection against the cached ● Use and delete the randomly selected large prime ● Rinse and repeat
  • 23. Where's The Easy Mode? I have written a script that will apply the minimal basic changes to better protect your systems entropy as well as increase system performance! Entropy-upgrade.sh Is available at http://pastebin.com/tKTwt471
  • 25. Check entropy pool_size -- cat /proc/sys/kernel/random/pool_size check entropy level -- cat /proc/sys/kernel/random/entropy_avail Pull some random data -- cat /dev/random | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 Demo Notes