POSSCON, profile picture
Uploaded byPOSSCON
627 views

How to Use Cryptography Properly: The Common Mistakes People Make When Using Cryptographic Functions

The document discusses the proper use of cryptography in applications, focusing on key concepts such as random number generation, salting, hashing, key derivation, and symmetric encryption. It highlights common mistakes made in the implementation of cryptographic techniques, emphasizing the importance of securing passwords and the dangers of weak configurations. The speaker, Andy Watson from Ionic Security, aims to educate developers to avoid these pitfalls and use established methodologies to protect sensitive data.

Embed presentation

Downloaded 10 times
Using Cryptography Properly in Applications POSSCON 2015 Andy Watson Ionic Security
About: Name: Andy Watson Occupation: Byte Mangler Employer: Ionic Security http://ionicsecurity.com/
Why: I’ve seen too many people not using cryptography or using it incorrectly. This information may help you not be one of them.
Agenda: ● Random ● Salt ● Hash ● Key Derivation ● Symmetric Encryption ● Famous Mistakes
Random
Random Number Generators RNG: A computational or physical device designed to generate a sequence of numbers that lack any pattern High quality generators depend on an entropy source like radioactive decay or radio frequency noise For cryptographic functions, higher levels of entropy are required to work properly
Pseudo Computational RNG are known as Pseudo RNG PRNG are “seeded” with a value to generate a series of numbers
SALT
What is a Salt? Random data added to your input to create better output from one way functions Useful for defending against dictionary and rainbow table attacks.
Hash
HASH!
Hashing Function (n.) A Function that represents data of arbitrary size as data of a fixed size. $ echo 'Hello POSSCON 2015!' | md5 81ad0b0ba5f98e0f584c1cd9a2c324a3 $ echo 'Hello POSSCON 2015' | md5 0c9c470f340aedaba625908939ba3c7b
When to Hash Use hashing functions when saving the original data would be a liability you have no business dealing with For Example: Linux Passwords $6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2DwuS 4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4. I5x5NtqidhBTGobQLOqxBAFe1
Don’t Store The Clear Credentials should be salted and hashed when stored During login, salt and hash the password entered and check it against the result you stored
When Hashes Collide These two blocks have the same md5 hash of 79054025255fb1a26e4bc422aef54eb4 This is called a collision d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70 d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
Taste the Rainbow Table A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Password MD5 Hash 123456 e10adc3949ba59abbe56e057f20f883e password 5f4dcc3b5aa765d61d8327deb882cf99
You. Must. Hash. Securely. Cryptographically Secure Hash Function (n.) A hash function which is infeasible to reverse back to the original message and not subject to collisions $ echo "hello POSSCON 2015" | shasum -a 512 0d294c5140972735a80131eca426da4838cf5de1b3eb1c8cb51c4bb24823e389 d22a36be76be597a5c5a934dd5fada8b75e0986fb6e89329a820c22d96c4be17
Key Derivation
Key Derivation Functions KDF create new secret keys from a secret value and a known value - like a password Key Derivation Functions can be used in a “key stretching” routing to enhance hashing functions to provide much more protection from rainbow tables and brute force attacks
Original KDF: crypt ● Invented in 1978 to protect UNIX passwords ● Used only a 12 bit salt ● Limited passwords to 8 characters
Modern KDFs PDKDF2 ● 64 bit random salt ● 5000 iterations of SHA1 (hashing function) SCRYPT ● Consumes large amounts of memory on purpose
PBKDF2 In A Nutshell™ Password SALT + Password Prepend SALT Intermediate Hash SHA1 REPEAT SHA1 5000 TIMES Final Hash
Save the Salt Store the salt, the resulting hash and the number of iterations in your datastore You’ll have to calculate the derived key of the credential again to verify it is correct
Symmetric Encryption
Symmetric Encryption Used when your application needs to protect data at rest (on disk etc) but will need to use those values later The most common algorithm for symmetric encryption is AES (Advanced Encryption Standard) It can operate in multiple modes like ECB, CBC, CTR and GCM - each suited to different uses
ECB Mode Electronic Code Book Operates on blocks of plaintext
Comparing ECB to other modes http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Galois Counter Mode (GCM) Authenticates and Encrypts Messages Reduces the opportunity for interference with messages to go undetected
It’s Complicated Use a well known, well tested cryptographic library / framework - do not write your own! Do research before shipping your code - make sure you’re using the right primitives / modes for your application
Let’s point and laugh Some Mistakes Were Made
The Stupid. It Hurts.
Le Sigh. My password is stored in their database. It was not hashed or they could not have emailed it to me!
Which is bad because... A lot of people use the same password everywhere and use their email address as their login!
So... An attacker that gets this password list can try to log in to all kinds of things as you! 1. email 2. banks 3. credit reporting 4. even NetFlix!
Adobe Hack Millions of “encrypted” passwords stolen Hashed with MD5 Large numbers of them found in rainbow tables Most Common Password: 123456 http://stricture-group.com/files/adobe-top100.txt
Beware The Default Settings Default settings for Android Bouncy Castle starting in 2.1 were not good Defaulted to ECB mode!
Empirical Study of Android Apps 11,748 applications analyzed 5,656 used ECB mode by default 3,644 used a constant symmetric key 2,000 used ECB mode EXPLICITLY! 1,932 used a constant IV 1,629 seeded PRNG with static value
Seeding the Pseudo In 2006 a bug in Debian and Ubuntu caused the PID to be used as the output of the PRNG - only 32,768 possible values! (hint: that’s not enough!)
UnSalted Hashes In 2012, LinkedIn password hashes were stolen They were not salted so 60% of them were cracked
Crisis Averted at Slack User profile data stolen in February 2015 Passwords hashed with bcrypt and random salts Change your password anyway...
Unlocking Your Prius System uses rotating codes in a small range Some built in (pre-shared) keys for repair use No protection from replaying codes Brute force attacks possible Still under investigation...
Yay!
More Resources For You https://bitly.com/bundles/andrewwatson/2
@andrewwatson http://andywatson.space/ http://www.ionicsecurity.com/ Thank You

More Related Content

PPTX
Using Cryptography Properly in Applications
byGreat Wide Open
 
PDF
Web Security.pdf
byAdityaKumar1548
 
PPT
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
byNipun Jaswal
 
PDF
Network Security and Cryptography.pdf
byAdityaKumar1548
 
PDF
Basics of Meterpreter Evasion
byNipun Jaswal
 
PPTX
My Bro The ELK
byTripwire
 
PPTX
Crypto failures every developer should avoid
byFilip Šebesta
 
PPTX
A Brief History of Cryptographic Failures
byNothing Nowhere
 
Using Cryptography Properly in Applications
byGreat Wide Open
 
Web Security.pdf
byAdityaKumar1548
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
byNipun Jaswal
 
Network Security and Cryptography.pdf
byAdityaKumar1548
 
Basics of Meterpreter Evasion
byNipun Jaswal
 
My Bro The ELK
byTripwire
 
Crypto failures every developer should avoid
byFilip Šebesta
 
A Brief History of Cryptographic Failures
byNothing Nowhere
 

What's hot

PDF
'Malware Analysis' by PP Singh
byBipin Upadhyay
 
PPTX
How to hide your browser 0-day @ Disobey
byZoltan Balazs
 
PPT
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
bychrissanders88
 
DOCX
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
PPTX
[2.2] Hacking Internet of Things devices - Ivan Novikov
byOWASP Russia
 
PPTX
GreyNoise - Lowering Signal To Noise
byAndrew Morris
 
PDF
Hunting Layered Malware by Raul Alvarez
byEC-Council
 
PPTX
Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016
bygrecsl
 
PDF
How to Analyze an Android Bot
byPriyanka Aash
 
PDF
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
byGeekPwn Keen
 
PPT
Network Security fundamentals
byTariq kanher
 
PDF
Android Serialization Vulnerabilities Revisited
byPriyanka Aash
 
PDF
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
byAndrew Morris
 
PPT
Using Canary Honeypots for Network Security Monitoring
bychrissanders88
 
PDF
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
byZoltan Balazs
 
PDF
Grails vs XSS: Defending Grails against XSS attacks
bytheratpack
 
PPTX
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
byCODE BLUE
 
PDF
10 Mistakes Hackers Want You to Make
byJoe Kutner
 
PDF
Building & Hacking Modern iOS Apps
bySecuRing
 
PPTX
Defcon Crypto Village - OPSEC Concerns in Using Crypto
byJohn Bambenek
 
'Malware Analysis' by PP Singh
byBipin Upadhyay
 
How to hide your browser 0-day @ Disobey
byZoltan Balazs
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
bychrissanders88
 
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
byOWASP Russia
 
GreyNoise - Lowering Signal To Noise
byAndrew Morris
 
Hunting Layered Malware by Raul Alvarez
byEC-Council
 
Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016
bygrecsl
 
How to Analyze an Android Bot
byPriyanka Aash
 
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
byGeekPwn Keen
 
Network Security fundamentals
byTariq kanher
 
Android Serialization Vulnerabilities Revisited
byPriyanka Aash
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
byAndrew Morris
 
Using Canary Honeypots for Network Security Monitoring
bychrissanders88
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
byZoltan Balazs
 
Grails vs XSS: Defending Grails against XSS attacks
bytheratpack
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
byCODE BLUE
 
10 Mistakes Hackers Want You to Make
byJoe Kutner
 
Building & Hacking Modern iOS Apps
bySecuRing
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
byJohn Bambenek
 

Viewers also liked

PDF
CSW2017 Harri hursti csw17 final
byCanSecWest
 
PDF
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
byCanSecWest
 
PDF
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
byCanSecWest
 
PDF
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
byCanSecWest
 
PDF
CSW2017 Scott kelly secureboot-csw2017-v1
byCanSecWest
 
PDF
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
byCanSecWest
 
PDF
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
byCanSecWest
 
PDF
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
byCanSecWest
 
PDF
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
byCanSecWest
 
PDF
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
byCanSecWest
 
PDF
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
byCanSecWest
 
CSW2017 Harri hursti csw17 final
byCanSecWest
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
byCanSecWest
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
byCanSecWest
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
byCanSecWest
 
CSW2017 Scott kelly secureboot-csw2017-v1
byCanSecWest
 
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
byCanSecWest
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
byCanSecWest
 
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
byCanSecWest
 
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
byCanSecWest
 
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
byCanSecWest
 
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
byCanSecWest
 

Similar to How to Use Cryptography Properly: The Common Mistakes People Make When Using Cryptographic Functions

PPTX
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
Cryptography
byYnon Perek
 
PPTX
TM112 Meeting12-Cryptography.pptx
byMohammedYusuf609377
 
PPTX
Password Storage Sucks!
bynerdybeardo
 
PDF
The slower the stronger a story of password hash migration
byOWASP
 
PPTX
Securing Passwords
byMandeep Singh
 
PPTX
All details of cryptography and all the topics of cryptography was explained
bykhitishKumarSahoo1
 
PDF
Password (in)security
byEnrico Zimuel
 
PDF
Passwords good badugly181212-2
byIftach Ian Amit
 
PDF
Encryption Recap: A Refresher on Key Concepts
bythomashtkim
 
PPTX
Breaking out of crypto authentication
byMohammed Adam
 
PDF
Cracking Salted Hashes
byn|u - The Open Security Community
 
PPTX
IT21L-CRYPTOGRAPHY Cyber security IT.pptx
byrdelosreyes538795
 
PPTX
501 ch 10 cryptography
byToyeeb Onimole
 
DOCX
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
byRAJU852744
 
PDF
Hacknbeers sqli and cryptography
byMiguel Ibarra
 
PDF
Proper passwordhashing
byfangjiafu
 
ODP
An Introduction to Hashing and Salting
byRahul Singh
 
PDF
Cryptography For The Average Developer
byAnthony Ferrara
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Cryptography
byYnon Perek
 
TM112 Meeting12-Cryptography.pptx
byMohammedYusuf609377
 
Password Storage Sucks!
bynerdybeardo
 
The slower the stronger a story of password hash migration
byOWASP
 
Securing Passwords
byMandeep Singh
 
All details of cryptography and all the topics of cryptography was explained
bykhitishKumarSahoo1
 
Password (in)security
byEnrico Zimuel
 
Passwords good badugly181212-2
byIftach Ian Amit
 
Encryption Recap: A Refresher on Key Concepts
bythomashtkim
 
Breaking out of crypto authentication
byMohammed Adam
 
Cracking Salted Hashes
byn|u - The Open Security Community
 
IT21L-CRYPTOGRAPHY Cyber security IT.pptx
byrdelosreyes538795
 
501 ch 10 cryptography
byToyeeb Onimole
 
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
byRAJU852744
 
Hacknbeers sqli and cryptography
byMiguel Ibarra
 
Proper passwordhashing
byfangjiafu
 
An Introduction to Hashing and Salting
byRahul Singh
 
Cryptography For The Average Developer
byAnthony Ferrara
 

More from POSSCON

PDF
Why Meteor.JS?
byPOSSCON
 
PDF
Vagrant 101
byPOSSCON
 
PDF
Tools for Open Source Systems Administration
byPOSSCON
 
PPTX
Assembling an Open Source Toolchain to Manage Public, Private and Hybrid Clou...
byPOSSCON
 
PPTX
Accelerating Application Delivery with OpenShift
byPOSSCON
 
PDF
Openstack 101
byPOSSCON
 
ODP
Community Building: The Open Source Way
byPOSSCON
 
PPTX
I Know It Was MEAN, But I Cut the Cord to LAMP Anyway
byPOSSCON
 
PDF
Software Defined Networking (SDN) for the Datacenter
byPOSSCON
 
PDF
Application Security on a Dime: A Practical Guide to Using Functional Open So...
byPOSSCON
 
ODP
Why Your Open Source Story Matters
byPOSSCON
 
PDF
How YARN Enables Multiple Data Processing Engines in Hadoop
byPOSSCON
 
PPTX
Google Summer of Code
byPOSSCON
 
PDF
Introduction to Hadoop
byPOSSCON
 
PPTX
Cyber Security and Open Source
byPOSSCON
 
PDF
Intro to AngularJS
byPOSSCON
 
PDF
Docker 101: An Introduction
byPOSSCON
 
PDF
Graph the Planet!
byPOSSCON
 
PDF
Software Freedom Licensing: What You Must Know
byPOSSCON
 
PDF
Contributing to an Open Source Project 101
byPOSSCON
 
Why Meteor.JS?
byPOSSCON
 
Vagrant 101
byPOSSCON
 
Tools for Open Source Systems Administration
byPOSSCON
 
Assembling an Open Source Toolchain to Manage Public, Private and Hybrid Clou...
byPOSSCON
 
Accelerating Application Delivery with OpenShift
byPOSSCON
 
Openstack 101
byPOSSCON
 
Community Building: The Open Source Way
byPOSSCON
 
I Know It Was MEAN, But I Cut the Cord to LAMP Anyway
byPOSSCON
 
Software Defined Networking (SDN) for the Datacenter
byPOSSCON
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
byPOSSCON
 
Why Your Open Source Story Matters
byPOSSCON
 
How YARN Enables Multiple Data Processing Engines in Hadoop
byPOSSCON
 
Google Summer of Code
byPOSSCON
 
Introduction to Hadoop
byPOSSCON
 
Cyber Security and Open Source
byPOSSCON
 
Intro to AngularJS
byPOSSCON
 
Docker 101: An Introduction
byPOSSCON
 
Graph the Planet!
byPOSSCON
 
Software Freedom Licensing: What You Must Know
byPOSSCON
 
Contributing to an Open Source Project 101
byPOSSCON
 

Recently uploaded

PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Workflow and decision Automation with Flowable
bychakib ch
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 

How to Use Cryptography Properly: The Common Mistakes People Make When Using Cryptographic Functions

  • 1.
    Using Cryptography Properly inApplications POSSCON 2015 Andy Watson Ionic Security
  • 2.
    About: Name: Andy Watson Occupation:Byte Mangler Employer: Ionic Security http://ionicsecurity.com/
  • 3.
    Why: I’ve seen toomany people not using cryptography or using it incorrectly. This information may help you not be one of them.
  • 4.
    Agenda: ● Random ● Salt ●Hash ● Key Derivation ● Symmetric Encryption ● Famous Mistakes
  • 5.
  • 6.
    Random Number Generators RNG:A computational or physical device designed to generate a sequence of numbers that lack any pattern High quality generators depend on an entropy source like radioactive decay or radio frequency noise For cryptographic functions, higher levels of entropy are required to work properly
  • 7.
    Pseudo Computational RNG areknown as Pseudo RNG PRNG are “seeded” with a value to generate a series of numbers
  • 8.
  • 9.
    What is aSalt? Random data added to your input to create better output from one way functions Useful for defending against dictionary and rainbow table attacks.
  • 10.
  • 11.
  • 12.
    Hashing Function (n.) AFunction that represents data of arbitrary size as data of a fixed size. $ echo 'Hello POSSCON 2015!' | md5 81ad0b0ba5f98e0f584c1cd9a2c324a3 $ echo 'Hello POSSCON 2015' | md5 0c9c470f340aedaba625908939ba3c7b
  • 13.
    When to Hash Usehashing functions when saving the original data would be a liability you have no business dealing with For Example: Linux Passwords $6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2DwuS 4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4. I5x5NtqidhBTGobQLOqxBAFe1
  • 14.
    Don’t Store TheClear Credentials should be salted and hashed when stored During login, salt and hash the password entered and check it against the result you stored
  • 15.
    When Hashes Collide Thesetwo blocks have the same md5 hash of 79054025255fb1a26e4bc422aef54eb4 This is called a collision d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70 d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
  • 16.
    Taste the RainbowTable A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Password MD5 Hash 123456 e10adc3949ba59abbe56e057f20f883e password 5f4dcc3b5aa765d61d8327deb882cf99
  • 17.
    You. Must. Hash.Securely. Cryptographically Secure Hash Function (n.) A hash function which is infeasible to reverse back to the original message and not subject to collisions $ echo "hello POSSCON 2015" | shasum -a 512 0d294c5140972735a80131eca426da4838cf5de1b3eb1c8cb51c4bb24823e389 d22a36be76be597a5c5a934dd5fada8b75e0986fb6e89329a820c22d96c4be17
  • 18.
  • 19.
    Key Derivation Functions KDFcreate new secret keys from a secret value and a known value - like a password Key Derivation Functions can be used in a “key stretching” routing to enhance hashing functions to provide much more protection from rainbow tables and brute force attacks
  • 20.
    Original KDF: crypt ●Invented in 1978 to protect UNIX passwords ● Used only a 12 bit salt ● Limited passwords to 8 characters
  • 21.
    Modern KDFs PDKDF2 ● 64bit random salt ● 5000 iterations of SHA1 (hashing function) SCRYPT ● Consumes large amounts of memory on purpose
  • 22.
    PBKDF2 In ANutshell™ Password SALT + Password Prepend SALT Intermediate Hash SHA1 REPEAT SHA1 5000 TIMES Final Hash
  • 23.
    Save the Salt Storethe salt, the resulting hash and the number of iterations in your datastore You’ll have to calculate the derived key of the credential again to verify it is correct
  • 24.
  • 25.
    Symmetric Encryption Used whenyour application needs to protect data at rest (on disk etc) but will need to use those values later The most common algorithm for symmetric encryption is AES (Advanced Encryption Standard) It can operate in multiple modes like ECB, CBC, CTR and GCM - each suited to different uses
  • 26.
    ECB Mode Electronic CodeBook Operates on blocks of plaintext
  • 27.
    Comparing ECB toother modes http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
  • 28.
    Galois Counter Mode(GCM) Authenticates and Encrypts Messages Reduces the opportunity for interference with messages to go undetected
  • 29.
    It’s Complicated Use awell known, well tested cryptographic library / framework - do not write your own! Do research before shipping your code - make sure you’re using the right primitives / modes for your application
  • 30.
    Let’s point andlaugh Some Mistakes Were Made
  • 31.
  • 32.
    Le Sigh. My passwordis stored in their database. It was not hashed or they could not have emailed it to me!
  • 33.
    Which is badbecause... A lot of people use the same password everywhere and use their email address as their login!
  • 34.
    So... An attacker thatgets this password list can try to log in to all kinds of things as you! 1. email 2. banks 3. credit reporting 4. even NetFlix!
  • 35.
    Adobe Hack Millions of“encrypted” passwords stolen Hashed with MD5 Large numbers of them found in rainbow tables Most Common Password: 123456 http://stricture-group.com/files/adobe-top100.txt
  • 37.
    Beware The DefaultSettings Default settings for Android Bouncy Castle starting in 2.1 were not good Defaulted to ECB mode!
  • 38.
    Empirical Study ofAndroid Apps 11,748 applications analyzed 5,656 used ECB mode by default 3,644 used a constant symmetric key 2,000 used ECB mode EXPLICITLY! 1,932 used a constant IV 1,629 seeded PRNG with static value
  • 39.
    Seeding the Pseudo In2006 a bug in Debian and Ubuntu caused the PID to be used as the output of the PRNG - only 32,768 possible values! (hint: that’s not enough!)
  • 40.
    UnSalted Hashes In 2012,LinkedIn password hashes were stolen They were not salted so 60% of them were cracked
  • 41.
    Crisis Averted atSlack User profile data stolen in February 2015 Passwords hashed with bcrypt and random salts Change your password anyway...
  • 42.
    Unlocking Your Prius Systemuses rotating codes in a small range Some built in (pre-shared) keys for repair use No protection from replaying codes Brute force attacks possible Still under investigation...
  • 43.
  • 44.
    More Resources ForYou https://bitly.com/bundles/andrewwatson/2
  • 45.