SlideShare a Scribd company logo

ZendCon 2018 - Cryptography in Depth

Adam Englander
Adam Englander

Cryptography is the invisible layer protecting everything around us. As software engineers, we are required to have some understanding of cryptography. Most of us only have a cursory understanding. Let’s dive deep into algorithms and modes for encryption, digital signatures, hashing, and key derivation. To get the most from this presentation, it is expected that you have a basic understanding of cryptography.

Technology
1 of 275
Download to read offline
@adam_englander Cryptography in Depth Adam Englander Software Architect, TransUnion
@adam_englander Entropy
@adam_englander Entropy
@adam_englander Fighting Predictability
@adam_englander
@adam_englander 4,294,967,296 Total messages 365 Days/year 8,171 Encryptions/min ➗ 24 Hours/day➗ 60 Minutes/hour➗
@adam_englander sdhpeurh8awjw4npv894nv9q04
@adam_englander CSPRNGs and the Entropy Pools
@adam_englander Environmental Pools
@adam_englander Hardware Pools
@adam_englander /dev/random
@adam_englander /dev/urandom
@adam_englander /dev/arandom
@adam_englander Which one should I use?
@adam_englander paragonie/rand_compat CSPRNG Functions
@adam_englander Fighting Predictability
@adam_englander Secrets
@adam_englander Keys
@adam_englander Keys
@adam_englander Shared Secrets
@adam_englander The Problem is Trust
@adam_englander Too Many Keys
@adam_englander Key Exchange
@adam_englander Diffie-Hellman Key Exchange The magic of modular arithmetic
@adam_englander Public Key Cryptography
@adam_englander Modular Arithmetic Magic
@adam_englander Very Large Prime Numbers
@adam_englander Which one should I use?
@adam_englander Public Key Shared Secret
@adam_englander Rotation
@adam_englander Encryption
@adam_englander
@adam_englander RSA
@adam_englander RSA Encryption Plain Text Padding Cipher Text Public Key Padded Message Encrypt
@adam_englander RSA Encryption Plain Text Padding Cipher Text Public Key Padded Message Encrypt
@adam_englander RSA Encryption Plain Text Padding Cipher Text Public Key Padded Message Encrypt
@adam_englander RSA Encryption Plain Text Padding Cipher Text Public Key Padded Message Encrypt
@adam_englander RSA Decryption Plain TextRemove Pad Cipher Text Private Key Padded Message Decrypt
@adam_englander RSA Decryption Plain TextRemove Pad Cipher Text Private Key Padded Message Decrypt
@adam_englander RSA Decryption Plain TextRemove Pad Cipher Text Private Key Padded Message Decrypt
@adam_englander Padding Schemes
@adam_englander PKCS#1v1.5
@adam_englander OAEP a.k.a PKCS#1v2
@adam_englander Advanced Encryption Standard (AES)
@adam_englander Block Cipher
@adam_englander This is a block split se ntence22
@adam_englander Key Key Expansion Add RoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Plaintext Block
@adam_englander Key Key Expansion Add RoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Plaintext Block
@adam_englander Rijandel Key Schedule
@adam_englander Key Key Expansion AddRoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Input Block
@adam_englander AddRoundKey 1001100110100010101010110010111010011001101000101010101100101110 0010110010101111010101011001010101011100010101010001110010101010 1011010100001101111111101011101111000101111101111011011110000100 XOR
@adam_englander Key Key Expansion Add RoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Input Block
@adam_englander Key Key Expansion Add RoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Input Block
@adam_englander Key Key Expansion Add RoundKey Round 1 Key Round 2 to n-1 Key Round n Key Round 1 Round n Ciphertext Block Round 2 to (n-1) Input Block
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander Bits to Byte Matrices b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16 b33 b37 b41 b45 b34 b38 b42 b46 b35 b39 b43 b47 B36 b40 b44 b48 b17 b21 b25 b29 b18 b22 b26 b30 b19 b23 b27 b31 b20 b24 b28 b32 b49 b53 b57 b61 b50 b54 b58 b62 b51 b55 b59 b63 b52 b56 b60 b64 1011010100001101111111101011101111000101111101111011011110000100
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander SubBytes b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander SubBytes s01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander SubBytes s01 s05 b09 b13 s02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander SubBytes s01 b05 b09 b13 s02 b06 b10 b14 s03 b07 b11 b15 b04 b08 b12 b16
@adam_englander SubBytes s01 s05 s09 s13 s02 s06 s10 s14 s03 s07 s11 s15 s04 s08 s12 s16
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander ShiftRows b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander ShiftRows b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander ShiftRows b01 b05 b09 b13 b06 b10 b14 b02 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander ShiftRows b01 b05 b09 b13 b06 b10 b14 b02 b11 b15 b03 b07 b04 b08 b12 b16
@adam_englander ShiftRows b01 b05 b09 b13 b06 b10 b14 b02 b11 b15 b03 b07 b16 b04 b08 b12
@adam_englander ShiftRows b01 b05 b09 b13 b06 b10 b14 b02 b11 b15 b03 b07 b16 b04 b08 b12
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander MixColumns b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16
@adam_englander MixColumns t01 b05 b09 b13 t02 b06 b10 b14 t03 b07 b11 b15 t04 b08 b12 b16
@adam_englander MixColumns t01 t05 b09 b13 t02 t06 b10 b14 t03 t07 b11 b15 t04 t08 b12 b16
@adam_englander MixColumns t01 t05 t09 b13 t02 t06 t10 b14 t03 t07 t11 b15 t04 t08 t12 b16
@adam_englander MixColumns t01 t05 t09 t13 t02 t06 t10 t14 t03 t07 t11 t15 t04 t08 t12 t16
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander Byte Matrices to Bits b01 b05 b09 b13 b02 b06 b10 b14 b03 b07 b11 b15 b04 b08 b12 b16 b33 b37 b41 b45 b34 b38 b42 b46 b35 b39 b43 b47 B36 b40 b44 b48 b17 b21 b25 b29 b18 b22 b26 b30 b19 b23 b27 b31 b20 b24 b28 b32 b49 b53 b57 b61 b50 b54 b58 b62 b51 b55 b59 b63 b52 b56 b60 b64 1011010100001101111111101011101111000101111101111011011110000100
@adam_englander Rounds RoundKeySubBytes ShiftRows MixColumns AddRoundKey Input Block Output Block To Matrices To Bytes
@adam_englander AddRoundKey 1001100110100010101010110010111010011001101000101010101100101110 0010110010101111010101011001010101011100010101010001110010101010 1011010100001101111111101011101111000101111101111011011110000100 XOR
@adam_englander Modes
@adam_englander This is a block split se ntence22
@adam_englander CBC ECB OFB CFB CTR GCM
@adam_englander CBC ECB OFB CFB CTR GCM
@adam_englander CBC ECB OFB CFB CTR GCM
@adam_englander CBC ECB OFB CFB CTR GCM
@adam_englander CBC ECB OFB CFB CTR GCM
@adam_englander Electronic Cook Book (ECB)
@adam_englander
@adam_englander
@adam_englander Cipher Block Chaining (CBC)
@adam_englander
@adam_englander
@adam_englander Galois Counter Mode (GCM)
@adam_englander Galois Counter Mode (GCM)
@adam_englander
@adam_englander
@adam_englander Galois Counter Mode (GCM)
@adam_englander Galois Counter Mode (GCM)
@adam_englander Galois Counter Mode (GCM)
@adam_englander Galois Counter Mode (GCM)
@adam_englander Which mode should I use?
@adam_englander Mode Padding Oracle Resistant? Nonce Reuse Resistant? CBC No Yes GCM Yes No
@adam_englander GCM CBC
@adam_englander Padding
@adam_englander PKCS#5/PKCS#7 The value of each added byte is the number of bytes that are added. The last value is always a pad.
@adam_englander PKCS#5/7 Example Hello World
@adam_englander PKCS#5/7 Example Hello World 48 65 6c 6c 6f 20 57 6f 72 6c 64 11 bytes
@adam_englander PKCS#5/7 Example Hello World 48 65 6c 6c 6f 20 57 6f 72 6c 64 11 bytes 64 bytes - 11 bytes = 53 bytes = 0x35 bytes
@adam_englander PKCS#5/7 Example Hello World 48 65 6c 6c 6f 20 57 6f 72 6c 64 11 bytes 64 bytes - 11 bytes = 53 bytes = 0x35 bytes 48 65 6c 6c 6f 20 57 6f 72 6c 64 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 64 byte padded value
@adam_englander PKCS#5/7 Example Hello World 48 65 6c 6c 6f 20 57 6f 72 6c 64 11 bytes 64 bytes - 11 bytes = 53 bytes = 0x35 bytes 48 65 6c 6c 6f 20 57 6f 72 6c 64 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 64 byte padded value
@adam_englander PKCS#5/7 Example Hello World 48 65 6c 6c 6f 20 57 6f 72 6c 64 11 bytes 64 bytes - 11 bytes = 53 bytes = 0x35 bytes 48 65 6c 6c 6f 20 57 6f 72 6c 64 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 64 byte padded value
@adam_englander What if we have 64 characters?
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 77 64 bytes
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 77 64 bytes 64 bytes - 64 bytes = 0 bytes
@adam_englander PKCS#5/PKCS#7 The value of each added byte is the number of bytes that are added. The last value is always a pad.
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 77 64 bytes 64 bytes - 64 bytes = 0 bytes 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 7740 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 128 byte padded value
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 77 64 bytes 64 bytes - 64 bytes = 0 bytes 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 7740 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 128 byte padded value
@adam_englander PKCS#5/7 64 Character Example This is a sixty four byte text that I am going to encrypt meow 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 77 64 bytes 64 bytes - 64 bytes = 0 bytes 54 68 69 73 20 69 73 20 61 20 73 69 78 74 79 20 66 6f 75 72 20 62 79 74 65 20 74 65 78 74 20 74 68 61 74 20 49 20 61 6d 20 67 6f 69 6e 67 20 74 6f 20 65 6e 63 72 79 70 74 20 6d 65 6f 7740 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 128 byte padded value
@adam_englander Salsa20/XSalsa20 ChaCha/XChaCha
@adam_englander Salsa20 The new hotness!
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons Key Key Key Key Key Key Key Key
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons Nonce Nonce
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons Pos Pos
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons Cons Cons Cons Cons
@adam_englander Cons Key Key Key Key Cons Nonce Nonce Pos Pos Cons Key Key Key Key Cons Cons Cons Cons Cons
@adam_englander Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Round Manipulation b ⊕= (a ⊞ d) <<< 7 c ⊕= (b ⊞ a) <<< 9 d ⊕= (c ⊞ b) <<< 13 a ⊕= (d ⊞ c) <<< 18
@adam_englander Round Manipulation b ⊕= (a ⊞ d) <<< 7 c ⊕= (b ⊞ a) <<< 9 d ⊕= (c ⊞ b) <<< 13 a ⊕= (d ⊞ c) <<< 18
@adam_englander Round Manipulation b ⊕= (a ⊞ d) <<< 7 c ⊕= (b ⊞ a) <<< 9 d ⊕= (c ⊞ b) <<< 13 a ⊕= (d ⊞ c) <<< 18
@adam_englander Round Manipulation b ⊕= (a ⊞ d) <<< 7 c ⊕= (b ⊞ a) <<< 9 d ⊕= (c ⊞ b) <<< 13 a ⊕= (d ⊞ c) <<< 18
@adam_englander Round Manipulation b ⊕= (a ⊞ d) <<< 7 c ⊕= (b ⊞ a) <<< 9 d ⊕= (c ⊞ b) <<< 13 a ⊕= (d ⊞ c) <<< 18
@adam_englander ChaCha Mixes it up a bit
@adam_englander Cons Cons Cons Cons Key Key Key Key Key Key Key Key Pos Pos Nonce Nonce
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Odd Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Even Rounds 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; d<<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander Round Manipulation a ⊞= b; d ⊕= a; a <<< 16 c ⊞= d; b ⊕=c; b<<< 12 a ⊞= b; d ⊕= a; d<<< 8 c ⊞= d; b ⊕=c; b<<< 78
@adam_englander X hits the spot
@adam_englander Which one should I use?
@adam_englander XChaCha RSA AES-GCM
@adam_englander Hashing
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression Transformation F I N Merkle–Damgård MD5/SHA1/SHA2
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression Transformation F I N Merkle–Damgård MD5/SHA1/SHA2
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression Transformation F I N Merkle–Damgård MD5/SHA1/SHA2
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression F I N Merkle–Damgård MD5/SHA1/SHA2 Transformation
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression F I N Merkle–Damgård MD5/SHA1/SHA2 Transformation
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression F I N Merkle–Damgård MD5/SHA1/SHA2 Transformation
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression F I N Merkle–Damgård MD5/SHA1/SHA2 Transformation
@adam_englander Msg block 1 Msg block 2 Msg block n XForm block 1 XForm block 2 XForm block n Static IV Compr Result Compr Result Compr Result Hash Compression F I N Merkle–Damgård MD5/SHA1/SHA2 Transformation
@adam_englander If they’re all basically the same, how do I pick one to use?
@adam_englander It’s all about speed… and collisions
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA1 160 2^80 909 SHA2 512 2^256 623 SHA3 512 2^256 198 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA-256 256 2^128 413 SHA-512 512 2^256 623 SHA3 256 2^128 367 Blake2 512 2^256 947
@adam_englander Hash Collision Speed SHA-256 256 2^128 413 SHA-512 512 2^256 623 SHA3 256 2^128 367 Blake2 512 2^256 947
@adam_englander 2.4814314e59 Years/collision 2^256 Hash/collision ➗4.6663425e15 Hash/year
@adam_englander 248,143,142,594,689,942,762, 604,727,382,715,494,744,052, 723,660,212,605,567,331 years
@adam_englander 248,143,142,594,689,942,762, 604,727,382,715,494,744,052, 723,660,212,605,567 years
@adam_englander 248,143,142,594,689,942,762, 604,727,382,715,494,744,052, 723,660,212,605 years
@adam_englander Hash Collision Speed SHA-256 256 2^128 413 SHA-512 512 2^256 623 SHA3 256 2^128 367 Blake2 512 2^256 947
@adam_englander Blake 2b SHA2-512
@adam_englander Key Derivation
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander Key SALT SALT Derivation D(1) D(1) Derivation D(2) SALTD(n-1) Derivation Hash
@adam_englander MCF/PHC Format
@adam_englander Modular Crypt Format $<identifier>$<content>
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander bcrypt $2y$10$W6r/AOt7Eutp/l9oZaT6GezLUOIiljdWGIhs.KLJEmmtSJJVk5sDi
@adam_englander PHC Format $<id>[$<param>=<value> (,<param>=<value>)*][$<salt>[$<hash>]]
@adam_englander PHC Format $<id>[$<param>=<value> (,<param>=<value>)*][$<salt>[$<hash>]]
@adam_englander scrypt $scrypt$ln=16,r=8,p=1$aM15713r3Xsvxmi31lqr1Q$ nFNh2CVHVjNldFVKDHDlm4CmdRSCdEmsjjJxD+iCs5E
@adam_englander scrypt $scrypt$ln=16,r=8,p=1$aM15713r3Xsvxmi31lqr1Q$ nFNh2CVHVjNldFVKDHDlm4CmdRSCdEmsjjJxD+iCs5E
@adam_englander scrypt $scrypt$ln=16,r=8,p=1$aM15713r3Xsvxmi31lqr1Q$ nFNh2CVHVjNldFVKDHDlm4CmdRSCdEmsjjJxD+iCs5E
@adam_englander scrypt $scrypt$ln=16,r=8,p=1$aM15713r3Xsvxmi31lqr1Q$ nFNh2CVHVjNldFVKDHDlm4CmdRSCdEmsjjJxD+iCs5E
@adam_englander scrypt $scrypt$ln=16,r=8,p=1$aM15713r3Xsvxmi31lqr1Q$ nFNh2CVHVjNldFVKDHDlm4CmdRSCdEmsjjJxD+iCs5E
@adam_englander Argon2i $argon2i$v=19$m=1024,t=2,p=2$TmxLemFoVnZFaEJuT1NyYg$ 4j2ZFDn1fVS70ZExmlJ33rXOinafcmXrp6A6grHEPkI
@adam_englander Argon2i $argon2i$v=19$m=1024,t=2,p=2$TmxLemFoVnZFaEJuT1NyYg$ 4j2ZFDn1fVS70ZExmlJ33rXOinafcmXrp6A6grHEPkI
@adam_englander Argon2i $argon2i$v=19$m=1024,t=2,p=2$TmxLemFoVnZFaEJuT1NyYg$ 4j2ZFDn1fVS70ZExmlJ33rXOinafcmXrp6A6grHEPkI
@adam_englander Argon2i $argon2i$v=19$m=1024,t=2,p=2$TmxLemFoVnZFaEJuT1NyYg$ 4j2ZFDn1fVS70ZExmlJ33rXOinafcmXrp6A6grHEPkI
@adam_englander Argon2i $argon2i$v=19$m=1024,t=2,p=2$TmxLemFoVnZFaEJuT1NyYg$ 4j2ZFDn1fVS70ZExmlJ33rXOinafcmXrp6A6grHEPkI
@adam_englander Which KDF should I use?
@adam_englander MCF Function CPU Memory PBKDF2 No HMAC-SHA No No bcrypt Yes blowfish No No scrypt Yes Salsa Yes No Argon2 Yes Blake2 Yes Yes
@adam_englander MCF Function CPU Memory PBKDF2 No HMAC-SHA No No bcrypt Yes blowfish No No scrypt Yes Salsa Yes No Argon2 Yes Blake2 Yes Yes
@adam_englander MCF Function CPU Memory PBKDF2 No HMAC-SHA No No bcrypt Yes blowfish No No scrypt Yes Salsa Yes No Argon2 Yes Blake2 Yes Yes
@adam_englander MCF Function CPU Memory PBKDF2 No HMAC-SHA No No bcrypt Yes blowfish No No scrypt Yes Salsa Yes No Argon2 Yes Blake2 Yes Yes
@adam_englander MCF Function CPU Memory PmKDF2 No HMAC-SHA No No mcrypt Yes mlowfish No No scrypt Yes Salsa Yes No Argon2 Yes Blake2 Yes Yes
@adam_englander Argon2 scrypt bcrypt
@adam_englander bcrypt Argon2
@adam_englander What settings should I use?
@adam_englander Turn it up as high as you can!
@adam_englander Digital Signatures
@adam_englander HMAC
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Deriving Padded Keys Key Derivation(i) Padded Key Padded Inner Key Padded Outer Key Derivation(o) Hash/Pad?
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander Building the Signature Padded Inner Key Message Hash Func Inner Hash Hash Func Signature Padded Outer Key Inner Hash
@adam_englander RSA
@adam_englander RSA Signing Message Hash Func Signature Private Key Hashed Message Encrypt
@adam_englander RSA Signing Message Hash Func Signature Private Key Message Digest Encrypt
@adam_englander RSA Signing Message Hash Func Signature Private Key Message Digest Encrypt
@adam_englander RSA Signature Verification Message Hash Func Signature Public Key Message Digest Decrypt Decrypted Message Compare
@adam_englander RSA Signature Verification Message Hash Func Signature Public Key Message Digest Decrypt Decrypted Message Compare
@adam_englander RSA Signature Verification Message Hash Func Signature Public Key Message Digest Decrypt Decrypted Message Compare
@adam_englander RSA Signature Verification Message Hash Func Signature Public Key Message Digest Decrypt Decrypted Message Compare
@adam_englander DSA
@adam_englander DSA Signing Message Hash Func Signature Private Key Message Digest Sign Nonce Gen Nonce
@adam_englander DSA Signing Message Hash Func Signature Private Key Message Digest Sign Nonce Gen Nonce
@adam_englander DSA Signing Message Hash Func Signature Private Key Message Digest Sign Nonce Gen Nonce
@adam_englander DSA Signing Message Hash Func Signature Private Key Message Digest Sign Nonce Gen Nonce
@adam_englander DSA Signature Verification Message Hash Func Signature Public Key Hashed Message Reverse Nonce Nonce? Compare
@adam_englander DSA Signature Verification Message Hash Func Signature Public Key Message Digest Reverse Nonce Nonce? Compare
@adam_englander DSA Signature Verification Message Hash Func Signature Public Key Message Digest Reverse Nonce Nonce? Compare
@adam_englander DSA Signature Verification Message Hash Func Signature Public Key Message Digest Reverse Nonce Nonce? Compare
@adam_englander ECDSA
@adam_englander
@adam_englander EdDSA
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 k RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 k RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 512b RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 512b RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 512b RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Type Symmetric Hash Security HMAC Yes SHA3-512 512b RSA No SHA2-512 k/12.8 ECDSA No SHA2-512 k/2 EdDSA No Blake k/2
@adam_englander Which should I use?
@adam_englander EdDSA ECDSA

Recommended

Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for Beginners
Adam Englander
 
Holey
HoleyHoley
HoleyAbhi Paty
 
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
Blaine Stancill
 
Modeling computer networks by colored Petri nets
Modeling computer networks by colored Petri netsModeling computer networks by colored Petri nets
Modeling computer networks by colored Petri nets
DmitryZaitsev5
 
Simple Nested Sets and some other DB optimizations
Simple Nested Sets and some other DB optimizationsSimple Nested Sets and some other DB optimizations
Simple Nested Sets and some other DB optimizations
Eli Aschkenasy
 
Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
Adam Englander
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019
Adam Englander
 
Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for Dummies
Adam Englander
 

Recommended

Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for Beginners
Adam Englander
 
Holey
HoleyHoley
HoleyAbhi Paty
 
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
Blaine Stancill
 
Modeling computer networks by colored Petri nets
Modeling computer networks by colored Petri netsModeling computer networks by colored Petri nets
Modeling computer networks by colored Petri nets
DmitryZaitsev5
 
Simple Nested Sets and some other DB optimizations
Simple Nested Sets and some other DB optimizationsSimple Nested Sets and some other DB optimizations
Simple Nested Sets and some other DB optimizations
Eli Aschkenasy
 
Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
Adam Englander
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019
Adam Englander
 
Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for Dummies
Adam Englander
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
Adam Englander
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
Adam Englander
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
Adam Englander
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
Adam Englander
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Adam Englander
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
Adam Englander
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
Adam Englander
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
Adam Englander
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
Adam Englander
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
Adam Englander
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Adam Englander
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
Adam Englander
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
Adam Englander
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
Adam Englander
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Adam Englander
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
Adam Englander
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Adam Englander
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]
Adam Englander
 
Python and Docker
Python and DockerPython and Docker
Python and Docker
Adam Englander
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in Python
Adam Englander
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 

More Related Content

More from Adam Englander

ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
Adam Englander
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
Adam Englander
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
Adam Englander
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
Adam Englander
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Adam Englander
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
Adam Englander
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
Adam Englander
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
Adam Englander
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
Adam Englander
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
Adam Englander
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Adam Englander
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
Adam Englander
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
Adam Englander
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
Adam Englander
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Adam Englander
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
Adam Englander
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Adam Englander
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]
Adam Englander
 
Python and Docker
Python and DockerPython and Docker
Python and Docker
Adam Englander
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in Python
Adam Englander
 

More from Adam Englander (20)

ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]
 
Python and Docker
Python and DockerPython and Docker
Python and Docker
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in Python
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 

ZendCon 2018 - Cryptography in Depth