Successfully reported this slideshow.
Upcoming SlideShare
×

# Cryptography

3,972 views

Published on

Published in: Technology
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Dating direct: ❶❶❶ http://bit.ly/2ZDZFYj ❶❶❶

Are you sure you want to  Yes  No
• Dating for everyone is here: ♥♥♥ http://bit.ly/2ZDZFYj ♥♥♥

Are you sure you want to  Yes  No

Are you sure you want to  Yes  No

### Cryptography

1. 1. yllan, 2015
2. 2. • @yllan • hypo https://hypo.cc/ • SOLDA https://solda.io/ •
3. 3. Q: AES
4. 4. • • • / • key • key
5. 5. Encryption
6. 6. Encryption System • Block Cipher • • DES, AES, RSA, … • block padding block • Block Mode: ECB / CBC / GCM / ……
7. 7. Don’t Use ECB mode! Block 1 Block 2 Block N… Cipher 1 Cipher 2 Cipher N…
9. 9. ECB: Byte-by-Byte • Oracle(m)=AES-ECB(m‖secret, key) AES-ECB(123456789012345secret, key) AES-ECB(123456789012345*secret, key) AES-ECB(123456789012345ssecret, key) AES-ECB(12345678901234secret, key) AES-ECB(12345678901234s*secret, key) AES-ECB(12345678901234sesecret, key) AES-ECB(1234567890123secret, key) A block: 16-bytes
10. 10. CBC
13. 13. CBC Padding Oracle • PKCS7 Padding • xxxxxxxxxx01 • xxxxxxxxx0202 • xxxxxxxx030303
14. 14. if (!bytes.takeRight(bytes.last) .forAll(_ == bytes.last)) { throw Exception(“Padding invalid!”) }
15. 15. 030303
16. 16. 030303 ⊕01
17. 17. 030302 ⊕01
18. 18. 030302 ⊕01
19. 19. 030303 ⊕02
20. 20. 030301 ⊕02 valid padding!
21. 21. 030301 ⊕02 valid padding!last byte ⊕ 02 = 01, last byte = 03
22. 22. 030303 valid padding!last byte ⊕ 02 = 01, last byte = 03
23. 23. ??040404 ⊕??070707
24. 24. Authentication (Signing)
25. 25. (Crypto) Hash • MD5, SHA1, SHA2, SHA3…… • input n output • One-Way: H(x) x • 2nd Pre-Image Resistance: y H(x) = H(y) • Collision Free: x ≠ y H(x) = H(y)
26. 26. Hash ≠ Authentication
27. 27. • user=yllan&rating=5&album=12345 • MD5(secretalbum12345rating5useryllan) • • Length Extension Attack
28. 28. Length Extension Attack • ????user=yllan&rating=5 • ????user=yllan&rating=5…&admin=true
29. 29. data data paddata 1 length0…0 64bytes 64bytes 64bytes
30. 30. data paddatadata 64bytes 64bytes 64bytes v1: 0x67452301 v2: 0xEFCDAB89 v3: 0x98BADCFE v4: 0x10325476 v5: 0xC3D2E1F0
31. 31. data paddatadata 64bytes 64bytes 64bytes v1: 0xAAAAAAAA v2: 0xBBBBBBBB v3: 0xCCCCCCCC v4: 0xDDDDDDDD v5: 0xEEEEEEEE
32. 32. data paddatadata 64bytes 64bytes 64bytes v1: 0xFFFFFFFF v2: 0xFFFFFFFF v3: 0xFFFFFFFF v4: 0xFFFFFFFF v5: 0xFFFFFFFF
33. 33. data paddatadata 64bytes 64bytes 64bytes v1: 0x00000000 v2: 0x11111111 v3: 0x22222222 v4: 0x33333333 v5: 0x44444444 SHA1: 0x0000000011111111222222223333333344444444
34. 34. ? ??? 64bytes 64bytes 64bytes SHA1: 0x0000000011111111222222223333333344444444
35. 35. ? ??? 64bytes 64bytes 64bytes SHA1: 0x0000000011111111222222223333333344444444 v1: 0x00000000 v2: 0x11111111 v3: 0x22222222 v4: 0x33333333 v5: 0x44444444
36. 36. ? ??? ytes 64bytes 64bytes v1: 0x00000000 v2: 0x11111111 v3: 0x22222222 v4: 0x33333333 v5: 0x44444444 PadExtension
37. 37. ? ??? ytes 64bytes 64bytes v1: 0x55555555 v2: 0x66666666 v3: 0x77777777 v4: 0x88888888 v5: 0x99999999 SHA1: 0x5555555566666666777777778888888899999999 PadExtension
38. 38. ? ??? ytes 64bytes 64bytes v1: 0x55555555 v2: 0x66666666 v3: 0x77777777 v4: 0x88888888 v5: 0x99999999 SHA1: 0x5555555566666666777777778888888899999999 PadExtension
39. 39. MAC • Message Authentication Code • HMAC-SHA256(message, secret) • m, MACk(m) n, MACk(n)
40. 40. Side Channel Attack
41. 41. Comparison public static boolean isEqual(byte digesta[], byte digestb[]) { if (digesta.length != digestb.length) return false; for (int i = 0; i < digesta.length; i++) { if (digesta[i] != digestb[i]) { return false; } } return true; } Java 6u15: MessageDigest.isEqual
42. 42. Constant Time Comparison ( ) public static boolean isEqual(byte[] a, byte[] b) { if (a.length != b.length) { return false; } int result = 0; for (int i = 0; i < a.length; i++) { result |= a[i] ^ b[i]; } return result == 0; }
43. 43. Side Channel • • • • HEARTBLEED
44. 44. • bcrypt()
45. 45. • RSA/DES library… Orz
46. 46. Q & A
47. 47. 1 2 3 4 5 6 7 8 9 10……