Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The secrets of cryptography

carnage
June 11, 2016
Programming
0
120

The secrets of cryptography

Alice and Bob have secrets they want to talk about without Eve being able to listen in. Worse yet, the mischievous Mallory delights in changing messages sent between parties. In such a hostile environment how can Alice talk to Bob without their messages being overheard and how can she be sure that it was Bob that sent the message in the first place?

This talk will take a brief look at historic codes and ciphers before taking a look at modern day Cryptography. If you want to be able to know the difference between a block cipher and a stream cipher or get a glimpse into the mathematics behind public key Cryptography this talk is for you.

Cipher challenge here: http://tiny.cc/0qq6by

carnage

June 11, 2016
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
carnage
2
310
Event Driven Development
carnage
0
450
More Secrets of Cryptography
carnage
0
250
Nuclear powered software securty
carnage
0
260
Microservices vs The distributed monolith
carnage
1
1.8k
Passwords and how to handle them
carnage
0
210
A storm is brewing
carnage
0
64
The secrets of cryptography
carnage
0
120
You attended talk: An introduction to event sourcing (short)
carnage
0
380

Other Decks in Programming

See All in Programming
Introduction to Typing Practice
fendo181
0
380
Revisiting TypeProf - IDE support as a primary feature
mame
1
200
Code readability: Session 1 (ver. 2, En)
munetoshi
0
130
Make Regexp#match much faster
makenowjust
1
440
Compose로 Android&Desktop 멀티플랫폼 만들기
pangmoo
0
110
実践 AWS CDK 〜 いろいろな参照のカタチと使い分け 〜
konokenj
12
1.9k
Developing Chrome Extension with ruby.wasm
logiteca7
1
270
Parsing RBS
soutaro
0
470
Yla's #Kaigieffect
little_rubyist
0
910
GitHub Copilotを使って ちょっと楽にUnitTestを書けるようになった
totokit4
2
1.4k
Symfony Messenger et ses messages: à la queleuleu…. Et s’il était temps de grouper ?
alli83
1
220
LLMによるプロット生成の試み(スターウォーズ)
hitokun
0
980

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
500
110k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
35
9.6k
Gamification - CAS2011
davidbonilla
75
4.2k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
13
1.4k
Teambox: Starting and Learning
jrom
124
8k
Practical Orchestrator
shlominoach
179
9.1k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
3
540
Atom: Resistance is Futile
akmur
256
24k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
28k
Scaling GitHub
holman
453
140k
Intergalactic Javascript Robots from Outer Space
tanoku
262
26k

Transcript

  1. The Secrets of Cryptography
    Christopher Riley
    PHP South Coast, 2016
    1

    View Slide

  2. Introduction

    View Slide

  3. Cryptography is HARD
    2

    View Slide

  4. Historic ciphers

    View Slide

  5. The ceasar shift

    View Slide

  6. The ceasar shift
    3

    View Slide

  7. The substitution cipher

    View Slide

  8. The substitution cipher
    4

    View Slide

  9. The substitution cipher: possible keys
    403,291,461,126,605,635,584,000,000
    5

    View Slide

  10. The substitution cipher: statistics
    6

    View Slide

  11. The substitution cipher: frequency analysis
    7

    View Slide

  12. Vigenère cipher

    View Slide

  13. The Vigenère cipher
    8

    View Slide

  14. The Vigenère cipher
    9

    View Slide

  15. The Vigenère cipher
    10

    View Slide

  16. Breaking the Vigenère cipher

    View Slide

  17. Breaking The Vigenère cipher
    11

    View Slide

  18. Breaking The Vigenère cipher
    12

    View Slide

  19. Enigma

    View Slide

  20. Enigma
    13

    View Slide

  21. Enigma
    14

    View Slide

  22. Breaking Enigma
    15

    View Slide

  23. Modern ciphers

    View Slide

  24. Modern cryptography
    • Confidentiality
    16

    View Slide

  25. Modern cryptography
    • Confidentiality
    • Key exchange
    17

    View Slide

  26. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    18

    View Slide

  27. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    • Authentication
    19

    View Slide

  28. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    • Authentication
    • Random number generation
    20

    View Slide

  29. Symmetric ciphers

    View Slide

  30. Stream ciphers

    View Slide

  31. A5/1

    View Slide

  32. A5/1: implementation diagram
    21

    View Slide

  33. A5/1: register clocking
    22

    View Slide

  34. Stream cipher weaknesses
    • Keys must not be reused
    23

    View Slide

  35. Stream cipher weaknesses
    • Keys must not be reused
    • Easy for an attacker to modify a message
    24

    View Slide

  36. Stream cipher weaknesses
    • Keys must not be reused
    • Easy for an attacker to modify a message
    • Hard to partially decrypt messages
    25

    View Slide

  37. Block ciphers

    View Slide

  38. AES

    View Slide

  39. AES: 1 round
    • Substitute Bytes
    • Shift Rows
    • Mix Columns
    • Add Round Key
    26

    View Slide

  40. AES: Substitute Bytes
    27

    View Slide

  41. AES: Shift Rows
    28

    View Slide

  42. AES: Mix Columns
    29

    View Slide

  43. AES: Add Round Key
    30

    View Slide

  44. Modes of operation

    View Slide

  45. ECB

    View Slide

  46. ECB
    31

    View Slide

  47. ECB: the ECB penguin
    1By Larry Ewing [email protected] with The GIMP
    32

    View Slide

  48. CBC

    View Slide

  49. CBC
    33

    View Slide

  50. CTR

    View Slide

  51. CTR
    34

    View Slide

  52. GCM

    View Slide

  53. GCM
    35

    View Slide

  54. Asymetric ciphers

    View Slide

  55. Public key cryptography

    View Slide

  56. RSA

    View Slide

  57. RSA
    • (me)d ≡ m (mod n)
    36

    View Slide

  58. RSA
    • (me)d ≡ m (mod n)
    • c ≡ me (mod n)
    37

    View Slide

  59. RSA
    • (me)d ≡ m (mod n)
    • c ≡ me (mod n)
    • cd ≡ (me)d ≡ m (mod n)
    38

    View Slide

  60. Identity verification

    View Slide

  61. RSA: Message signatures
    • (md)e ≡ m (mod n)
    • s ≡ md (mod n)
    • se ≡ (md)e ≡ m (mod n)
    39

    View Slide

  62. Implementing Cryptography

    View Slide

  63. Implementing Cryptography
    • Don’t
    40

    View Slide

  64. Implementing Cryptography
    • Don’t
    • Use existing implementations
    41

    View Slide

  65. Implementing Cryptography
    • Don’t
    • Use existing implementations
    • Bring in an expert
    42

    View Slide

  66. Implementing Cryptography in PHP

    View Slide

  67. Implementing Cryptography in PHP
    • Halite + libsodium
    • https://github.com/paragonie/halite
    43

    View Slide

  68. Implementing Cryptography in PHP
    • Halite + libsodium
    • https://github.com/paragonie/halite
    • Defuse PHP encryption
    • https://github.com/defuse/php-encryption
    44

    View Slide

  69. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    45

    View Slide

  70. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    • Bruce Schneier
    • https://www.schneier.com
    46

    View Slide

  71. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    • Bruce Schneier
    • https://www.schneier.com
    • https://github.com/gilfether/phpcrypt
    47

    View Slide

  72. Thanks
    • @giveupalready
    • https://github.com/carnage
    • https://joind.in/talk/d31d1
    48

    View Slide

  73. Cipher Challenge
    • The cipher challenge is now closed, but if you want to have a
    go anyway, the main text is now here
    • http://tiny.cc/0qq6by
    • @phpyorkshire
    49

    View Slide