carnage
June 24, 2016
120

# The secrets of cryptography

Alice and Bob have secrets they want to talk about without Eve being able to listen in. Worse yet, the mischievous Mallory delights in changing messages sent between parties. In such a hostile environment how can Alice talk to Bob without their messages being overheard and how can she be sure that it was Bob that sent the message in the first place?

This talk will take a brief look at historic codes and ciphers before taking a look at modern day Cryptography. If you want to be able to know the difference between a block cipher and a stream cipher or get a glimpse into the mathematics behind public key Cryptography this talk is for you.

Cipher challenge here: http://tiny.cc/0qq6by

June 24, 2016

## Transcript

1. The Secrets of Cryptography
Christopher Riley
Dutch PHP Conference, 2016
1

2. Introduction

3. Cryptography is HARD
2

4. Historic ciphers

5. The ceasar shift

6. The ceasar shift
3

7. The substitution cipher

8. The substitution cipher
4

9. The substitution cipher: possible keys
403,291,461,126,605,635,584,000,000
5

10. The substitution cipher: statistics
6

11. The substitution cipher: frequency analysis
7

12. Vigenère cipher

13. The Vigenère cipher
8

14. The Vigenère cipher
9

15. The Vigenère cipher
10

16. Breaking the Vigenère cipher

17. Breaking The Vigenère cipher
11

18. Breaking The Vigenère cipher
12

19. Enigma

20. Enigma
13

21. Enigma
14

22. Breaking Enigma
15

23. Modern ciphers

24. Modern cryptography
• Confidentiality
16

25. Modern cryptography
• Confidentiality
• Key exchange
17

26. Modern cryptography
• Confidentiality
• Key exchange
• Identity
18

27. Modern cryptography
• Confidentiality
• Key exchange
• Identity
• Authentication
19

28. Modern cryptography
• Confidentiality
• Key exchange
• Identity
• Authentication
• Random number generation
20

29. Symmetric ciphers

30. Stream ciphers

31. A5/1

32. A5/1: implementation diagram
21

33. A5/1: register clocking
22

34. Stream cipher weaknesses
• Keys must not be reused
23

35. Stream cipher weaknesses
• Keys must not be reused
• Easy for an attacker to modify a message
24

36. Stream cipher weaknesses
• Keys must not be reused
• Easy for an attacker to modify a message
• Hard to partially decrypt messages
25

37. Block ciphers

(AES)

39. AES: 1 round
• Substitute Bytes
• Shift Rows
• Mix Columns
26

40. AES: Substitute Bytes
27

41. AES: Shift Rows
28

42. AES: Mix Columns
29

30

44. Modes of operation

45. Electronic code book (ECB)

46. ECB
31

47. ECB: the ECB penguin
1By Larry Ewing [email protected] with The GIMP
32

48. Cipher block chaining (CBC)

49. CBC
33

50. Counter (CTR)

51. CTR
34

52. Galoris Counter mode (GCM)

53. GCM
35

54. Asymetric ciphers

55. Public key cryptography

57. RSA
• (me)d ≡ m (mod n)
36

58. RSA
• (me)d ≡ m (mod n)
• c ≡ me (mod n)
37

59. RSA
• (me)d ≡ m (mod n)
• c ≡ me (mod n)
• cd ≡ (me)d ≡ m (mod n)
38

60. Identity verification

61. RSA: Message signatures
• (md)e ≡ m (mod n)
• s ≡ md (mod n)
• se ≡ (md)e ≡ m (mod n)
39

62. Implementing Cryptography

63. Implementing Cryptography
• Don’t
40

64. Implementing Cryptography
• Don’t
• Use existing implementations
41

65. Implementing Cryptography
• Don’t
• Use existing implementations
• Bring in an expert
42

66. Implementing Cryptography in PHP

67. Implementing Cryptography in PHP
• Halite + libsodium
• https://github.com/paragonie/halite
43

68. Implementing Cryptography in PHP
• Halite + libsodium
• https://github.com/paragonie/halite
• Defuse PHP encryption
• https://github.com/defuse/php-encryption
44

• Simon Singh - The code book
• http://simonsingh.net/The_Black_Chamber
45

• Simon Singh - The code book
• http://simonsingh.net/The_Black_Chamber
• Bruce Schneier
• https://www.schneier.com
46

• Simon Singh - The code book
• http://simonsingh.net/The_Black_Chamber
• Bruce Schneier
• https://www.schneier.com
• https://github.com/gilfether/phpcrypt
47

72. Thanks
• https://github.com/carnage
• https://joind.in/talk/b0b4d
48

73. Cipher Challenge
• http://tiny.cc/0qq6by
49