$30 off During Our Annual Pro Sale. View Details »

The State of Encryption

The State of Encryption

My talk from DevTalks Bucharest 2017

Cristiano Betta

June 08, 2017
Tweet

More Decks by Cristiano Betta

Other Decks in Technology

Transcript

  1. Qeb Pqxqb lc Bkzovmqflk
    Rfc Qryrc md Clapwnrgml
    Sgd Rszsd ne Dmbqxoshnm
    The State of Encryption
    Uif Tubuf pg Fodszqujpo
    Vjg Uvcvg qh Gpetarvkqp
    Wkh Vwdwh ri Hqfubswlrq
    !
    Cristiano Betta | @cbetta

    View Slide

  2. Qeb Pqxqb lc Bkzovmqflk
    Rfc Qryrc md Clapwnrgml
    Sgd Rszsd ne Dmbqxoshnm
    The State of Encryption
    Uif Tubuf pg Fodszqujpo
    Vjg Uvcvg qh Gpetarvkqp
    Wkh Vwdwh ri Hqfubswlrq

    View Slide

  3. 1987

    View Slide

  4. View Slide

  5. The living
    Daylights
    "

    View Slide

  6. The living
    Daylights
    "

    View Slide

  7. View Slide

  8. View Slide

  9. The Real
    Spies
    #

    View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14.  Hide

    View Slide

  15.  Hide%

    View Slide

  16. Microdot

    View Slide

  17. View Slide

  18. 1mm
    1mm
    1mm

    View Slide

  19. MA-4450
    '

    View Slide

  20. MA-4450
    '

    View Slide

  21. Rotation
    Sheets
    (

    View Slide

  22. Jackpot
    )))

    View Slide

  23. Cristiano 

    Betta
    @cbetta

    View Slide

  24. ♥ security
    + virgilsecurity.com
    + betta.io

    View Slide

  25. , security expert
    + virgilsecurity.com
    + betta.io

    View Slide

  26. Encryption
    101
    %

    View Slide

  27. Entropy
    -

    View Slide

  28. View Slide

  29. 11111111111111111111
    11111111111111111111
    11111111111111111111
    11111111111111111111
    11111111111111111111
    H = 0

    View Slide

  30. 11111111111111111111
    11111111111111111111
    11111111110000000000
    00000000000000000000
    00000000000000000000
    H = 1

    View Slide

  31. RAR(50x1+50x0)
    H ~= 5

    View Slide

  32. TrueCrypt(RAR)
    H ~= 7.8

    View Slide

  33. RC4
    .

    View Slide

  34. ! !
    /1
    /1

    View Slide

  35. 1984
    .

    View Slide

  36. Certified
    Security
    0

    View Slide

  37. Diffie-
    Hellman
    1

    View Slide

  38. Color
    Exchange
    2

    View Slide

  39. A B

    View Slide

  40. A B
    Common Common

    View Slide

  41. A B
    Common Common
    Secret Secret

    View Slide

  42. A B
    Public Mix Public Mix

    View Slide

  43. Public Mix
    A B
    Public Mix

    View Slide

  44. Public Mix
    A B
    Public Mix

    View Slide

  45. Public Mix
    A B
    Public Mix
    Secret Secret

    View Slide

  46. A B
    Common Secret Common Secret

    View Slide

  47. 1-way
    functions
    3

    View Slide

  48. X*Y = 143
    X > 1
    Y > 1
    3

    View Slide

  49. 3 X*Y = 143
    X = 11
    Y = 13

    View Slide

  50. X*Y = 10,967,535,067
    X = 104723
    Y = 104729

    View Slide

  51. Public Key
    Encryption
    1

    View Slide

  52. Asymmetric
    Encryption
    1

    View Slide

  53. !
    /
    /
    Pub1
    Priv1
    !
    /
    /
    Pub2
    Priv2
    1 2

    View Slide

  54. ! !
    4
    1 2

    View Slide

  55. ! !
    4+/pub2
    1 2

    View Slide

  56. ! !
    4
    1 2
    /

    View Slide

  57. ! !
    4
    1 2
    /

    View Slide

  58. ! !
    4+/priv2
    1 2
    /

    View Slide

  59. ! !
    1 2
    4

    View Slide

  60. Signatures
    5

    View Slide

  61. ! !
    4+/priv1
    1 2

    View Slide

  62. ! !
    1 2
    4
    0

    View Slide

  63. ! !
    1 2
    4
    0

    View Slide

  64. ! !
    4+/pub1
    1 2
    0

    View Slide

  65. ! !
    1 2

    View Slide

  66. Public Key
    Encryption
    1

    View Slide

  67. PGP
    SSH
    SSL
    TLS
    BitCoin
    ….
    1

    View Slide

  68. /
    Pub1?
    /
    Pub2?

    View Slide

  69. Digital
    Certificates
    International
    0

    View Slide

  70. Verisign

    View Slide

  71. Certificate
    Authorities
    0

    View Slide

  72. 0
    0
    /
    Pub1?
    /
    Pub2?
    0
    Root

    View Slide

  73. LetsEncrypt
    7

    View Slide

  74. letsencrypt.org

    View Slide

  75. Crypto
    Wars
    8

    View Slide

  76. Ammunition

    View Slide

  77. Netscape
    9

    View Slide

  78. 2000 MTOPS
    !

    View Slide

  79. View Slide

  80. View Slide

  81. 2017
    :

    View Slide

  82. Crypto Wars
    Round 2
    ;

    View Slide

  83. Snowden
    Manning
    Assange
    <

    View Slide

  84. “…the N.S.A. has been deliberately
    weakening the international
    encryption standards adopted by
    developers. One goal … was to
    ‘influence policies, standards and
    specifications for commercial
    public key technologies’…”
    76
    - New York Times, 6 Sept 2013

    View Slide

  85. Increased Law
    Enforcement
    =

    View Slide

  86. http://www.dailymail.co.uk/wires/reuters/article-4350416/UK-minister-says-
    encryption-messaging-services-unacceptable.html

    View Slide

  87. Chat Apps
    :

    View Slide

  88. https://www.eff.org/node/82654

    View Slide

  89. Virgil
    Security

    View Slide

  90. Create private key
    & public Virgil Card

    View Slide

  91. Push Virgil Card to server

    View Slide

  92. Publish card to Virgil

    View Slide

  93. Encrypt data

    View Slide

  94. Decrypt data

    View Slide

  95. Demo
    %

    View Slide

  96. Virgil
    Security
    >

    View Slide

  97. demo-ip-messaging.virgilsecurity.com

    View Slide

  98. virgilsecurity.com
    %

    View Slide

  99. Encryption
    201
    ?

    View Slide

  100. 2047
    ?

    View Slide

  101. Total
    Security
    @

    View Slide

  102. Total
    Privacy
    %

    View Slide

  103. Human
    Error
    A

    View Slide

  104. Slingshot
    Security
    B

    View Slide

  105. Quantum
    Entanglement
    -

    View Slide

  106. Large Integer
    Factorization!
    ÷

    View Slide

  107. Post-QC
    Encryption
    7

    View Slide

  108. Quantum
    Key
    Exchange
    -

    View Slide

  109. Quantum
    Key
    Exchange
    -

    View Slide

  110. 2047
    ?

    View Slide

  111. 2117
    ?

    View Slide

  112. Thank you!
    @cbetta betta.io
    Cristiano Betta
    @virgilsecurity virgilsecurity.com
    Virgil Security

    View Slide