Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto-101 @hackerspace 26/07/2013
Search
duongkai
July 26, 2013
1
110
Crypto-101 @hackerspace 26/07/2013
Bài trình bày tại hackerspace 26/07/2013
duongkai
July 26, 2013
Tweet
Share
More Decks by duongkai
See All by duongkai
Common crypto flaws in finance mobile apps
duongkai
0
83
Tetcon-2015 Using TLS correctly
duongkai
2
360
How to use SSL/TLS correctly
duongkai
1
170
5S - Xây dựng và thực hiện
duongkai
0
160
Why Random Matters
duongkai
0
75
How to scale large database
duongkai
3
200
Trao đổi email
duongkai
0
160
+TetCon.2013_Hacking.Oracle.2012.pdf
duongkai
0
140
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.6k
Unsuck your backbone
ammeep
671
58k
Why Our Code Smells
bkeepers
PRO
340
57k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
A better future with KSS
kneath
239
18k
Bash Introduction
62gerente
615
210k
BBQ
matthewcrist
89
9.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
54k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Transcript
Crypto 101 @K4i 7/26/13 1
Caveats @beginner level 7/26/13 2
Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3
But, We don’t talk about Crypto Science We talk about
Applied Crypto 7/26/13 4
First terms + Message (plaintext) [m] + Ciphertext [c] +
Encryption [E] + Decryption [D] + Key [k] 7/26/13 5
Formula Encryption: c = E (m, k) Decryption: m =
D (c, k) = D (E (m, k), k) 7/26/13 6
First Principles 7/26/13 7
Kerckhoffs’s Principle …” the security of a cryptosystem should depend
solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8
Consequences Don’t implement your own cryptosystem 7/26/13 9
Confidential vs Integrity 7/26/13 10
What need to be protected? • Confidential • Integrity • Or both? 7/26/13
11
Fun with Python 7/26/13 12
Data format • String • Byte • Hexa decimal • Base64 7/26/13 13
Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode
('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14
So, You work on bytes or string. You display in
base64 or hexadecimal 7/26/13 15
Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13
16
Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello
world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17
Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL
(djb) • Scrypt / PBKDF2 7/26/13 18
Installation pip makes everything easier # pip install pycrypto 7/26/13
19
But, random is a problem. >>> randint (10, 1000) 59
>>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20
Demo 7/26/13 21
Study, study more Study forever 7/26/13 22
Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23
Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab
@stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24
Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography
• Introduction to Modern Cryptography 7/26/13 25
And, • Surfing blog(s) • Take challenges 7/26/13 26
Practice makes perfect! 7/26/13 27
7/26/13 28 Q&A