Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto-101 @hackerspace 26/07/2013
Search
duongkai
July 26, 2013
1
94
Crypto-101 @hackerspace 26/07/2013
Bài trình bày tại hackerspace 26/07/2013
duongkai
July 26, 2013
Tweet
Share
More Decks by duongkai
See All by duongkai
Common crypto flaws in finance mobile apps
duongkai
0
73
Tetcon-2015 Using TLS correctly
duongkai
2
350
How to use SSL/TLS correctly
duongkai
1
170
5S - Xây dựng và thực hiện
duongkai
0
150
Why Random Matters
duongkai
0
68
How to scale large database
duongkai
3
190
Trao đổi email
duongkai
0
150
+TetCon.2013_Hacking.Oracle.2012.pdf
duongkai
0
120
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Faster Mobile Websites
deanohume
305
30k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Adopting Sorbet at Scale
ufuk
73
9.1k
The Cult of Friendly URLs
andyhume
78
6k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
380
Agile that works and the tools we love
rasmusluckow
327
21k
How GitHub (no longer) Works
holman
310
140k
Navigating Team Friction
lara
183
14k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Transcript
Crypto 101 @K4i 7/26/13 1
Caveats @beginner level 7/26/13 2
Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3
But, We don’t talk about Crypto Science We talk about
Applied Crypto 7/26/13 4
First terms + Message (plaintext) [m] + Ciphertext [c] +
Encryption [E] + Decryption [D] + Key [k] 7/26/13 5
Formula Encryption: c = E (m, k) Decryption: m =
D (c, k) = D (E (m, k), k) 7/26/13 6
First Principles 7/26/13 7
Kerckhoffs’s Principle …” the security of a cryptosystem should depend
solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8
Consequences Don’t implement your own cryptosystem 7/26/13 9
Confidential vs Integrity 7/26/13 10
What need to be protected? • Confidential • Integrity • Or both? 7/26/13
11
Fun with Python 7/26/13 12
Data format • String • Byte • Hexa decimal • Base64 7/26/13 13
Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode
('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14
So, You work on bytes or string. You display in
base64 or hexadecimal 7/26/13 15
Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13
16
Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello
world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17
Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL
(djb) • Scrypt / PBKDF2 7/26/13 18
Installation pip makes everything easier # pip install pycrypto 7/26/13
19
But, random is a problem. >>> randint (10, 1000) 59
>>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20
Demo 7/26/13 21
Study, study more Study forever 7/26/13 22
Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23
Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab
@stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24
Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography
• Introduction to Modern Cryptography 7/26/13 25
And, • Surfing blog(s) • Take challenges 7/26/13 26
Practice makes perfect! 7/26/13 27
7/26/13 28 Q&A