Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto-101 @hackerspace 26/07/2013
Search
duongkai
July 26, 2013
1
94
Crypto-101 @hackerspace 26/07/2013
Bài trình bày tại hackerspace 26/07/2013
duongkai
July 26, 2013
Tweet
Share
More Decks by duongkai
See All by duongkai
Common crypto flaws in finance mobile apps
duongkai
0
72
Tetcon-2015 Using TLS correctly
duongkai
2
350
How to use SSL/TLS correctly
duongkai
1
170
5S - Xây dựng và thực hiện
duongkai
0
150
Why Random Matters
duongkai
0
68
How to scale large database
duongkai
3
190
Trao đổi email
duongkai
0
150
+TetCon.2013_Hacking.Oracle.2012.pdf
duongkai
0
120
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
459
33k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
14
1.9k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
A designer walks into a library…
pauljervisheath
202
24k
Visualization
eitanlees
145
15k
The Pragmatic Product Professional
lauravandoore
31
6.3k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
Product Roadmaps are Hard
iamctodd
PRO
48
10k
Transcript
Crypto 101 @K4i 7/26/13 1
Caveats @beginner level 7/26/13 2
Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3
But, We don’t talk about Crypto Science We talk about
Applied Crypto 7/26/13 4
First terms + Message (plaintext) [m] + Ciphertext [c] +
Encryption [E] + Decryption [D] + Key [k] 7/26/13 5
Formula Encryption: c = E (m, k) Decryption: m =
D (c, k) = D (E (m, k), k) 7/26/13 6
First Principles 7/26/13 7
Kerckhoffs’s Principle …” the security of a cryptosystem should depend
solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8
Consequences Don’t implement your own cryptosystem 7/26/13 9
Confidential vs Integrity 7/26/13 10
What need to be protected? • Confidential • Integrity • Or both? 7/26/13
11
Fun with Python 7/26/13 12
Data format • String • Byte • Hexa decimal • Base64 7/26/13 13
Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode
('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14
So, You work on bytes or string. You display in
base64 or hexadecimal 7/26/13 15
Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13
16
Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello
world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17
Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL
(djb) • Scrypt / PBKDF2 7/26/13 18
Installation pip makes everything easier # pip install pycrypto 7/26/13
19
But, random is a problem. >>> randint (10, 1000) 59
>>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20
Demo 7/26/13 21
Study, study more Study forever 7/26/13 22
Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23
Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab
@stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24
Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography
• Introduction to Modern Cryptography 7/26/13 25
And, • Surfing blog(s) • Take challenges 7/26/13 26
Practice makes perfect! 7/26/13 27
7/26/13 28 Q&A