Crypto-101 @hackerspace 26/07/2013

Transcript

1. Crypto 101 @K4i 7/26/13 1

2. Caveats @beginner level 7/26/13 2

3. Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3

4. But, We don’t talk about Crypto Science We talk about

   Applied Crypto 7/26/13 4

5. First terms + Message (plaintext) [m] + Ciphertext [c] +

   Encryption [E] + Decryption [D] + Key [k] 7/26/13 5

6. Formula Encryption: c = E (m, k) Decryption: m =

   D (c, k) = D (E (m, k), k) 7/26/13 6

7. First Principles 7/26/13 7

8. Kerckhoffs’s Principle …” the security of a cryptosystem should depend

   solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8

9. Consequences Don’t implement your own cryptosystem 7/26/13 9

10. Confidential vs Integrity 7/26/13 10

11. What need to be protected? • Confidential • Integrity • Or both? 7/26/13

    11

12. Fun with Python 7/26/13 12

13. Data format • String • Byte • Hexa decimal • Base64 7/26/13 13

14. Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode

    ('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14

15. So, You work on bytes or string. You display in

    base64 or hexadecimal 7/26/13 15

16. Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13

    16

17. Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello

    world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17

18. Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL

    (djb) • Scrypt / PBKDF2 7/26/13 18

19. Installation pip makes everything easier # pip install pycrypto 7/26/13

    19

20. But, random is a problem. >>> randint (10, 1000) 59

    >>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20

21. Demo 7/26/13 21

22. Study, study more Study forever 7/26/13 22

23. Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23

24. Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab

    @stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24

25. Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography

    • Introduction to Modern Cryptography 7/26/13 25

26. And, • Surfing blog(s) • Take challenges 7/26/13 26

27. Practice makes perfect! 7/26/13 27

28. 7/26/13 28 Q&A