Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto-101 @hackerspace 26/07/2013
Search
duongkai
July 26, 2013
1
110
Crypto-101 @hackerspace 26/07/2013
Bài trình bày tại hackerspace 26/07/2013
duongkai
July 26, 2013
Tweet
Share
More Decks by duongkai
See All by duongkai
Common crypto flaws in finance mobile apps
duongkai
0
83
Tetcon-2015 Using TLS correctly
duongkai
2
360
How to use SSL/TLS correctly
duongkai
1
170
5S - Xây dựng và thực hiện
duongkai
0
160
Why Random Matters
duongkai
0
74
How to scale large database
duongkai
3
200
Trao đổi email
duongkai
0
160
+TetCon.2013_Hacking.Oracle.2012.pdf
duongkai
0
130
Featured
See All Featured
The Language of Interfaces
destraynor
158
25k
The World Runs on Bad Software
bkeepers
PRO
69
11k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
Code Reviewing Like a Champion
maltzj
524
40k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
Designing for Performance
lara
610
69k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
510
Transcript
Crypto 101 @K4i 7/26/13 1
Caveats @beginner level 7/26/13 2
Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3
But, We don’t talk about Crypto Science We talk about
Applied Crypto 7/26/13 4
First terms + Message (plaintext) [m] + Ciphertext [c] +
Encryption [E] + Decryption [D] + Key [k] 7/26/13 5
Formula Encryption: c = E (m, k) Decryption: m =
D (c, k) = D (E (m, k), k) 7/26/13 6
First Principles 7/26/13 7
Kerckhoffs’s Principle …” the security of a cryptosystem should depend
solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8
Consequences Don’t implement your own cryptosystem 7/26/13 9
Confidential vs Integrity 7/26/13 10
What need to be protected? • Confidential • Integrity • Or both? 7/26/13
11
Fun with Python 7/26/13 12
Data format • String • Byte • Hexa decimal • Base64 7/26/13 13
Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode
('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14
So, You work on bytes or string. You display in
base64 or hexadecimal 7/26/13 15
Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13
16
Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello
world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17
Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL
(djb) • Scrypt / PBKDF2 7/26/13 18
Installation pip makes everything easier # pip install pycrypto 7/26/13
19
But, random is a problem. >>> randint (10, 1000) 59
>>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20
Demo 7/26/13 21
Study, study more Study forever 7/26/13 22
Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23
Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab
@stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24
Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography
• Introduction to Modern Cryptography 7/26/13 25
And, • Surfing blog(s) • Take challenges 7/26/13 26
Practice makes perfect! 7/26/13 27
7/26/13 28 Q&A