Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto-101 @hackerspace 26/07/2013
Search
duongkai
July 26, 2013
1
110
Crypto-101 @hackerspace 26/07/2013
Bài trình bày tại hackerspace 26/07/2013
duongkai
July 26, 2013
Tweet
Share
More Decks by duongkai
See All by duongkai
Common crypto flaws in finance mobile apps
duongkai
0
83
Tetcon-2015 Using TLS correctly
duongkai
2
360
How to use SSL/TLS correctly
duongkai
1
170
5S - Xây dựng và thực hiện
duongkai
0
160
Why Random Matters
duongkai
0
74
How to scale large database
duongkai
3
200
Trao đổi email
duongkai
0
160
+TetCon.2013_Hacking.Oracle.2012.pdf
duongkai
0
140
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Context Engineering - Making Every Token Count
addyosmani
3
58
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Agile that works and the tools we love
rasmusluckow
330
21k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
GraphQLの誤解/rethinking-graphql
sonatard
72
11k
Visualization
eitanlees
148
16k
How GitHub (no longer) Works
holman
315
140k
Transcript
Crypto 101 @K4i 7/26/13 1
Caveats @beginner level 7/26/13 2
Cryptography means Kryptos: Hidden secret Graphein: Study 7/26/13 3
But, We don’t talk about Crypto Science We talk about
Applied Crypto 7/26/13 4
First terms + Message (plaintext) [m] + Ciphertext [c] +
Encryption [E] + Decryption [D] + Key [k] 7/26/13 5
Formula Encryption: c = E (m, k) Decryption: m =
D (c, k) = D (E (m, k), k) 7/26/13 6
First Principles 7/26/13 7
Kerckhoffs’s Principle …” the security of a cryptosystem should depend
solely on the secrecy of the key and the private randomizer”…[2] Auguste Kerckhoffs (1835 – 1903), La Cryptographie Militaire 7/26/13 8
Consequences Don’t implement your own cryptosystem 7/26/13 9
Confidential vs Integrity 7/26/13 10
What need to be protected? • Confidential • Integrity • Or both? 7/26/13
11
Fun with Python 7/26/13 12
Data format • String • Byte • Hexa decimal • Base64 7/26/13 13
Is it md5 hash? >>> a = '317a513579704578526533366754566b’ >>> a.decode
('hex') '1zQ5ypExRe36gTVk’ >>> b = '900150983cd24fb0d6963f7d28e17f72’ >>> b.decode ('hex') '\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr’ >>> md5 ('abc').hexdigest() '900150983cd24fb0d6963f7d28e17f72' 7/26/13 14
So, You work on bytes or string. You display in
base64 or hexadecimal 7/26/13 15
Hexadecimal >>> '317a513579704578526533366754566b'.decode ('hex') '1zQ5ypExRe36gTVk' >>> '1zQ5ypExRe36gTVk'.encode ('hex') '317a513579704578526533366754566b' 7/26/13
16
Base64 >>> from base64 import b64decode, b64encode >>> b64encode ('hello
world') 'aGVsbG8gd29ybGQ=' >>> b64decode ('aGVsbG8gd29ybGQ=') 'hello world' 7/26/13 17
Cryptography library • Python built-in (hash support only) • PyCrypto (US) • PyNaCL
(djb) • Scrypt / PBKDF2 7/26/13 18
Installation pip makes everything easier # pip install pycrypto 7/26/13
19
But, random is a problem. >>> randint (10, 1000) 59
>>> from Crypto.Random.random import StrongRandom >>> a = StrongRandom() >>> ''.join (a.sample (list ('abcdef'), 3)) 'cad' >>> a.randint (10, 10000) 3978L 7/26/13 20
Demo 7/26/13 21
Study, study more Study forever 7/26/13 22
Crypto 101 in python • http://pyvideo.org/video/1778/crypto-101 • https://speakerdeck.com/pyconslides/ crypto-101-by-laurens-van-houtven 7/26/13 23
Take a course! • Coursera.org – Crypto course https://class.coursera.org/crypto/class/index • Crypto lab
@stanford http://crypto.stanford.edu/~dabo/cs255/ 7/26/13 24
Read book(s) • Applied Cryptography • Cryptography Engineering • Handbook of Applied Cryptography
• Introduction to Modern Cryptography 7/26/13 25
And, • Surfing blog(s) • Take challenges 7/26/13 26
Practice makes perfect! 7/26/13 27
7/26/13 28 Q&A