at Atlanta based startup Ionic Security Spends most weekends either speaking about security, or at a Hackathon Loves Developer Conferences, Hackathons, and long walks on the beach Find me on Twitter @dualpandas or GitHub @gchorba
Protect information from tampering integrity Tell if person is who they say they are authentication Allow or deny access to data, etc. authorization (access control) Prove that person really did something Non-repudiation
you to either encrypt or decrypt your data. Plaintext: The information that you want to keep hidden, in its unencrypted form. The plaintext can be any data at all: a picture, a spreadsheet, or even a whole hard disk Ciphertext: The information in encrypted form Cipher: The algorithm that converts plaintext to ciphertext and vice-versa
the key; prevents rainbow table attacks against the key IV (initialization vector) – randomizes the encrypted message; prevents rainbow table attacks against the message Derived Key – lengthens and strengthens the key via hashing; used instead of the original key; slows down brute-force attacks against the key
encryption algorithm together with the encryption key Use an algorithm with decryption key to recover original data encrypt 0110111010010001 key Ke The quick brown fox 4f60ce544b43c13f1d decrypt 1001001100111010 key Kd 4f60ce544b43c13f1d The quick brown fox
or secret key) encryption algorithm decryption key is same as encryption key (or can be easily derived from it) Examples: RC4, DES, triple-DES, and AES Problem: How do you securely distribute the key? – The more folks who have the key, the weaker the system encrypt 0110111010010001 key K The quick brown fox 4f60ce544b43c13f1d
separate keys: one private and one public. Asymmetric-key cryptography is based on personal secrecy. Examples of algorithms: RSA, El Gamal, Diffie-Hellman Examples of protocols using public key algorithms: PGP, Secure Socket Layer (SSL), Secure Shell (SSH), Bitcoin encrypt BOB Hello Alice! Alice’s Public Key 4f60ce544b43c13f1d Decrypt ALICE Hello Alice! Alice’s Private Key
key is used for encryption and decryption. o The key must be kept secret. o One algorithm is used for encryption and decryption with a pair of keys, one for encryption and one for decryption. o One of the two keys must be kept secret.
with KA and sends it to Trent o Trent decrypts the message with KA o Trent takes the decrypted message and a statement that he has received this message from Alice, and encrypts the whole bundle with KB o Trent sends the encrypted bundle to Bob o Bob decrypts the bundle with KB . He can now read both the message and Trent’s certification that Alice sent it o Alice encrypts the document with her private key, thereby signing the document o Alice sends the signed document to Bob o Bob decrypts the document with Alice’s public key, thereby verifying the signature
pycrypto. Development stopped on pycrypto in 2012. o PyCryptodome can be used as a drop-in replacement for the old PyCrypto library. You install it with: o pip install pycryptodome
at least SHA-2 or SHA-3 Key Stretching for strong passwords Preventing Brute-force or dictionary attacks for i in xrange(iterations): m = hashlib.sha512() m.update(key + password + salt) key = m.digest()
requirements are needed to make encryption viable: The cost of breaking exceeds the value of the encrypted information The time required to break the cipher exceeds the useful lifetime of the information