With Symfony 4.4, your secrets will be well kept!

Transcript

1. @gheb_dev @gregoirehebert

2. @gheb_dev @gregoirehebert

3. @gheb_dev @gregoirehebert

4. @gheb_dev @gregoirehebert Cypher Symetric key or public key

5. @gheb_dev @gregoirehebert Cypher

6. @gheb_dev @gregoirehebert p = a prime number
 q = a

   prime number
 n = p × q Cypher

7. @gheb_dev @gregoirehebert ϕ(n) = (p − 1)(q − 1) Cypher

8. @gheb_dev @gregoirehebert 3 < Prime number < ϕ(n) Public key

   Cypher

9. @gheb_dev @gregoirehebert (private key * public key) mod ϕ(n) =

   1

10. @gheb_dev @gregoirehebert et 
 
 
 
 public key 


    private key 
 
 
 p = 11 q = 13 n = p ⋅ q = 143 ϕ(n) = (p − 1) ⋅ (q − 1) = 120 e = 7 d = 103 (e ⋅ d)modϕ(n) = 1 (7 ⋅ 103)mod120 = 721mod120 = 1 Aa message M has a value of
 9
 
 
 
 c = memodn = 97mod143 = 48 m = cdmodn = 48103mod143 = 9 encode decode Example

11. @gheb_dev @gregoirehebert

12. @gheb_dev @gregoirehebert

13. @gheb_dev @gregoirehebert

14. @gheb_dev @gregoirehebert

15. @gheb_dev @gregoirehebert

16. @gheb_dev @gregoirehebert

17. @gheb_dev @gregoirehebert SHA1

18. @gheb_dev @gregoirehebert SHA1
 secure hashing algorithm

19. @gheb_dev @gregoirehebert SHA1
 secure hashing algorithm
 
 2005 -> 2,7billion

    € in hardware

20. @gheb_dev @gregoirehebert SHA1
 secure hashing algorithm
 
 2005 -> 2,7billion

    € in hardware
 2015 -> 120 000€ in hardware

21. @gheb_dev @gregoirehebert SHA1
 secure hashing algorithm
 
 2005 -> 2,7billion

    € in hardware
 2015 -> 120 000€ in hardware
 2017 -> SHA1 is not in a good shape
 2019 -> SHA1 is K.O. (11k$)

22. @gheb_dev @gregoirehebert How ?

23. @gheb_dev @gregoirehebert How ? Any length -> 160 bits
 512

    bits en entry 
 then compressed

24. @gheb_dev @gregoirehebert How ? môman = 6 bytes = 48bits

    môman = aca9c866584e891be0e5c736798273c00bb48a00

25. @gheb_dev @gregoirehebert How ? môman = 6 bytes = 48bits

    môman = aca9c866584e891be0e5c736798273c00bb48a00
 
 Birthday Paradox or Birthday-near-collision-attack

26. @gheb_dev @gregoirehebert môman = aca9c866584e891be0e5c736798273c00bb48a00
 môman = 6 bytes =

    48bits
 
 Birthday Paradox or Birthday-near-collision-attack 23/365 -> 6% How ?

27. @gheb_dev @gregoirehebert 50% How ? môman = aca9c866584e891be0e5c736798273c00bb48a00
 môman =

    6 bytes = 48bits
 
 Birthday Paradox or Birthday-near-collision-attack

28. @gheb_dev @gregoirehebert How ? 97% môman = aca9c866584e891be0e5c736798273c00bb48a00
 môman =

    6 bytes = 48bits
 
 Birthday Paradox or Birthday-near-collision-attack

29. @gheb_dev @gregoirehebert 365 possibilities over 365 How ?

30. @gheb_dev @gregoirehebert 365/365 x 364/365 365 possibilities over 365 How

    ?

31. @gheb_dev @gregoirehebert 365/365 x 364/365 365/365 x 364/365 x 363/365

    365/365 x 364/365 x 363/365 x 362/365 365 possibilities over 365 How ?

32. @gheb_dev @gregoirehebert 364! ÷ (365 − N)! × 365N−1 How

    ?

33. @gheb_dev @gregoirehebert 364! ÷ (342! × 36522) How ?

34. @gheb_dev @gregoirehebert 364! ÷ (342! × 36522) = 0,492703 How

    ?

35. @gheb_dev @gregoirehebert Real application ?

36. @gheb_dev @gregoirehebert 99024280cab824efca53a5d1341b9210 Real application ?

37. @gheb_dev @gregoirehebert 99024280cab824efca53a5d1341b9210 99024280cab824efca53a5d1341b9210 Real application ?

38. @gheb_dev @gregoirehebert 99024280cab824efca53a5d1341b9210 99024280cab824efca53a5d1341b9210 Real application ?

39. @gheb_dev @gregoirehebert SHA1 -> 160 bits -> collision 1280 Real

    application ?

40. @gheb_dev @gregoirehebert SHA1 -> 160 bits -> Birhday-near-collision -> 260

    Real application ?

41. @gheb_dev @gregoirehebert SHA2 -> 256 bits -> Birhday-near-collision -> 2128

    Real application ?

42. @gheb_dev @gregoirehebert SP-NETWORK

43. @gheb_dev @gregoirehebert Substitution / Permutation A = E
 E =

    A

44. @gheb_dev @gregoirehebert Substitution / Permutation A = E
 E =

    A MD4, MD5, SHA0 et SHA1

45. @gheb_dev @gregoirehebert Substitution / Permutation A = E
 E =

    B

46. @gheb_dev @gregoirehebert Substitution / Permutation [0110][1001] A = E
 E

    = B

47. @gheb_dev @gregoirehebert Substitution / Permutation [0110][1001]
 [sbox][sbox]
 [1001][1101]
 
 A

    = E
 E = B

48. @gheb_dev @gregoirehebert Substitution / Permutation [0110][1001]
 [sbox][sbox]
 [1001][1101]
 [ pbox

    ]
 [1101][1001] A = E
 E = B

49. @gheb_dev @gregoirehebert Substitution / Permutation 
 
 key = f8ef4efa9842azgjyu248ger4h984a

    [0110][1001]
 [sbox][sbox]
 [1001][1101]
 [ pbox ]
 [1101][1001] A = E
 E = B

50. @gheb_dev @gregoirehebert Substitution / Permutation 
 
 key = f8ef4efa9842azgjyu248ger4h984a

    [0110][1001]
 [sbox][sbox]
 [1001][1101]
 [ pbox ]
 [1101][1001] A = E
 E = B 10x
 80x

51. @gheb_dev @gregoirehebert Substitution / Permutation 
 
 key = f8ef4efa9842azgjyu248ger4h984a

    [0110][1001]
 [sbox][sbox]
 [1001][1101]
 [ pbox ]
 [1101][1001] A = E
 E = B 10x
 14x AES

52. @gheb_dev @gregoirehebert AES - RIJNDAEL

53. @gheb_dev @gregoirehebert DES - DES3 Advanced Encryption Standard

54. @gheb_dev @gregoirehebert A.E.S.

55. @gheb_dev @gregoirehebert A.E.S.

56. @gheb_dev @gregoirehebert [b01,b05,b09,b13]
 [b02,b06,b10,b14]
 [b03,b07,b11,b15]
 [b04,b08,b12,b16]

57. @gheb_dev @gregoirehebert

58. @gheb_dev @gregoirehebert Substition -> Galois field of 
 between 00000000

    & 11111111 28

59. @gheb_dev @gregoirehebert

60. @gheb_dev @gregoirehebert A.E.S.

61. @gheb_dev @gregoirehebert

62. @gheb_dev @gregoirehebert

63. @gheb_dev @gregoirehebert n 12… Pick an extremely high value higher

    than the maximum allowed.
 Picture a hand on the clock, forced to do multiple rounds until it reached the expected value Multiple initial value can result in the same value on the clock.
 Which is why it’s difficult to find the original value used as an input.

64. @gheb_dev @gregoirehebert

65. @gheb_dev @gregoirehebert

66. @gheb_dev @gregoirehebert

67. @gheb_dev @gregoirehebert

68. @gheb_dev @gregoirehebert

69. @gheb_dev @gregoirehebert THANK YOU FOR WATCHING!

70. @gheb_dev @gregoirehebert SOURCES https://chiffrer.info/
 https://www.youtube.com/channel/UC9-y-6csu5WGm29I7JiwpnA
 https://en.wikipedia.org/wiki/Transport_Layer_Security
 https://en.wikipedia.org/wiki/Substitution%E2%80%93permutation_network
 https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
 https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 https://en.wikipedia.org/wiki/MD5


    https://en.wikipedia.org/wiki/SHA-1
 https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
 https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman
 https://en.wikipedia.org/wiki/Triple_DES
 https://en.wikipedia.org/wiki/Data_Encryption_Standard
 http://competitions.cr.yp.to/aes.html
 https://en.wikipedia.org/wiki/Public-key_cryptography
 https://sha-mbles.github.io/
 https://en.wikipedia.org/wiki/Password-authenticated_key_agreement

71. @gheb_dev @gregoirehebert Further studies Triple-Diffie-hellmann
 Triple Ratchet
 Elliptic curves

72. @gheb_dev @gregoirehebert What if we could use that for our

    users password too ? Further studies

73. @gheb_dev @gregoirehebert Further studies

74. @gheb_dev @gregoirehebert Further studies

75. @gheb_dev @gregoirehebert Detach yourself from your passwords !
 https://github.com/web-auth/webauthn-framework Further

    studies