Transcript of the conference.
Hey everyone, if there's one thing
that no one does. But I mean
no one that's leaving their keys
outside the door. Unless they are
living in the country. Still, you
don't want to do that and
it goes the same way for
the websites. You want to protect it
Maybe you don't know Symfony secrets component
Or how it works
you're in the right place.
But should you trust Symfony secrets ?
I mean if you open
the Symfony blog, what do you
see? This is based on a
traditional public key cryptography and
libsodium ? Traditional ? not testing your code
is traditional, but we are here
to discover if this is really
something worth it to trust.
If you open your console, vault
is a set of commands that
will help you to generate Keys
encode and decode your data the
first comment that you might want to run is
bin/console secrets generate keys
If you open your directory
config/secrets/dev
you will find two files: public file
and a private file. These two
files are your keys.
You will have to create these
keys for every environment you manage
production staging development even
local. Why are we even doing
this? Let me explain. encryption transform
your data into a string. A serie
of strings of non fixed length.
There are two main types of
encryption symmetric encryption and asymmetric
encryption the symmetric encryption use
The same key to encrypt and
décrypter si dans la RCA
tricky or public key encryption. It
uses two keys one to encrypt
one to decrypt. now. Technically,
it doesn't matter which one you
choose as for public or private
key both can be used to
encrypt and decrypt but as
soon as you choose one to
encrypt only this other one
Can decrypt your data this is
the basic manipulation of a public
key cryptography system choosing a key
to encrypt your data makes it
public which means that everyone should
be able to use it to
encrypt further new data. This one
can be version into your GIT
as for the second one. The
one that you will use to
decrypt. This one should be kept
private it cannot
be version into your git. Only
the intended receptor can be accountable
for that only he could have
that key in it's hand. By he
I mean the server, of course
a technique one could use but
does not really apply to our
situation is the technique of the
double encryption. Let's say I send
you a message. I take your public key
And I use it to encrypt the data. only you
can decrypt it. Great.
I told you either the two
keys can encrypt your data. What
if I start before with encrypting
the message with my private key
only the public key can decrypt
it and just after that I
included with your public therefore only
you can decrypt it in the first place
well, then everyone can
decrypt it in second place because
my key is public therefore this
key only you
could decrypt it and only I could
I wrote it. Now ! the fun part !
How these two keys are
generated? Well, we need to select
two prime numbers. Let name them
p and Q. This is part
of every cryptography assumption. this assumption
is that no computer from
now is able to crack the
product of these two primes. No
one is able to find the
two original values of these two
large prime numbers
multiplied together and every cryptography
system is based on that assumption.
The product will be a really
large number a huge number. We
are going to name it n
and this number could be public.
It does not matter. The next
Step before the public key is
to calculate the totient, which is
the number of element in N
that can be only divided by
1.
or themselves
Thanks to that we're going to
calculate the public. The public key
is the value that is situated
between 3 and totient of
n
that has no common divisor
with totient of n
to calculate the private key. We
need to use a function the
extended euclidean algorithm.
We are going to find a
value that is the inverse multiplyer.
What does that mean? that mean that
to prove that my value is
a proper private key. I need
to find that my private key
multiplied by my public key
answer to one question. if that
value.
is made into a modulo totient
of N I should have as
an answer one. If not, it's
not a proper private key. Now.
We have a public key and
private key. Can you enter bin
console Secrets set
and PWD for password? It will
ask for you to type in
your password.
And it will store it into
a new file. If you open
that file, you will see that
this is just garbage. You can't
use it as per se. if
you want to display it in
your console. You can use secret
list or even secrets:list --reveal
with that you can
display your values encoded or
decoded
To use this value in Symfony
You can Define them as parameter
as you would do for an
environment variable. You just have to
perfect them with Secrets. (no you don't, my mistake)
I'm pretty sure you are wondering
how it works. But the real
problem is not with the keys,
right. It's more how it works
inside because all of
this doesn't tell me if libsodium
is good. if libsodium
Is trust worthy. Well yes
because it's uses a famous well-known
elliptic curve X25519
it uses the XSalsa20
Poly1309, but before detailing how all
these works I should contextualize
this a little. I need
to contextualize their existence and to do this
We need to understand what is at stake
To hash a A string everyone knows SHA1.
This is for secure hashing algorithm,
which is funny because it's not
so secure anymore.
researcher started to show some
flaws into the algorithm around 2005
But nothing to worry because it
was really expensive. I mean the
technology of the time it was
the equivalent of 2.7 billion euros
to inject so really it was
like theoretical attack. still it
was feasible. now in 2015
the graphic cards evolved a lot
and it became
possible. A Well, established
criminal or state could start thinking
about cracking SHA1 with
a cluster of 64 graphic cards.
For instance. It was
estimated around a hundred and twenty
thousand Euros to crack some kind
of SHA1 value
it took sometimes but it was
possible in 2017 it
is even worse and in 2019
it's over. There is a particular
technique that makes a KO on
SHA1. So you should turn
to sHA2 for a
minimum of reliability.
But we should stay careful with our words
'cause we are talking about
cryptography. in cryptography saying
that a hash has been cracked or
that an algorithm has been cracked.
Does not mean that anyone is
able to crack it in one
click and by far but it
that in theory
It's proven that these
hash are not reliable anymore. Not
a hundred percent, but in cryptography
we aim for the hundred percent
to understand the technique
you should know how SHA works
first. This is an algorithm that
can tansform any string in 160 bit string
and to operate, SHA requires an input of 512 bit string
and it uses a compression algorithm.
that will take groups of bits
to make a single one if
it's longer than 512, then it
will be cut in blocks of 512bits
if a block is shorter.
It will be extended. We
have to add a positive bit at the end of the message
then a bunch of zeros and
then the value which is the
length of the message. So for
instance 100111 (I missed a 1) add
a one then a bunch of
0 and then 1 1 1.
the compression function will perform bit
shift from a matrix defined in
the implementation. this algorithm will
execute these compression function like 80
times to obtain in the end
160 bits string. for those of you with an eye
you can see that the
string produced at the screen right
now is a 20-byte binary which
is written as a 40 byte
hexadecimal string. this is
because I've used PHP and
it goes the same with JavaScript the
method returns it doubled
In SHA1 the current the correspondence Matrix is
defined and it means that we
will always find the same result
for the same string. There is
a small possibility that different inputs
can produce the same hash the
technique that is used for the
attack. reduces the
number of variations to be tested to achieve this
this technic is called the Paradox of the babies or
birthday Paradox or Birthday near Collision
attack with this approach. You go
much much faster than before. Let
me explain the principle to you
among 23 babies born in the
world. What is the probability of
this Baby's having the same date
of birth?
23 over 265 which
makes six percent of chance
wrong.
It's not that at all. It's
50% and if you push
it up to 50 babies went
up with a 97 percent of
chance. If you go up with 75 babies you end up with
99.97%
of chance. It's a paradox. It
seems up.
Absurd, but with the math to prove it.
How is it possible that such
a small group have such a
high chance of having the same
birthday? How can we prove
that among these 365
possibilities just a sixth is enough to have a collision
in fact, we are going to prove the opposite.
We're going to prove that they
don't have the same birthday and
it's easier. Baby one is born.
So he has all the choices
in the world 365 over 365
now baby 2 is born the
probability of that is does not have
the same birthday is 365
over 365 multiplied by 364
over 365 one
day less than the number of
babies already born.
Baby 3 is born so it
has to 365 over 365
multiplied by 364
sover 365 multiplied by 363 over 365
and so on fofr the fourth baby. this calculation has a
simpler expression, which is the factorial
of 364 divided by factorial
of 365 minus the number of baby times
365 of Power number of
Babies. minus 1.
for 23 babies,
we are waiting for the result
of 364 factorial divided by 342
factorial multiplied by 365
by power of 22, which gives us 0.49
and so on so almost 50%
of chance that these babies does not
have the same date of birth
the trick is we evaluate the
probability of each babies.
Among themselves . We don't check
that one of the babies between
the 2nd and 23rd have the
same birthday as baby one among
the three sixty five possibilities, but rather
that 2 of the 23 babies have the same birthday among
the three sixty five possibilities. This
is surprising but the math proves
it and very logically
the more babies you add up
the more the risk of interpolation augment.
to break SHA1, the searchers
used that technique to try
to cause a collision. Let's assume
that I have a file in
my possession that we produce this
hash. my goal as a researcher
is to create a new file that produes the same hash
I will try to add up a
multitude of characters ,spaces, commas
appostrophies New Line anything I
want.
And I will try to get
the the same hash in the end with
these variations. the principle before
helps me to reduce the number
of variation. Thanks to that md5
and sha-1 are broken and
I can pass one document has another
To understand how reduced is the
difficulty to compute a collision? Let's
put that into context sha-1. produces
a result of a 160bits
string with a collision probability
1 power 280, which is
about 12 million year of GPU
Computing. Even the NSA or the
NASA wouldn't try it.
with the above method. This probability is
lowered to 2 power 60 which become
possible with a few graphic.
It's insanely lower. As for now, There is
every reason to
switch to SHA2 since it's
from 152bits / 256 bits / 512 bits long strings
which gives us a probability of
2 of power 128
which is considerably higher but the
fact that it remains possible is
a risk, so we need to
imagine other ways to secure our
data and making the result
even more random. in modern algorithms.
They use these SP networks. It's
for SP for substitution
permutation. Enigma. The machine
does substitution. It has a substitution
level of 1 to 1.
with each gear rotation in the machine
one letter equal another letter.
this means that if I want
to decode a secret, I need
to focus on the pair
Once I've got one letter then
I can remove that pair
from the equation and focus on
the rest.
when you use MD4, MD5, SHA0, SHA1
its uses the same principle, but
it will add some mathematical operation
to it XOR NOT
AND
MODULO stuff like that, but nevertheless
with this method is still possible to
create different files with
the same signature, which
is not perfect.
So we need to add more confusion
we are going to use permutations
instead of replacing the values. We
are going to mix their position
and be careful as the first
step is not random. They are
predefined values. It's necessary to be
able to come back to the
original statues the original position the
way it works.
The first time the string will be encoded
in blocks of a certain size
and if the last block or only block is smaller
then we extendit. each block is
passed into an Sbox, a substitution box
and its purpose is to exchange
their value by another from predefined
Matrix. we are going to pass this block
The block of value are
put together again then it's it
already mean less and the value
is submitted within a p-box, a permutation
box where we don't replace the value.
We just move them into the
chain. If we stop there we
do a little better but not
much better than Enigma then we're
going to use a key hash.
That would be split into block
one for each step.
And we're going to mix that
block with a message with an
xor operation between each step .
We're going to repeat these steps
a certain number of times
10 to 80 times. The number of
rounds, depends on the efficiency of 1 round
AES for instance. Does it between
10 and 14 below this you
lose in safety and above this you lose in
speed for a password to secure
you prefer security but for exchanging
messages you would like to
Provide some Speed without lacking security
when we talk about SP Network.
It's impossible not to mention the
one that protects almost 70% of
the web Rijndael
following the inadequacy of its predecessors
DES and 3DES
the National Institute for standards and
Technology opened a competition to propose
an algorithm will be capable of
surpassing its predecessor the existing ones
and using it at the AES
which is the advanced encryption standard.
There were several competitors and
some were more robust some were
more...
Slower faster anyway
knowing that it was about establishing
a way to communicate over the Internet
it had to be fast, but
not at the expense of the
security.
Other criteria were to include memory
consumption adaptability over Time its
Simplicity stuff like that. Anyway,
the winner is Rijndael
and it was
created by to Belgium Vincent Rijmen
and Joana Daemen and in it's core
lives Xsalsa20
an algorithm that allows to encrypt
with XOR's and is insensitive
to time attacks.
there is a poly1309
which is used to check the
Integrity of your data, and of
course the X25519
elliptic curve to generate the key
the main reason I am explaining this to you
is that the encryption method used by libsodium
therefore by Symfony have an
history with these algorithms. Here's how it
works it.
defines a matrix, a 4x4 grid and
it will cut by blocks of
16 bytes, divide a 256bytes key into pieces
that will be inserted between each XOR
operations and it will repeat these
operations between 10 to 14 times.
The first step is the substitution
of course, and this is an
operation that results in a value
located in the Galois field of
2 Power 8, which is
to say that this is going
to be located.
In between 00000000 and 11111111 (in binary)
the calculation uses a lookup table to get the
results. Now, it's a set of
mathematical function designed to ensure
that an element never Falls in
itself by chance or that to
element does not switch their places
between them. And of course that
this is possible to come back.
at the initial States the second
step is the byte shift in
our matrix each row is shifted
one row to the left
well one column to the left
actually except for the first row
and this step ensure that the
set of values are not encoded
dependently that there is no subset
of short string and therefore that
could be easier to decode
Then the last step of the
rounds is the mixing of columns.
This step is not performed in
the last round since it does not
add so much variation in any
way to shuffle the data, a Matrix
multiplication will result again
in a value located in Galois field
2 Power 8 and for the
mathematician Among Us
wonder how a multiplication of two
large number could not go out
of the imposed field. It's because
the value is Multiplied modulo
a polynomial. and for the others
Just imagine modulo like clock where
instead of noon there is the
highest number allowed.
you can go round
but never pass that.
Okay. So because you can't predict
the number the key used to
rotate around the clock how many
step has been done? It's impossible
to find the original value.
Since we're going to repeat all
the three steps, it will add
even more confusion for the next
execution and here too. We're going
to use functions that will have their inverse
so course all these steps are crucial
and if the implementation
is not rigorous then piece of
keys could leak but fortunately for
it has been encoded directly in our CPU
It's almost impossible
to hack and it's extremely fast.
which is why we had WANNACRY
so can we entrust
our secrets with Symfony and Symfony
Secrets? Yes.
Good. Now we
know the commands. We know we
can put our trust into this
system. Let's see together why we
should use this mechanism or rather.
Let's say when when you deploy
your applications in your web server,
it's if your deployment strategy is
a plain old remote synchronization of
your project your files are sent over
usually you project is kept into a versionning system
and more frequently in to gitlab
github.com. You should never
store into your versioning system the actual
production credentials, right ?
because you don't want to share them with
the entire world
Forget the old fashioned prod_parameter.yml
or the .env.prod.php stored
it's
really the last thing you want
to do. But still you need
to share this credential in production
right? So a solution could be
to use shared file and share
directories parameters. This is an option
available with Capistrano ,deployer.io
almost every deployment based on the
similar approach possess this feature.
But it by doing this you
can create files directly into your
server that wont be erased deployment
after deployment but it lack
resilience in case the server
crashes. It's poor horizontal capabilities
soes not make it a
good choice, especially nowadays when the
cloud computing and containerization takes more
and more space every day. A
better solution could be to use
environment variables
directly available into the machine. This is one
of the main reasons Symfony created
the .dotenv component. Thanks
to a simple %env(KEY)%
You could use one and
inject it into your project configuration.
Brilliant.
But if Symfony always try
to pull you up and your
team up
to new ways each time with
a modern touch each time better
according to the growing new technologies.
They also don't want to
let the others behind. you that
can't have a full devops team
you that can't manage your own server. You would
add can't afford big servers. You
only can afford mutualised servers because
not everyone has big budgets
you too should be able to
transmit the production configuration to your
server in the open
all this without lacking security.
And this is the main reason
behind the work of Tobias, Jeremy
and Nicolas. for this keys and
the computed Secrets PHP file. You
should only version the public and
the Secrets never the private
key. for this key you have
different approaches that are opened to
you. The first one is to
upload the file or just copy its
content directly on the server per
se but of course through a
secure connection.
And if it happened that you
can add a new environment variable
named SYMFONY_DECRIPTION_SECRET. You can
store your key in there, encoded in
base64 and as the documentation
mentions it, you might as well
decode all your secrets locally
to avoid keeping your key into
your server. There is a set
of commands that allow you to
pass from one state to another
in both ways.
This is a good start. But
if your passwords need to be
updated regularly, so are you keys?
This is why there is the
--rotate option that allows
you to regenerate them. So it
will decode your values generate a
new set a new pair of
keys and re-encode your values again.
Now more recently. There is also
addition that has been brought to you
who among you, never had a call in the middle
of the afternoon saying that there is
a bug in production
which is not in development but really
this is the same code
It has to come from the other services
the production services
this is a situation where you possibly
can't debug live in production
you probably need to switch
into your testing environment
to be plugged as if it was in production
but still using the staging credentials
Few weeks from now, has been introduced
in Symfony 5.2 a new kernel.runtime_environment parameter
that takes it's value from the
APP_RUNTIME_ENV envvar if there is any of course
otherwise it will fallback into
into the traditionnal kernel.environment
thanks to that you are able to set you application
in production mode
but using the staging credentials
It will switch from a directory
to the one defined in this parameter
And last but not the least
you can tell your server in one line
by typing APP_RUNTIME_ENV=prod ./bin/console secret:set
where to set your secrets
especially to avoid booting
any production component that obviously
cannot work without being
into a real production environment
I think we're here !
Than you for watching
If you have any questions I am here.