Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Encriptação de A a Z

Hussani Oliveira
May 27, 2017
Technology
0
140

Encriptação de A a Z

Quando você precisa comunicar algo, mas não quer que nenhum enxerido saiba da mensagem, o que você faz? Naturalmente “falar em códigos” é parece ser a melhor opção, mas pra isso você deve saber que padrão usar. SHA1, MD5, Bcrypt, SSL, ciphers, salt, e muito mais: Você talvez tenha ouvido falar de algumas dessas palavras, mas chegou a hora de conhecer como funciona um processo de criptografia e tudo o que há de melhor sobre isso no PHP.

Hussani Oliveira

May 27, 2017
Tweet

More Decks by Hussani Oliveira

See All by Hussani Oliveira
Elixir e suas partes boas
hussani
1
160
Idiomatic Golang Tests
hussani
0
690
Automação - Usando melhor seu tempo e seus recursos
hussani
2
140
PHP no Google AppEngine
hussani
2
180
Automação e Deploy com Phing
hussani
3
490

Other Decks in Technology

See All in Technology
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
190
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
650
Janus
bkuhlmann
1
490
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
120
VS CodeでAWSを操作しよう
smt7174
7
1.6k
アクセス制御にまつわる改善 / Improving access control
itkq
0
530
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
130
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
300
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
430
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
300
データベース02: データベースの概念
trycycle
0
150

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
73
5.2k
Making Projects Easy
brettharned
108
5.5k
For a Future-Friendly Web
brad_frost
172
9k
Ruby is Unlike a Banana
tanoku
96
10k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Thoughts on Productivity
jonyablonski
58
3.8k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Web development in the modern age
philhawksworth
202
10k
Into the Great Unknown - MozCon
thekraken
10
990
Practical Orchestrator
shlominoach
182
9.7k
The Art of Programming - Codeland 2020
erikaheidi
42
12k

Transcript

  1. Encriptação de A a Z

  2. Quem é o Hussani?

  3. None

  4. Cryptography

  5. “Cryptography is the science and art of coding and decoding

    of secret messages, information or data.”
  6. None

  7. Cryptography components

  8. None
  9. None

  10. Ciphers

  11. A cipher is a set of rules for converting between

    plaintext and ciphertext.

  12. Types of ciphers

  13. Classical Cipher

  14. Substitution

  15. Caesar

  16. char -> char + 3

  17. A -> D

  18. C -> F

  19. Hello -> ?

  20. Hello -> Khoor

  21. Paper Cipher Wheel

  22. None

  23. ROT-n

  24. ROTate

  25. Caesar = ROT-3

  26. ROT-2 A -> C Hello -> Jgnnq

  27. Max ROT = 13

  28. alphabet = 26 chars

  29. 13 * 2 = 26

  30. ROT-13 = inverse alphabet

  31. Symmetric

  32. {msg}Y -> {msg}(-Y)

  33. Modern Ciphers

  34. Block Cipher

  35. char = 8 bytes = 1 bit

  36. block = group of bits

  37. 32, 64, 128, 256, 512, 1024…

  38. Asymmetric

  39. None

  40. Public-Private Cryptography

  41. {msg}X -> {msg}Y

  42. Hashes

  43. Convert data on single value

  44. Most times irreversible

  45. None

  46. OpenSSL

  47. OpenSSL

  48. OpenSSL Toolkit OpenSSL CLI

  49. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers

  50. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers
 
 Can use may key types

  51. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers
 
 Can use may key types Easy

  52. $msg = openssl_encrypt('test', ‘des-ede3', 'my-test');
 // oSSMoiYum5s=

  53. $msg = openssl_encrypt('test', ‘des-ede3', 'my-test');
 // oSSMoiYum5s= echo openssl_decrypt($msg, 'des-ede3',

    ‘my-test');
 // test

  54. Hash

  55. Password Hash API

  56. Password Hash API

  57. Password Hash API Recommended password API

  58. Password Hash API Recommended password API Always updated

  59. Password Hash API Recommended password API Always updated Too simple

  60. Password Hash API Recommended password API Always updated Too simple

    Trivializes crypt to create bcrypt hashes

  61. Password Hash API Recommended password API Always updated Too simple

    Trivializes crypt to create bcrypt hashes Implements Argon2 (PHP 7.2)

  62. $hash = password_hash("my_p@sswd", PASSWORD_DEFAULT);
 // $2y$10$rwwStToOAzObe8xAkfJzP.CCVrOYgRBy8nmNRPPrleo var_dump(password_verify("my_p@sswd", $hash));
 // bool(true)

  63. Deprecated

  64. Deprecated • MHash • Mcrypt

  65. Avoid

  66. Avoid crypt function

  67. Avoid crypt function MD5 for passwords

  68. Avoid crypt function MD5 for passwords SHA1 for passwords

  69. None
  70. None

  71. Obrigado :)