Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Encriptação de A a Z

Hussani Oliveira
May 27, 2017
Technology
0
150

Encriptação de A a Z

Quando você precisa comunicar algo, mas não quer que nenhum enxerido saiba da mensagem, o que você faz? Naturalmente “falar em códigos” é parece ser a melhor opção, mas pra isso você deve saber que padrão usar. SHA1, MD5, Bcrypt, SSL, ciphers, salt, e muito mais: Você talvez tenha ouvido falar de algumas dessas palavras, mas chegou a hora de conhecer como funciona um processo de criptografia e tudo o que há de melhor sobre isso no PHP.

Hussani Oliveira

May 27, 2017
Tweet

More Decks by Hussani Oliveira

See All by Hussani Oliveira
Elixir e suas partes boas
hussani
1
170
Idiomatic Golang Tests
hussani
0
720
Automação - Usando melhor seu tempo e seus recursos
hussani
2
150
PHP no Google AppEngine
hussani
2
180
Automação e Deploy com Phing
hussani
3
540

Other Decks in Technology

See All in Technology
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
0
1.1k
QAEチームが辿った3年 ボクらが改善業務にスクラムを選んだワケ / 20241108_cloudsign_ques23
bengo4com
0
1.3k
Can We Measure Developer Productivity?
ewolff
1
120
形式手法の 10 メートル手前 #kernelvm / Kernel VM Study Hokuriku Part 7
ytaka23
5
820
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
460
TinyGoを使ったVSCode拡張機能実装
askua
2
210
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
2
1.2k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
370
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
340
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
210
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.1k
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
29
7.7k

Featured

See All Featured
Fireside Chat
paigeccino
33
3k
Building Adaptive Systems
keathley
38
2.3k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Writing Fast Ruby
sferik
627
61k
A better future with KSS
kneath
238
17k
BBQ
matthewcrist
85
9.3k
Designing Experiences People Love
moore
138
23k
What's new in Ruby 2.0
geeforr
343
31k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k

Transcript

  1. Encriptação de A a Z

  2. Quem é o Hussani?

  3. None

  4. Cryptography

  5. “Cryptography is the science and art of coding and decoding

    of secret messages, information or data.”
  6. None

  7. Cryptography components

  8. None
  9. None

  10. Ciphers

  11. A cipher is a set of rules for converting between

    plaintext and ciphertext.

  12. Types of ciphers

  13. Classical Cipher

  14. Substitution

  15. Caesar

  16. char -> char + 3

  17. A -> D

  18. C -> F

  19. Hello -> ?

  20. Hello -> Khoor

  21. Paper Cipher Wheel

  22. None

  23. ROT-n

  24. ROTate

  25. Caesar = ROT-3

  26. ROT-2 A -> C Hello -> Jgnnq

  27. Max ROT = 13

  28. alphabet = 26 chars

  29. 13 * 2 = 26

  30. ROT-13 = inverse alphabet

  31. Symmetric

  32. {msg}Y -> {msg}(-Y)

  33. Modern Ciphers

  34. Block Cipher

  35. char = 8 bytes = 1 bit

  36. block = group of bits

  37. 32, 64, 128, 256, 512, 1024…

  38. Asymmetric

  39. None

  40. Public-Private Cryptography

  41. {msg}X -> {msg}Y

  42. Hashes

  43. Convert data on single value

  44. Most times irreversible

  45. None

  46. OpenSSL

  47. OpenSSL

  48. OpenSSL Toolkit OpenSSL CLI

  49. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers

  50. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers
 
 Can use may key types

  51. OpenSSL Toolkit OpenSSL CLI
 
 Can encrypt data using many

    ciphers
 
 Can use may key types Easy

  52. $msg = openssl_encrypt('test', ‘des-ede3', 'my-test');
 // oSSMoiYum5s=

  53. $msg = openssl_encrypt('test', ‘des-ede3', 'my-test');
 // oSSMoiYum5s= echo openssl_decrypt($msg, 'des-ede3',

    ‘my-test');
 // test

  54. Hash

  55. Password Hash API

  56. Password Hash API

  57. Password Hash API Recommended password API

  58. Password Hash API Recommended password API Always updated

  59. Password Hash API Recommended password API Always updated Too simple

  60. Password Hash API Recommended password API Always updated Too simple

    Trivializes crypt to create bcrypt hashes

  61. Password Hash API Recommended password API Always updated Too simple

    Trivializes crypt to create bcrypt hashes Implements Argon2 (PHP 7.2)

  62. $hash = password_hash("my_p@sswd", PASSWORD_DEFAULT);
 // $2y$10$rwwStToOAzObe8xAkfJzP.CCVrOYgRBy8nmNRPPrleo var_dump(password_verify("my_p@sswd", $hash));
 // bool(true)

  63. Deprecated

  64. Deprecated • MHash • Mcrypt

  65. Avoid

  66. Avoid crypt function

  67. Avoid crypt function MD5 for passwords

  68. Avoid crypt function MD5 for passwords SHA1 for passwords

  69. None
  70. None

  71. Obrigado :)