Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pragmatic Crypto #1

majek04
March 13, 2013

Pragmatic Crypto #1

Pragmatic crypto seminar part 1

majek04

March 13, 2013
Tweet

More Decks by majek04

Other Decks in Technology

Transcript

  1. DIYOC • “Don't invent your own crypto.” • "Anyone can

    invent an encryption algorithm they themselves can't break; it's much harder to invent one that no one else can break." - Schneider
  2. ToC • Random numbers • Pseudo Random Generators (PRG) •

    Cryptographically Secure PRG (CS-PRG) • Sources of entropy • Hashing • Traditional hashing • Cryptographically Secure Hashing • Message Authentication Code • Key Derivation Functions • Side Channel Attacks
  3. • http://blogger.popcnt.org/2007/08/how-bad-password-generator-can-ruin.html Real world bug From today (30.12.2005) new password

    policy is going to be used: ◦ Password must contain eight or more characters ◦ Password must not contain username or any part of it ◦ Password should contain characters from three of four specified categories: 1.Small letters [a-z] 2.Capital letters [A-Z] 3.Digits [0-9] 4.Special characters: [!#$%^&*()_+{}:";'<>,.?]
  4. Assignment #0 [+] Your task is to guess my super

    secure, completely unpredictable password: https://pragmaticcrypto.herokuapp.com/exercise0/ https://github.com/majek/web4crypto
  5. • http://blogger.popcnt.org/2007/08/how-bad-password-generator-can-ruin.html Real world bug No Letters Digits Special 1

    4 2 2 504 * 102 * 152 = 0.140 * 1012 2 5 2 1 505 * 102 * 151 = 0.468 * 1012 3 5 1 2 505 * 101 * 152 = 0.703 * 1012 4 6 1 1 506 * 101 * 151 = 2.243 * 1012 Σ = 3.656 * 1012
  6. • http://blogger.popcnt.org/2007/08/how-bad-password-generator-can-ruin.html Real world bug No Letters Digits Special 1

    4 2 2 504 * 102 * 152 = 0.140 * 1012 2 5 2 1 505 * 102 * 151 = 0.468 * 1012 3 5 1 2 505 * 101 * 152 = 0.703 * 1012 4 6 1 1 506 * 101 * 151 = 2.243 * 1012 75% Σ = 1.311 * 1012
  7. PRG

  8. PRG

  9. PRG 0 1 0 1 1 0 0 1 1

    0 0 1 1 1 0 0 1 1 0 1 f(state) state value
  10. random.random() C, Java, VB LCG Python, Ruby, PHP Mersenne Twister

    Javascript* Marsaglia’s MWC DVD, GSM, Bluetooth LFSR • https://en.wikipedia.org/wiki/Linear_congruential_generator • https://en.wikipedia.org/wiki/Multiply-with-carry
  11. Assignment #1 [ ] This is my PRNG code: def

    _lcg(state): return (1103515245*state + 12345) % (2**31) def lcg_generator(seed): state = seed while True: state = _lcg(state) yield state with open('/dev/urandom', 'rb') as f: seed, = struct.unpack('I', f.read(4)) gen = lcg_generator(seed) [ ] See - my PRNG is initialized using super secure seed! [ ] First value of the PRNG is: 123456 [+] Your task is to predict the second value of my LCG PRNG: https://pragmaticcrypto.herokuapp.com/exercise1/
  12. • http://www.smogon.com/forums/group.php?do=discuss&gmid=1699 Assignment #2* https://pragmaticcrypto.herokuapp.com/exercise2/ [ ] This is my

    PRNG code: def _lcg(state): return (1103515245*state + 12345) % (2**31) def lcg_generator(seed): state = seed while True: state = _lcg(state) yield state with open('/dev/urandom', 'rb') as f: seed, = struct.unpack('I', f.read(4)) gen = lcg_generator(seed) [ ] Second value of the PRNG is: 12345 [+] Your task is to recover the first value of my LCG PRNG:
  13. CS-PRG • OpenSSL.RAND_bytes(num) • RC4 • Salsa20 • Sosemanuk •

    http://spark-university.s3.amazonaws.com/stanford-crypto/slides/02-stream-v2-annotated.pdf
  14. CS-PRG Language Method State size C, Java, VB LCG 32

    Python Mersenne Twister 32 DVD; GSM; Bluetooth LFSR 40 OpenSSL.RAND_bytes unnamed 8192 RC4 1024 Salsa 20 128 or 256 Sosemanuk 128 or 256 • http://spark-university.s3.amazonaws.com/stanford-crypto/slides/02-stream-v2-annotated.pdf • http://src.gnu-darwin.org/src/crypto/openssl/crypto/rand/md_rand.c.html
  15. • http://blogger.popcnt.org/2007/08/how-bad-password-generator-can-ruin.html Real world bug Intention 2014 * 1012 Constrains

    1900 * 1012 Weak algo 100% 3.656 * 1012 Weak algo 75% 1.311 * 1012 Weak PRNG 4294 * 106 Weak seed 24*60*60*1000 = 86.4 * 106
  16. • http://hg.python.org/cpython/file/3.2/Lib/random.py#l111 Assignment #3 [ ] 29777 seconds ago I

    generated a password. [ ] You will never crack it! [ ] Oh, I used python random module, and I initialized the [ ] seed like python does on some platforms: random.seed(int(time.time() * 256)) [ ] The password was generated like that: secret = ''.join(random.choice(string.ascii_letters) for i in range(12)) [+] Your task is to guess the password: https://pragmaticcrypto.herokuapp.com/exercise3/
  17. Entropy • Hardware Random Number Generator • /dev/random • /dev/urandom

    • Intel RdRand • https://en.wikipedia.org/wiki/Entropy_(computing) • https://en.wikipedia.org/wiki/RdRand • http://en.wikipedia.org/wiki/Hardware_random_number_generator • http://www.ciphergoth.org/crypto/unbiasing/
  18. Conclusion • Never use built-in “Math.random()” • It’s (almost) always

    predictable • CS-PRG are rarely built-in • Must be seeded with good entropy • Testing entropy sources is hard
  19. • http://web.archive.org/web/20110430001326/http://15seconds.com/issue/051110.htm Real world bug Intention 2014 * 1012 Constrains

    1900 * 1012 Weak algo 100% 3.656 * 1012 Weak algo 75% 1.311 * 1012 Weak PRNG 4294 * 106 Weak seed 86.4 * 106 Seed and PRNG 64 * 103
  20. Real world bug Intention 2014 * 1012 50.8 Constrains 1900

    * 1012 50.7 Weak algo 100% 3.656 * 1012 41.7 Weak algo 75% 1.311 * 1012 40.2 Weak PRNG 4294 * 106 32 Weak seed 86.4 * 106 26 Seed and PRNG 64 * 103 16