The secrets of cryptography

Slide 1

Slide 1 text

The Secrets of Cryptography Christopher Riley Dutch PHP Conference, 2016 1

Slide 2

Slide 2 text

Introduction

Slide 3

Slide 3 text

Cryptography is HARD 2

Slide 4

Slide 4 text

Historic ciphers

Slide 5

Slide 5 text

The ceasar shift

Slide 6

Slide 6 text

The ceasar shift 3

Slide 7

Slide 7 text

The substitution cipher

Slide 8

Slide 8 text

The substitution cipher 4

Slide 9

Slide 9 text

The substitution cipher: possible keys 403,291,461,126,605,635,584,000,000 5

Slide 10

Slide 10 text

The substitution cipher: statistics 6

Slide 11

Slide 11 text

The substitution cipher: frequency analysis 7

Slide 12

Slide 12 text

Vigenère cipher

Slide 13

Slide 13 text

The Vigenère cipher 8

Slide 14

Slide 14 text

The Vigenère cipher 9

Slide 15

Slide 15 text

The Vigenère cipher 10

Slide 16

Slide 16 text

Breaking the Vigenère cipher

Slide 17

Slide 17 text

Breaking The Vigenère cipher 11

Slide 18

Slide 18 text

Breaking The Vigenère cipher 12

Slide 19

Slide 19 text

Enigma

Slide 20

Slide 20 text

Enigma 13

Slide 21

Slide 21 text

Enigma 14

Slide 22

Slide 22 text

Breaking Enigma 15

Slide 23

Slide 23 text

Modern ciphers

Slide 24

Slide 24 text

Modern cryptography • Confidentiality 16

Slide 25

Slide 25 text

Modern cryptography • Confidentiality • Key exchange 17

Slide 26

Slide 26 text

Modern cryptography • Confidentiality • Key exchange • Identity 18

Slide 27

Slide 27 text

Modern cryptography • Confidentiality • Key exchange • Identity • Authentication 19

Slide 28

Slide 28 text

Modern cryptography • Confidentiality • Key exchange • Identity • Authentication • Random number generation 20

Slide 29

Slide 29 text

Symmetric ciphers

Slide 30

Slide 30 text

Stream ciphers

Slide 31

Slide 31 text

A5/1

Slide 32

Slide 32 text

A5/1: implementation diagram 21

Slide 33

Slide 33 text

A5/1: register clocking 22

Slide 34

Slide 34 text

Stream cipher weaknesses • Keys must not be reused 23

Slide 35

Slide 35 text

Stream cipher weaknesses • Keys must not be reused • Easy for an attacker to modify a message 24

Slide 36

Slide 36 text

Stream cipher weaknesses • Keys must not be reused • Easy for an attacker to modify a message • Hard to partially decrypt messages 25

Slide 37

Slide 37 text

Block ciphers

Slide 38

Slide 38 text

Advanced encryption standard (AES)

Slide 39

Slide 39 text

AES: 1 round • Substitute Bytes • Shift Rows • Mix Columns • Add Round Key 26

Slide 40

Slide 40 text

AES: Substitute Bytes 27

Slide 41

Slide 41 text

AES: Shift Rows 28

Slide 42

Slide 42 text

AES: Mix Columns 29

Slide 43

Slide 43 text

AES: Add Round Key 30

Slide 44

Slide 44 text

Modes of operation

Slide 45

Slide 45 text

Electronic code book (ECB)

Slide 46

Slide 46 text

ECB 31

Slide 47

Slide 47 text

ECB: the ECB penguin 1By Larry Ewing [email protected] with The GIMP 32

Slide 48

Slide 48 text

Cipher block chaining (CBC)

Slide 49

Slide 49 text

CBC 33

Slide 50

Slide 50 text

Counter (CTR)

Slide 51

Slide 51 text

CTR 34

Slide 52

Slide 52 text

Galoris Counter mode (GCM)

Slide 53

Slide 53 text

GCM 35

Slide 54

Slide 54 text

Asymetric ciphers

Slide 55

Slide 55 text

Public key cryptography

Slide 56

Slide 56 text

Rivest, Shamir, Adleman (RSA)

Slide 57

Slide 57 text

RSA • (me)d ≡ m (mod n) 36

Slide 58

Slide 58 text

RSA • (me)d ≡ m (mod n) • c ≡ me (mod n) 37

Slide 59

Slide 59 text

RSA • (me)d ≡ m (mod n) • c ≡ me (mod n) • cd ≡ (me)d ≡ m (mod n) 38

Slide 60

Slide 60 text

Identity verification

Slide 61

Slide 61 text

RSA: Message signatures • (md)e ≡ m (mod n) • s ≡ md (mod n) • se ≡ (md)e ≡ m (mod n) 39

Slide 62

Slide 62 text

Implementing Cryptography

Slide 63

Slide 63 text

Implementing Cryptography • Don’t 40

Slide 64

Slide 64 text

Implementing Cryptography • Don’t • Use existing implementations 41

Slide 65

Slide 65 text

Implementing Cryptography • Don’t • Use existing implementations • Bring in an expert 42

Slide 66

Slide 66 text

Implementing Cryptography in PHP

Slide 67

Slide 67 text

Implementing Cryptography in PHP • Halite + libsodium • https://github.com/paragonie/halite 43

Slide 68

Slide 68 text

Implementing Cryptography in PHP • Halite + libsodium • https://github.com/paragonie/halite • Defuse PHP encryption • https://github.com/defuse/php-encryption 44

Slide 69

Slide 69 text

Further reading • Simon Singh - The code book • http://simonsingh.net/The_Black_Chamber 45

Slide 70

Slide 70 text

Further reading • Simon Singh - The code book • http://simonsingh.net/The_Black_Chamber • Bruce Schneier • https://www.schneier.com 46

Slide 71

Slide 71 text

Further reading • Simon Singh - The code book • http://simonsingh.net/The_Black_Chamber • Bruce Schneier • https://www.schneier.com • https://github.com/gilfether/phpcrypt 47

Slide 72

Slide 72 text

Thanks • @giveupalready • https://github.com/carnage • https://joind.in/talk/b0b4d 48

Slide 73

Slide 73 text

Cipher Challenge • http://tiny.cc/0qq6by 49