Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto 101 by Laurens Van Houtven
Search
PyCon 2013
March 16, 2013
Programming
10
1.6k
Crypto 101 by Laurens Van Houtven
PyCon 2013
March 16, 2013
Tweet
Share
More Decks by PyCon 2013
See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
pyconslides
32
6.4k
Python for Humans
pyconslides
40
6.7k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
pyconslides
3
1.6k
Use curses, don't swear by Sean Zicari
pyconslides
2
1.5k
Namespaces in Python by Eric Snow
pyconslides
9
1.9k
Internationalization and Localization Done Right by Ruchi Varshney
pyconslides
9
1.2k
"Good Enough" is good enough! by Alex Martelli
pyconslides
13
2.5k
Plover: Thought to Text at 240 WPM by Mirabai Knight
pyconslides
1
1.3k
Other Decks in Programming
See All in Programming
テスターからテストエンジニアへ ~新米テストエンジニアが歩んだ9ヶ月振り返り~
non0113
2
240
Google I/O Extended Incheon 2025 ~ What's new in Android development tools
pluu
1
200
コーディングエージェント概観(2025/07)
itsuki_t88
0
450
[Codecon - 2025] Como não odiar seus testes
camilacampos
0
100
202507_ADKで始めるエージェント開発の基本 〜デモを通じて紹介〜(奥田りさ)The Basics of Agent Development with ADK — A Demo-Focused Introduction
risatube
PRO
5
1.2k
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
twada
PRO
35
10k
知って得する@cloudflare_vite-pluginのあれこれ
chimame
1
120
顧客の画像データをテラバイト単位で配信する 画像サーバを WebP にした際に起こった課題と その対応策 ~継続的な取り組みを添えて~
takutakahashi
4
1.4k
階層化自動テストで開発に機動力を
ickx
1
440
Prompt Engineeringの再定義「Context Engineering」とは
htsuruo
0
110
AWS Summit Japan 2024と2025の比較/はじめてのKiro、今あなたは岐路に立つ
satoshi256kbyte
1
260
TypeScriptでDXを上げろ! Hono編
yusukebe
3
880
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Navigating Team Friction
lara
187
15k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Automating Front-end Workflow
addyosmani
1370
200k
Site-Speed That Sticks
csswizardry
10
730
Designing for humans not robots
tammielis
253
25k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Code Reviewing Like a Champion
maltzj
524
40k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
1k
The Cost Of JavaScript in 2023
addyosmani
51
8.7k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Transcript
Crypto 101 @lvh
@lvh
[email protected]
None
None
None
POST /quantum HTTP/1.1
None
Lightning Talk Version
In motion: TLS
At rest: GPG
(Py)NaCl KeyCzar cryptlib
If you are typing the letters A-E-S into your code,
you’re doing it wrong.
DES: extra wrong MD5, SHA: maybe wrong
Why stay?
Recognizing wrong stuff still matters
Understanding stuff still matters
None
None
xor
1 ^ 0 == 1 0 ^ 1 == 1
1 ^ 1 == 0 0 ^ 0 == 0
Invert? Input Output
Invert: yes (1) Input: 1 Output: 0
Invert: no (0) Input: 1 Output: 1
One-time Pad
1110010101010110 1010100000111101 0100101010101010 ...
OTP crypto XWCVPR
Perfect secrecy
0? 1? 1
1? 0? 1
None
None
None
Victory!
len(one_time_pad)
== len(all_data_ever)
== very_big_number
Exchange?
Ciphers
Block Ciphers
Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext
Fixed size
P C
Random permutation
000: 001 001: 010 010: 111 011: 000 100: 110
101: 011 110: 100 111: 101
x, C(k, x) vs y, C(k, y)
P C
AES
Blowfish/Twofish
DES/3DES
Victory!
“Hello”
with open(“x.jpg”) as f: send(f, you)
Block Cipher
len(message) > block_size
aes.block_size == 128 (16 bytes)
Stream Ciphers
Native stream ciphers
RC4
Salsa20 ChaCha20
Implemented as construction with block ciphers
abcdefghijklmnopqrstuvw C k C k C k C k C
k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {
ECB
plaintext chunk ciphertext chunk
None
None
None
None
Replay Attacks
None
None
Block Cipher Modes of Operation
ECB, (P)CBC, CFB, OFB, CTR
ECB, (P)CBC, CFB, OFB, CTR
CBC
Most common in the wild
BEAST
CTR
{nonce}{count:08d}
D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .
C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...
D1DC4D1FE3679212 0FD25C7B1CF46485 ...
Keystream
Pseudo-OTP
GCM, EAX, OCB, IAPM, CCM, CWC
GCM, EAX, OCB, IAPM, CCM, CWC
PATENT PENDING
Victory!
None
Key exchange?
In person?
None
O(n2)
Diffie-Hellman Key Exchange
None
= +
= + +
- =
Internet Me You
None
+ = + =
None
None
+ = + =
= + + + +
Victory!
None
Cease fire! ZSTAMUTJMEFFILH Cease fire!
Attack at dawn! HUWKEMMQTXMR Attack at dawn!
Authenticity
sender == expected_sender
message == expected_message
Encryption without authentication
Almost certainly wrong
Attackers don’t need to decrypt to modify
Cryptographic hash functions
lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size
Hash Function
lorem ipsum 358d846c39 Hash Function
lorem ipsum 358d846c39 Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
That’s it.
H(x) can be used to compute H(f(x))
Extension attacks
hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()
hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()
my_string = “\nI am not attending, because I have switched
to PHP”
Payment processor
MD5(secret + amount)
$12.00: “1200”
hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()
bwall/HashPump
SHA-3 era: fixed (SHA-3, BLAKE2)
SHA-256, SHA-3 (both are fine)
BLAKE2
MAC
H(x) can be used to compute H(f(x))
MAC(k, x) says nothing about MAC(k, f(x))
MAC(k, x) says nothing about MAC(k, y)
HMAC
hmac(k, hf, msg)
import hmac
Password storage
CHFs are WRONG
password 45ed8f8c31 Hash Function
Brute force?
None
ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s
None
SHA-3?
lorem ipsum 358d846c39 Hash Function
SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)
Salts?
Dictionary attacks
KDFs should be hard to compute
bcrypt (tunably) time-hard
scrypt time- and space-hard
Sender authentication?
None
Public key Cryptography
None
None
None
Key generation
me me you you
me you
Encryption
PK Enc you hello world BXUWD VWQEF
Decryption
PK Dec you hello world BXUWD VWQEF you
Signing
Anyone can use my public key
How do I know you’re you?
PK Dec you Signature HF(m) you
PK Enc you Signature HF(m)
RSA
Victory!
“me” == actually me?
Chains of signatures
I don’t trust you.
But X trusts you.
And I trust X.
So I trust you.
GPG key signing
SSL
TLS
None
version, ciphersuites, ...
Key exchange method (RSA, DH, ...)
Signing algorithm (RSA, DSA, ECDSA)
Bulk encryption algorithm (AES-CBC, RC4...)
MAC algorithm (HMAC-{MD5, SHA2})
version, ciphersuites, ...
✓
RSA Enc srvr random secret OUTDX BHXUS
OUTDXBHXUS
RSA Dec srvr random secret OUTDX BHXUS srvr
random secret AES MAC random secret AES MAC
MAC
None
Encrypted + Authenticated
✓
None
CAs
...
None
valid vs trustworthy?
valid vs trustworthy?
What if I plant a root cert?
sslbump
ICAP/eCAP
lvh/minitrue
Questions?
Timing attacks
Side-channel
Implementation, not theory
None
None
None
None
None
provided == password
compare length
compare byte by byte
“abc” == “xyz”
“abc” == “ayz”
“abc” == “abz”
len(alpha) ** len(pw)
X * X * X * .... len(alpha) possibilities len(pwd)
times
k * len(alpha) * len(pw) possibilities measurements characters
More TLS
Client certificates
Ephemeral Diffie-Hellman
Elliptic Curves ECDH/ECDSA