Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto 101 by Laurens Van Houtven
Search
PyCon 2013
March 16, 2013
Programming
10
1.4k
Crypto 101 by Laurens Van Houtven
PyCon 2013
March 16, 2013
Tweet
Share
More Decks by PyCon 2013
See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
pyconslides
32
6.3k
Python for Humans
pyconslides
40
6.6k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
pyconslides
3
1.5k
Use curses, don't swear by Sean Zicari
pyconslides
2
1.4k
Namespaces in Python by Eric Snow
pyconslides
9
1.8k
Internationalization and Localization Done Right by Ruchi Varshney
pyconslides
9
1.1k
"Good Enough" is good enough! by Alex Martelli
pyconslides
13
2.5k
Plover: Thought to Text at 240 WPM by Mirabai Knight
pyconslides
1
1.2k
Other Decks in Programming
See All in Programming
プロダクトの品質に コミットする / Commit to Product Quality
pekepek
2
770
競技プログラミングへのお誘い@阪大BOOSTセミナー
kotamanegi
0
360
PHPで学ぶプログラミングの教訓 / Lessons in Programming Learned through PHP
nrslib
2
170
暇に任せてProxmoxコンソール 作ってみました
karugamo
1
720
たのしいparse.y
ydah
3
120
責務を分離するための例外設計 - PHPカンファレンス 2024
kajitack
1
560
採用事例の少ないSvelteを選んだ理由と それを正解にするためにやっていること
oekazuma
2
1k
クリエイティブコーディングとRuby学習 / Creative Coding and Learning Ruby
chobishiba
0
3.9k
Webエンジニア主体のモバイルチームの 生産性を高く保つためにやったこと
igreenwood
0
330
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
250
[JAWS-UG横浜 #76] イケてるアップデートを宇宙いち早く紹介するよ!
maroon1st
0
460
開発者とQAの越境で自動テストが増える開発プロセスを実現する
92thunder
1
180
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
53
13k
How to Think Like a Performance Engineer
csswizardry
22
1.2k
Side Projects
sachag
452
42k
Raft: Consensus for Rubyists
vanstee
137
6.7k
Designing Experiences People Love
moore
138
23k
Testing 201, or: Great Expectations
jmmastey
40
7.1k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
Mobile First: as difficult as doing things right
swwweet
222
9k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Transcript
Crypto 101 @lvh
@lvh
[email protected]
None
None
None
POST /quantum HTTP/1.1
None
Lightning Talk Version
In motion: TLS
At rest: GPG
(Py)NaCl KeyCzar cryptlib
If you are typing the letters A-E-S into your code,
you’re doing it wrong.
DES: extra wrong MD5, SHA: maybe wrong
Why stay?
Recognizing wrong stuff still matters
Understanding stuff still matters
None
None
xor
1 ^ 0 == 1 0 ^ 1 == 1
1 ^ 1 == 0 0 ^ 0 == 0
Invert? Input Output
Invert: yes (1) Input: 1 Output: 0
Invert: no (0) Input: 1 Output: 1
One-time Pad
1110010101010110 1010100000111101 0100101010101010 ...
OTP crypto XWCVPR
Perfect secrecy
0? 1? 1
1? 0? 1
None
None
None
Victory!
len(one_time_pad)
== len(all_data_ever)
== very_big_number
Exchange?
Ciphers
Block Ciphers
Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext
Fixed size
P C
Random permutation
000: 001 001: 010 010: 111 011: 000 100: 110
101: 011 110: 100 111: 101
x, C(k, x) vs y, C(k, y)
P C
AES
Blowfish/Twofish
DES/3DES
Victory!
“Hello”
with open(“x.jpg”) as f: send(f, you)
Block Cipher
len(message) > block_size
aes.block_size == 128 (16 bytes)
Stream Ciphers
Native stream ciphers
RC4
Salsa20 ChaCha20
Implemented as construction with block ciphers
abcdefghijklmnopqrstuvw C k C k C k C k C
k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {
ECB
plaintext chunk ciphertext chunk
None
None
None
None
Replay Attacks
None
None
Block Cipher Modes of Operation
ECB, (P)CBC, CFB, OFB, CTR
ECB, (P)CBC, CFB, OFB, CTR
CBC
Most common in the wild
BEAST
CTR
{nonce}{count:08d}
D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .
C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...
D1DC4D1FE3679212 0FD25C7B1CF46485 ...
Keystream
Pseudo-OTP
GCM, EAX, OCB, IAPM, CCM, CWC
GCM, EAX, OCB, IAPM, CCM, CWC
PATENT PENDING
Victory!
None
Key exchange?
In person?
None
O(n2)
Diffie-Hellman Key Exchange
None
= +
= + +
- =
Internet Me You
None
+ = + =
None
None
+ = + =
= + + + +
Victory!
None
Cease fire! ZSTAMUTJMEFFILH Cease fire!
Attack at dawn! HUWKEMMQTXMR Attack at dawn!
Authenticity
sender == expected_sender
message == expected_message
Encryption without authentication
Almost certainly wrong
Attackers don’t need to decrypt to modify
Cryptographic hash functions
lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size
Hash Function
lorem ipsum 358d846c39 Hash Function
lorem ipsum 358d846c39 Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
That’s it.
H(x) can be used to compute H(f(x))
Extension attacks
hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()
hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()
my_string = “\nI am not attending, because I have switched
to PHP”
Payment processor
MD5(secret + amount)
$12.00: “1200”
hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()
bwall/HashPump
SHA-3 era: fixed (SHA-3, BLAKE2)
SHA-256, SHA-3 (both are fine)
BLAKE2
MAC
H(x) can be used to compute H(f(x))
MAC(k, x) says nothing about MAC(k, f(x))
MAC(k, x) says nothing about MAC(k, y)
HMAC
hmac(k, hf, msg)
import hmac
Password storage
CHFs are WRONG
password 45ed8f8c31 Hash Function
Brute force?
None
ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s
None
SHA-3?
lorem ipsum 358d846c39 Hash Function
SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)
Salts?
Dictionary attacks
KDFs should be hard to compute
bcrypt (tunably) time-hard
scrypt time- and space-hard
Sender authentication?
None
Public key Cryptography
None
None
None
Key generation
me me you you
me you
Encryption
PK Enc you hello world BXUWD VWQEF
Decryption
PK Dec you hello world BXUWD VWQEF you
Signing
Anyone can use my public key
How do I know you’re you?
PK Dec you Signature HF(m) you
PK Enc you Signature HF(m)
RSA
Victory!
“me” == actually me?
Chains of signatures
I don’t trust you.
But X trusts you.
And I trust X.
So I trust you.
GPG key signing
SSL
TLS
None
version, ciphersuites, ...
Key exchange method (RSA, DH, ...)
Signing algorithm (RSA, DSA, ECDSA)
Bulk encryption algorithm (AES-CBC, RC4...)
MAC algorithm (HMAC-{MD5, SHA2})
version, ciphersuites, ...
✓
RSA Enc srvr random secret OUTDX BHXUS
OUTDXBHXUS
RSA Dec srvr random secret OUTDX BHXUS srvr
random secret AES MAC random secret AES MAC
MAC
None
Encrypted + Authenticated
✓
None
CAs
...
None
valid vs trustworthy?
valid vs trustworthy?
What if I plant a root cert?
sslbump
ICAP/eCAP
lvh/minitrue
Questions?
Timing attacks
Side-channel
Implementation, not theory
None
None
None
None
None
provided == password
compare length
compare byte by byte
“abc” == “xyz”
“abc” == “ayz”
“abc” == “abz”
len(alpha) ** len(pw)
X * X * X * .... len(alpha) possibilities len(pwd)
times
k * len(alpha) * len(pw) possibilities measurements characters
More TLS
Client certificates
Ephemeral Diffie-Hellman
Elliptic Curves ECDH/ECDSA