Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto 101 by Laurens Van Houtven

PyCon 2013
March 16, 2013
Programming
10
1.4k

Crypto 101 by Laurens Van Houtven

PyCon 2013

March 16, 2013
Tweet

More Decks by PyCon 2013

See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
pyconslides
32
6.2k
Python for Humans
pyconslides
40
6.6k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
pyconslides
3
1.5k
Use curses, don't swear by Sean Zicari
pyconslides
2
1.4k
Namespaces in Python by Eric Snow
pyconslides
9
1.8k
Internationalization and Localization Done Right by Ruchi Varshney
pyconslides
9
1.1k
"Good Enough" is good enough! by Alex Martelli
pyconslides
13
2.5k
Plover: Thought to Text at 240 WPM by Mirabai Knight
pyconslides
1
1.2k

Other Decks in Programming

See All in Programming
Remix on Hono on Cloudflare Workers
yusukebe
1
280
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
100
Better Code Design in PHP
afilina
PRO
0
120
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.7k
Realtime API 入門
riofujimon
0
150
Laravel や Symfony で手っ取り早く
OpenAPI のドキュメントを作成する
azuki
2
110
RubyLSPのマルチバイト文字対応
notfounds
0
120
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
24k
Contemporary Test Cases
maaretp
0
130
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
480
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
160

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
A Tale of Four Properties
chriscoyier
156
23k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
120
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Thoughts on Productivity
jonyablonski
67
4.3k
Making Projects Easy
brettharned
115
5.9k
GraphQLとの向き合い方2022年版
quramy
43
13k
How to train your dragon (web standard)
notwaldorf
88
5.7k
The Language of Interfaces
destraynor
154
24k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k

Transcript

  1. Crypto 101 @lvh

  2. @lvh [email protected]

  3. None
  4. None
  5. None

  6. POST /quantum HTTP/1.1

  7. None

  8. Lightning Talk Version

  9. In motion: TLS

  10. At rest: GPG

  11. (Py)NaCl KeyCzar cryptlib

  12. If you are typing the letters A-E-S into your code,

    you’re doing it wrong.

  13. DES: extra wrong MD5, SHA: maybe wrong

  14. Why stay?

  15. Recognizing wrong stuff still matters

  16. Understanding stuff still matters

  17. None
  18. None

  19. xor

  20. 1 ^ 0 == 1 0 ^ 1 == 1

  21. 1 ^ 1 == 0 0 ^ 0 == 0

  22. Invert? Input Output

  23. Invert: yes (1) Input: 1 Output: 0

  24. Invert: no (0) Input: 1 Output: 1

  25. One-time Pad

  26. 1110010101010110 1010100000111101 0100101010101010 ...

  27. OTP crypto XWCVPR

  28. Perfect secrecy

  29. 0? 1? 1

  30. 1? 0? 1

  31. None
  32. None
  33. None

  34. Victory!

  35. len(one_time_pad)

  36. == len(all_data_ever)

  37. == very_big_number

  38. Exchange?

  39. Ciphers

  40. Block Ciphers

  41. Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext

    Fixed size

  42. P C

  43. Random permutation

  44. 000: 001 001: 010 010: 111 011: 000 100: 110

    101: 011 110: 100 111: 101

  45. x, C(k, x) vs y, C(k, y)

  46. P C

  47. AES

  48. Blowfish/Twofish

  49. DES/3DES

  50. Victory!

  51. “Hello”

  52. with open(“x.jpg”) as f: send(f, you)

  53. Block Cipher

  54. len(message) > block_size

  55. aes.block_size == 128 (16 bytes)

  56. Stream Ciphers

  57. Native stream ciphers

  58. RC4

  59. Salsa20 ChaCha20

  60. Implemented as construction with block ciphers

  61. abcdefghijklmnopqrstuvw C k C k C k C k C

    k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {

  62. ECB

  63. plaintext chunk ciphertext chunk

  64. None
  65. None
  66. None
  67. None

  68. Replay Attacks

  69. None
  70. None

  71. Block Cipher Modes of Operation

  72. ECB, (P)CBC, CFB, OFB, CTR

  73. ECB, (P)CBC, CFB, OFB, CTR

  74. CBC

  75. Most common in the wild

  76. BEAST

  77. CTR

  78. {nonce}{count:08d}

  79. D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .

  80. C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...

  81. D1DC4D1FE3679212 0FD25C7B1CF46485 ...

  82. Keystream

  83. Pseudo-OTP

  84. GCM, EAX, OCB, IAPM, CCM, CWC

  85. GCM, EAX, OCB, IAPM, CCM, CWC

  86. PATENT PENDING

  87. Victory!

  88. None

  89. Key exchange?

  90. In person?

  91. None

  92. O(n2)

  93. Diffie-Hellman Key Exchange

  94. None

  95. = +

  96. = + +

  97. - =

  98. Internet Me You

  99. None

  100. + = + =

  101. None
  102. None

  103. + = + =

  104. = + + + +

  105. Victory!

  106. None

  107. Cease fire! ZSTAMUTJMEFFILH Cease fire!

  108. Attack at dawn! HUWKEMMQTXMR Attack at dawn!

  109. Authenticity

  110. sender == expected_sender

  111. message == expected_message

  112. Encryption without authentication

  113. Almost certainly wrong

  114. Attackers don’t need to decrypt to modify

  115. Cryptographic hash functions

  116. lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size

    Hash Function

  117. lorem ipsum 358d846c39 Hash Function

  118. lorem ipsum 358d846c39 Hash Function

  119. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  120. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  121. That’s it.

  122. H(x) can be used to compute H(f(x))

  123. Extension attacks

  124. hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()

  125. hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()

  126. my_string = “\nI am not attending, because I have switched

    to PHP”

  127. Payment processor

  128. MD5(secret + amount)

  129. $12.00: “1200”

  130. hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()

  131. bwall/HashPump

  132. SHA-3 era: fixed (SHA-3, BLAKE2)

  133. SHA-256, SHA-3 (both are fine)

  134. BLAKE2

  135. MAC

  136. H(x) can be used to compute H(f(x))

  137. MAC(k, x) says nothing about MAC(k, f(x))

  138. MAC(k, x) says nothing about MAC(k, y)

  139. HMAC

  140. hmac(k, hf, msg)

  141. import hmac

  142. Password storage

  143. CHFs are WRONG

  144. password 45ed8f8c31 Hash Function

  145. Brute force?

  146. None

  147. ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s

  148. None

  149. SHA-3?

  150. lorem ipsum 358d846c39 Hash Function

  151. SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)

  152. Salts?

  153. Dictionary attacks

  154. KDFs should be hard to compute

  155. bcrypt (tunably) time-hard

  156. scrypt time- and space-hard

  157. Sender authentication?

  158. None

  159. Public key Cryptography

  160. None
  161. None
  162. None

  163. Key generation

  164. me me you you

  165. me you

  166. Encryption

  167. PK Enc you hello world BXUWD VWQEF

  168. Decryption

  169. PK Dec you hello world BXUWD VWQEF you

  170. Signing

  171. Anyone can use my public key

  172. How do I know you’re you?

  173. PK Dec you Signature HF(m) you

  174. PK Enc you Signature HF(m)

  175. RSA

  176. Victory!

  177. “me” == actually me?

  178. Chains of signatures

  179. I don’t trust you.

  180. But X trusts you.

  181. And I trust X.

  182. So I trust you.

  183. GPG key signing

  184. SSL

  185. TLS

  186. None

  187. version, ciphersuites, ...

  188. Key exchange method (RSA, DH, ...)

  189. Signing algorithm (RSA, DSA, ECDSA)

  190. Bulk encryption algorithm (AES-CBC, RC4...)

  191. MAC algorithm (HMAC-{MD5, SHA2})

  192. version, ciphersuites, ...

  194. RSA Enc srvr random secret OUTDX BHXUS

  195. OUTDXBHXUS

  196. RSA Dec srvr random secret OUTDX BHXUS srvr

  197. random secret AES MAC random secret AES MAC

  198. MAC

  199. None

  200. Encrypted + Authenticated

  202. None

  203. CAs

  204. ...

  205. None

  206. valid vs trustworthy?

  207. valid vs trustworthy?

  208. What if I plant a root cert?

  209. sslbump

  210. ICAP/eCAP

  211. lvh/minitrue

  212. Questions?

  213. Timing attacks

  214. Side-channel

  215. Implementation, not theory

  216. None
  217. None
  218. None
  219. None
  220. None

  221. provided == password

  222. compare length

  223. compare byte by byte

  224. “abc” == “xyz”

  225. “abc” == “ayz”

  226. “abc” == “abz”

  227. len(alpha) ** len(pw)

  228. X * X * X * .... len(alpha) possibilities len(pwd)

    times

  229. k * len(alpha) * len(pw) possibilities measurements characters

  230. More TLS

  231. Client certificates

  232. Ephemeral Diffie-Hellman

  233. Elliptic Curves ECDH/ECDSA