Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crypto 101 by Laurens Van Houtven
Search
PyCon 2013
March 16, 2013
Programming
10
1.6k
Crypto 101 by Laurens Van Houtven
PyCon 2013
March 16, 2013
Tweet
Share
More Decks by PyCon 2013
See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
pyconslides
32
6.4k
Python for Humans
pyconslides
40
6.7k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
pyconslides
3
1.6k
Use curses, don't swear by Sean Zicari
pyconslides
2
1.5k
Namespaces in Python by Eric Snow
pyconslides
9
1.9k
Internationalization and Localization Done Right by Ruchi Varshney
pyconslides
9
1.2k
"Good Enough" is good enough! by Alex Martelli
pyconslides
13
2.5k
Plover: Thought to Text at 240 WPM by Mirabai Knight
pyconslides
1
1.3k
Other Decks in Programming
See All in Programming
Kotlin エンジニアへ送る:Swift 案件に参加させられる日に備えて~似てるけど色々違う Swift の仕様 / from Kotlin to Swift
lovee
1
260
なんとなくわかった気になるブロックテーマ入門/contents.nagoya 2025 6.28
chiilog
1
270
PHPで始める振る舞い駆動開発(Behaviour-Driven Development)
ohmori_yusuke
2
350
Discover Metal 4
rei315
2
130
PicoRuby on Rails
makicamel
2
130
iOS 26にアップデートすると実機でのHot Reloadができない?
umigishiaoi
0
130
Flutterで備える!Accessibility Nutrition Labels完全ガイド
yuukiw00w
0
160
ソフトウェア品質を数字で捉える技術。事業成長を支えるシステム品質の マネジメント
takuya542
1
12k
AIともっと楽するE2Eテスト
myohei
0
360
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
440
関数型まつりレポート for JuliaTokai #22
antimon2
0
160
Quand Symfony, ApiPlatform, OpenAI et LangChain s'allient pour exploiter vos PDF : de la théorie à la production…
ahmedbhs123
0
170
Featured
See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
5
270
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Why Our Code Smells
bkeepers
PRO
337
57k
How STYLIGHT went responsive
nonsquared
100
5.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Fireside Chat
paigeccino
37
3.5k
Docker and Python
trallard
44
3.5k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Raft: Consensus for Rubyists
vanstee
140
7k
Transcript
Crypto 101 @lvh
@lvh
[email protected]
None
None
None
POST /quantum HTTP/1.1
None
Lightning Talk Version
In motion: TLS
At rest: GPG
(Py)NaCl KeyCzar cryptlib
If you are typing the letters A-E-S into your code,
you’re doing it wrong.
DES: extra wrong MD5, SHA: maybe wrong
Why stay?
Recognizing wrong stuff still matters
Understanding stuff still matters
None
None
xor
1 ^ 0 == 1 0 ^ 1 == 1
1 ^ 1 == 0 0 ^ 0 == 0
Invert? Input Output
Invert: yes (1) Input: 1 Output: 0
Invert: no (0) Input: 1 Output: 1
One-time Pad
1110010101010110 1010100000111101 0100101010101010 ...
OTP crypto XWCVPR
Perfect secrecy
0? 1? 1
1? 0? 1
None
None
None
Victory!
len(one_time_pad)
== len(all_data_ever)
== very_big_number
Exchange?
Ciphers
Block Ciphers
Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext
Fixed size
P C
Random permutation
000: 001 001: 010 010: 111 011: 000 100: 110
101: 011 110: 100 111: 101
x, C(k, x) vs y, C(k, y)
P C
AES
Blowfish/Twofish
DES/3DES
Victory!
“Hello”
with open(“x.jpg”) as f: send(f, you)
Block Cipher
len(message) > block_size
aes.block_size == 128 (16 bytes)
Stream Ciphers
Native stream ciphers
RC4
Salsa20 ChaCha20
Implemented as construction with block ciphers
abcdefghijklmnopqrstuvw C k C k C k C k C
k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {
ECB
plaintext chunk ciphertext chunk
None
None
None
None
Replay Attacks
None
None
Block Cipher Modes of Operation
ECB, (P)CBC, CFB, OFB, CTR
ECB, (P)CBC, CFB, OFB, CTR
CBC
Most common in the wild
BEAST
CTR
{nonce}{count:08d}
D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .
C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...
D1DC4D1FE3679212 0FD25C7B1CF46485 ...
Keystream
Pseudo-OTP
GCM, EAX, OCB, IAPM, CCM, CWC
GCM, EAX, OCB, IAPM, CCM, CWC
PATENT PENDING
Victory!
None
Key exchange?
In person?
None
O(n2)
Diffie-Hellman Key Exchange
None
= +
= + +
- =
Internet Me You
None
+ = + =
None
None
+ = + =
= + + + +
Victory!
None
Cease fire! ZSTAMUTJMEFFILH Cease fire!
Attack at dawn! HUWKEMMQTXMR Attack at dawn!
Authenticity
sender == expected_sender
message == expected_message
Encryption without authentication
Almost certainly wrong
Attackers don’t need to decrypt to modify
Cryptographic hash functions
lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size
Hash Function
lorem ipsum 358d846c39 Hash Function
lorem ipsum 358d846c39 Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function
That’s it.
H(x) can be used to compute H(f(x))
Extension attacks
hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()
hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()
my_string = “\nI am not attending, because I have switched
to PHP”
Payment processor
MD5(secret + amount)
$12.00: “1200”
hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()
bwall/HashPump
SHA-3 era: fixed (SHA-3, BLAKE2)
SHA-256, SHA-3 (both are fine)
BLAKE2
MAC
H(x) can be used to compute H(f(x))
MAC(k, x) says nothing about MAC(k, f(x))
MAC(k, x) says nothing about MAC(k, y)
HMAC
hmac(k, hf, msg)
import hmac
Password storage
CHFs are WRONG
password 45ed8f8c31 Hash Function
Brute force?
None
ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s
None
SHA-3?
lorem ipsum 358d846c39 Hash Function
SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)
Salts?
Dictionary attacks
KDFs should be hard to compute
bcrypt (tunably) time-hard
scrypt time- and space-hard
Sender authentication?
None
Public key Cryptography
None
None
None
Key generation
me me you you
me you
Encryption
PK Enc you hello world BXUWD VWQEF
Decryption
PK Dec you hello world BXUWD VWQEF you
Signing
Anyone can use my public key
How do I know you’re you?
PK Dec you Signature HF(m) you
PK Enc you Signature HF(m)
RSA
Victory!
“me” == actually me?
Chains of signatures
I don’t trust you.
But X trusts you.
And I trust X.
So I trust you.
GPG key signing
SSL
TLS
None
version, ciphersuites, ...
Key exchange method (RSA, DH, ...)
Signing algorithm (RSA, DSA, ECDSA)
Bulk encryption algorithm (AES-CBC, RC4...)
MAC algorithm (HMAC-{MD5, SHA2})
version, ciphersuites, ...
✓
RSA Enc srvr random secret OUTDX BHXUS
OUTDXBHXUS
RSA Dec srvr random secret OUTDX BHXUS srvr
random secret AES MAC random secret AES MAC
MAC
None
Encrypted + Authenticated
✓
None
CAs
...
None
valid vs trustworthy?
valid vs trustworthy?
What if I plant a root cert?
sslbump
ICAP/eCAP
lvh/minitrue
Questions?
Timing attacks
Side-channel
Implementation, not theory
None
None
None
None
None
provided == password
compare length
compare byte by byte
“abc” == “xyz”
“abc” == “ayz”
“abc” == “abz”
len(alpha) ** len(pw)
X * X * X * .... len(alpha) possibilities len(pwd)
times
k * len(alpha) * len(pw) possibilities measurements characters
More TLS
Client certificates
Ephemeral Diffie-Hellman
Elliptic Curves ECDH/ECDSA