Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto 101 by Laurens Van Houtven

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for PyCon 2013 PyCon 2013
March 16, 2013
Programming
1.6k
10

Crypto 101 by Laurens Van Houtven

Avatar for PyCon 2013

PyCon 2013

March 16, 2013

More Decks by PyCon 2013

See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
Avatar for PyCon 2013 pyconslides
32
6.6k
Python for Humans
Avatar for PyCon 2013 pyconslides
40
6.8k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
Avatar for PyCon 2013 pyconslides
11
2.1k
ApplePy: An Apple ][ emulator in Python by James Tauber
Avatar for PyCon 2013 pyconslides
3
1.7k
Use curses, don't swear by Sean Zicari
Avatar for PyCon 2013 pyconslides
2
1.5k
Namespaces in Python by Eric Snow
Avatar for PyCon 2013 pyconslides
9
2k
Internationalization and Localization Done Right by Ruchi Varshney
Avatar for PyCon 2013 pyconslides
9
1.2k
"Good Enough" is good enough! by Alex Martelli
Avatar for PyCon 2013 pyconslides
13
2.6k
Plover: Thought to Text at 240 WPM by Mirabai Knight
Avatar for PyCon 2013 pyconslides
1
1.3k

Other Decks in Programming

See All in Programming
Cache-moi si tu peux : patterns et pièges du cache en production - Devoxx France 2026 - Conférence
Avatar for Sébastien LECACHEUR slecache
0
190
Exploring RuboCop with MCP
Avatar for Koichi ITO koic
0
340
t *testing.T は どこからやってくるの?
Avatar for Kotaro Otaka otakakot
0
130
AI時代のPhpStorm最新事情 #phpcon_odawara
Avatar for yusuke yusuke
0
170
Radical Imagining - LIFT 2025-2027 Policy Agenda
Avatar for LIFT lift1998
0
280
10 Tips of AWS ~Gen AI on AWS~
Avatar for matsukada licux
5
340
CursorとClaudeCodeとCodexとOpenCodeを実際に比較してみた
Avatar for Terisuke terisuke
1
430
Running Swift without an OS
Avatar for Kishikawa Katsumi kishikawakatsumi
0
790
ルールルルルルRubyの中身の予備知識 ── RubyKaigiの前に予習しなイカ?
Avatar for ydah ydah
1
160
Nuxt Server Components
Avatar for wattanx wattanx
0
270
Kubernetes上でAgentを動かすための最新動向と押さえるべき概念まとめ
Avatar for Sota Makino sotamaki0421
3
490
Server-Side Kotlin LT大会 vol.18 [Kotlin-lspの最新情報と Neovimのlsp設定例]
Avatar for yasunori yasunori0418
1
120

Featured

See All Featured
svc-hook: hooking system calls on ARM64 by binary rewriting
Avatar for Akira Moroo retrage
2
210
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
180
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
140
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
6
550
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
10
37k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
880
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
1
180
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
1
340
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
160
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k

Transcript

  1. Crypto 101 @lvh

  2. @lvh [email protected]

  3. None
  4. None
  5. None

  6. POST /quantum HTTP/1.1

  7. None

  8. Lightning Talk Version

  9. In motion: TLS

  10. At rest: GPG

  11. (Py)NaCl KeyCzar cryptlib

  12. If you are typing the letters A-E-S into your code,

    you’re doing it wrong.

  13. DES: extra wrong MD5, SHA: maybe wrong

  14. Why stay?

  15. Recognizing wrong stuff still matters

  16. Understanding stuff still matters

  17. None
  18. None

  19. xor

  20. 1 ^ 0 == 1 0 ^ 1 == 1

  21. 1 ^ 1 == 0 0 ^ 0 == 0

  22. Invert? Input Output

  23. Invert: yes (1) Input: 1 Output: 0

  24. Invert: no (0) Input: 1 Output: 1

  25. One-time Pad

  26. 1110010101010110 1010100000111101 0100101010101010 ...

  27. OTP crypto XWCVPR

  28. Perfect secrecy

  29. 0? 1? 1

  30. 1? 0? 1

  31. None
  32. None
  33. None

  34. Victory!

  35. len(one_time_pad)

  36. == len(all_data_ever)

  37. == very_big_number

  38. Exchange?

  39. Ciphers

  40. Block Ciphers

  41. Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext

    Fixed size

  42. P C

  43. Random permutation

  44. 000: 001 001: 010 010: 111 011: 000 100: 110

    101: 011 110: 100 111: 101

  45. x, C(k, x) vs y, C(k, y)

  46. P C

  47. AES

  48. Blowfish/Twofish

  49. DES/3DES

  50. Victory!

  51. “Hello”

  52. with open(“x.jpg”) as f: send(f, you)

  53. Block Cipher

  54. len(message) > block_size

  55. aes.block_size == 128 (16 bytes)

  56. Stream Ciphers

  57. Native stream ciphers

  58. RC4

  59. Salsa20 ChaCha20

  60. Implemented as construction with block ciphers

  61. abcdefghijklmnopqrstuvw C k C k C k C k C

    k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {

  62. ECB

  63. plaintext chunk ciphertext chunk

  64. None
  65. None
  66. None
  67. None

  68. Replay Attacks

  69. None
  70. None

  71. Block Cipher Modes of Operation

  72. ECB, (P)CBC, CFB, OFB, CTR

  73. ECB, (P)CBC, CFB, OFB, CTR

  74. CBC

  75. Most common in the wild

  76. BEAST

  77. CTR

  78. {nonce}{count:08d}

  79. D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .

  80. C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...

  81. D1DC4D1FE3679212 0FD25C7B1CF46485 ...

  82. Keystream

  83. Pseudo-OTP

  84. GCM, EAX, OCB, IAPM, CCM, CWC

  85. GCM, EAX, OCB, IAPM, CCM, CWC

  86. PATENT PENDING

  87. Victory!

  88. None

  89. Key exchange?

  90. In person?

  91. None

  92. O(n2)

  93. Diffie-Hellman Key Exchange

  94. None

  95. = +

  96. = + +

  97. - =

  98. Internet Me You

  99. None

  100. + = + =

  101. None
  102. None

  103. + = + =

  104. = + + + +

  105. Victory!

  106. None

  107. Cease fire! ZSTAMUTJMEFFILH Cease fire!

  108. Attack at dawn! HUWKEMMQTXMR Attack at dawn!

  109. Authenticity

  110. sender == expected_sender

  111. message == expected_message

  112. Encryption without authentication

  113. Almost certainly wrong

  114. Attackers don’t need to decrypt to modify

  115. Cryptographic hash functions

  116. lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size

    Hash Function

  117. lorem ipsum 358d846c39 Hash Function

  118. lorem ipsum 358d846c39 Hash Function

  119. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  120. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  121. That’s it.

  122. H(x) can be used to compute H(f(x))

  123. Extension attacks

  124. hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()

  125. hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()

  126. my_string = “\nI am not attending, because I have switched

    to PHP”

  127. Payment processor

  128. MD5(secret + amount)

  129. $12.00: “1200”

  130. hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()

  131. bwall/HashPump

  132. SHA-3 era: fixed (SHA-3, BLAKE2)

  133. SHA-256, SHA-3 (both are fine)

  134. BLAKE2

  135. MAC

  136. H(x) can be used to compute H(f(x))

  137. MAC(k, x) says nothing about MAC(k, f(x))

  138. MAC(k, x) says nothing about MAC(k, y)

  139. HMAC

  140. hmac(k, hf, msg)

  141. import hmac

  142. Password storage

  143. CHFs are WRONG

  144. password 45ed8f8c31 Hash Function

  145. Brute force?

  146. None

  147. ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s

  148. None

  149. SHA-3?

  150. lorem ipsum 358d846c39 Hash Function

  151. SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)

  152. Salts?

  153. Dictionary attacks

  154. KDFs should be hard to compute

  155. bcrypt (tunably) time-hard

  156. scrypt time- and space-hard

  157. Sender authentication?

  158. None

  159. Public key Cryptography

  160. None
  161. None
  162. None

  163. Key generation

  164. me me you you

  165. me you

  166. Encryption

  167. PK Enc you hello world BXUWD VWQEF

  168. Decryption

  169. PK Dec you hello world BXUWD VWQEF you

  170. Signing

  171. Anyone can use my public key

  172. How do I know you’re you?

  173. PK Dec you Signature HF(m) you

  174. PK Enc you Signature HF(m)

  175. RSA

  176. Victory!

  177. “me” == actually me?

  178. Chains of signatures

  179. I don’t trust you.

  180. But X trusts you.

  181. And I trust X.

  182. So I trust you.

  183. GPG key signing

  184. SSL

  185. TLS

  186. None

  187. version, ciphersuites, ...

  188. Key exchange method (RSA, DH, ...)

  189. Signing algorithm (RSA, DSA, ECDSA)

  190. Bulk encryption algorithm (AES-CBC, RC4...)

  191. MAC algorithm (HMAC-{MD5, SHA2})

  192. version, ciphersuites, ...

  194. RSA Enc srvr random secret OUTDX BHXUS

  195. OUTDXBHXUS

  196. RSA Dec srvr random secret OUTDX BHXUS srvr

  197. random secret AES MAC random secret AES MAC

  198. MAC

  199. None

  200. Encrypted + Authenticated

  202. None

  203. CAs

  204. ...

  205. None

  206. valid vs trustworthy?

  207. valid vs trustworthy?

  208. What if I plant a root cert?

  209. sslbump

  210. ICAP/eCAP

  211. lvh/minitrue

  212. Questions?

  213. Timing attacks

  214. Side-channel

  215. Implementation, not theory

  216. None
  217. None
  218. None
  219. None
  220. None

  221. provided == password

  222. compare length

  223. compare byte by byte

  224. “abc” == “xyz”

  225. “abc” == “ayz”

  226. “abc” == “abz”

  227. len(alpha) ** len(pw)

  228. X * X * X * .... len(alpha) possibilities len(pwd)

    times

  229. k * len(alpha) * len(pw) possibilities measurements characters

  230. More TLS

  231. Client certificates

  232. Ephemeral Diffie-Hellman

  233. Elliptic Curves ECDH/ECDSA