Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto 101 by Laurens Van Houtven

Avatar for PyCon 2013 PyCon 2013
March 16, 2013
Programming
10
1.6k

Crypto 101 by Laurens Van Houtven

Avatar for PyCon 2013

PyCon 2013

March 16, 2013
Tweet

More Decks by PyCon 2013

See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
Avatar for PyCon 2013 pyconslides
32
6.6k
Python for Humans
Avatar for PyCon 2013 pyconslides
40
6.8k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
Avatar for PyCon 2013 pyconslides
11
2.1k
ApplePy: An Apple ][ emulator in Python by James Tauber
Avatar for PyCon 2013 pyconslides
3
1.7k
Use curses, don't swear by Sean Zicari
Avatar for PyCon 2013 pyconslides
2
1.5k
Namespaces in Python by Eric Snow
Avatar for PyCon 2013 pyconslides
9
2k
Internationalization and Localization Done Right by Ruchi Varshney
Avatar for PyCon 2013 pyconslides
9
1.2k
"Good Enough" is good enough! by Alex Martelli
Avatar for PyCon 2013 pyconslides
13
2.6k
Plover: Thought to Text at 240 WPM by Mirabai Knight
Avatar for PyCon 2013 pyconslides
1
1.3k

Other Decks in Programming

See All in Programming
CSC307 Lecture 02
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
780
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
Avatar for tasshi tasshi
0
210
登壇資料を作る時に意識していること #登壇資料_findy
Avatar for konifar konifar
4
1.6k
dchart: charts from deck markup
Avatar for Anthony Starks ajstarks
3
1k
コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor
Avatar for petamoriken / 森建 petamoriken
0
210
AIと一緒にレガシーに向き合ってみた
Avatar for nyafunta9858 nyafunta9858
0
250
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
Avatar for Haochen Kotoi-Xie haochenx
0
140
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
Avatar for MomokoShirakawa momok47
0
200
CSC307 Lecture 09
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
840
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
Avatar for ahu ahuglajbclajep
5
1k
24時間止められないシステムを守る-医療ITにおけるランサムウェア対策の実際
Avatar for kouki.miura koukimiura
1
110
AIフル活用時代だからこそ学んでおきたい働き方の心得
Avatar for shinoyu shinoyu
0
140

Featured

See All Featured
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
440
The Language of Interfaces
Avatar for Des Traynor destraynor
162
26k
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
350
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
1
56
The SEO identity crisis: Don't let AI make you average
Avatar for Varn varn
0
290
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
The Spectacular Lies of Maps
Avatar for Per Axbom axbom
PRO
1
520
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
660
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k

Transcript

  1. Crypto 101 @lvh

  2. @lvh [email protected]

  3. None
  4. None
  5. None

  6. POST /quantum HTTP/1.1

  7. None

  8. Lightning Talk Version

  9. In motion: TLS

  10. At rest: GPG

  11. (Py)NaCl KeyCzar cryptlib

  12. If you are typing the letters A-E-S into your code,

    you’re doing it wrong.

  13. DES: extra wrong MD5, SHA: maybe wrong

  14. Why stay?

  15. Recognizing wrong stuff still matters

  16. Understanding stuff still matters

  17. None
  18. None

  19. xor

  20. 1 ^ 0 == 1 0 ^ 1 == 1

  21. 1 ^ 1 == 0 0 ^ 0 == 0

  22. Invert? Input Output

  23. Invert: yes (1) Input: 1 Output: 0

  24. Invert: no (0) Input: 1 Output: 1

  25. One-time Pad

  26. 1110010101010110 1010100000111101 0100101010101010 ...

  27. OTP crypto XWCVPR

  28. Perfect secrecy

  29. 0? 1? 1

  30. 1? 0? 1

  31. None
  32. None
  33. None

  34. Victory!

  35. len(one_time_pad)

  36. == len(all_data_ever)

  37. == very_big_number

  38. Exchange?

  39. Ciphers

  40. Block Ciphers

  41. Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext

    Fixed size

  42. P C

  43. Random permutation

  44. 000: 001 001: 010 010: 111 011: 000 100: 110

    101: 011 110: 100 111: 101

  45. x, C(k, x) vs y, C(k, y)

  46. P C

  47. AES

  48. Blowfish/Twofish

  49. DES/3DES

  50. Victory!

  51. “Hello”

  52. with open(“x.jpg”) as f: send(f, you)

  53. Block Cipher

  54. len(message) > block_size

  55. aes.block_size == 128 (16 bytes)

  56. Stream Ciphers

  57. Native stream ciphers

  58. RC4

  59. Salsa20 ChaCha20

  60. Implemented as construction with block ciphers

  61. abcdefghijklmnopqrstuvw C k C k C k C k C

    k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {

  62. ECB

  63. plaintext chunk ciphertext chunk

  64. None
  65. None
  66. None
  67. None

  68. Replay Attacks

  69. None
  70. None

  71. Block Cipher Modes of Operation

  72. ECB, (P)CBC, CFB, OFB, CTR

  73. ECB, (P)CBC, CFB, OFB, CTR

  74. CBC

  75. Most common in the wild

  76. BEAST

  77. CTR

  78. {nonce}{count:08d}

  79. D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .

  80. C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...

  81. D1DC4D1FE3679212 0FD25C7B1CF46485 ...

  82. Keystream

  83. Pseudo-OTP

  84. GCM, EAX, OCB, IAPM, CCM, CWC

  85. GCM, EAX, OCB, IAPM, CCM, CWC

  86. PATENT PENDING

  87. Victory!

  88. None

  89. Key exchange?

  90. In person?

  91. None

  92. O(n2)

  93. Diffie-Hellman Key Exchange

  94. None

  95. = +

  96. = + +

  97. - =

  98. Internet Me You

  99. None

  100. + = + =

  101. None
  102. None

  103. + = + =

  104. = + + + +

  105. Victory!

  106. None

  107. Cease fire! ZSTAMUTJMEFFILH Cease fire!

  108. Attack at dawn! HUWKEMMQTXMR Attack at dawn!

  109. Authenticity

  110. sender == expected_sender

  111. message == expected_message

  112. Encryption without authentication

  113. Almost certainly wrong

  114. Attackers don’t need to decrypt to modify

  115. Cryptographic hash functions

  116. lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size

    Hash Function

  117. lorem ipsum 358d846c39 Hash Function

  118. lorem ipsum 358d846c39 Hash Function

  119. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  120. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  121. That’s it.

  122. H(x) can be used to compute H(f(x))

  123. Extension attacks

  124. hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()

  125. hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()

  126. my_string = “\nI am not attending, because I have switched

    to PHP”

  127. Payment processor

  128. MD5(secret + amount)

  129. $12.00: “1200”

  130. hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()

  131. bwall/HashPump

  132. SHA-3 era: fixed (SHA-3, BLAKE2)

  133. SHA-256, SHA-3 (both are fine)

  134. BLAKE2

  135. MAC

  136. H(x) can be used to compute H(f(x))

  137. MAC(k, x) says nothing about MAC(k, f(x))

  138. MAC(k, x) says nothing about MAC(k, y)

  139. HMAC

  140. hmac(k, hf, msg)

  141. import hmac

  142. Password storage

  143. CHFs are WRONG

  144. password 45ed8f8c31 Hash Function

  145. Brute force?

  146. None

  147. ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s

  148. None

  149. SHA-3?

  150. lorem ipsum 358d846c39 Hash Function

  151. SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)

  152. Salts?

  153. Dictionary attacks

  154. KDFs should be hard to compute

  155. bcrypt (tunably) time-hard

  156. scrypt time- and space-hard

  157. Sender authentication?

  158. None

  159. Public key Cryptography

  160. None
  161. None
  162. None

  163. Key generation

  164. me me you you

  165. me you

  166. Encryption

  167. PK Enc you hello world BXUWD VWQEF

  168. Decryption

  169. PK Dec you hello world BXUWD VWQEF you

  170. Signing

  171. Anyone can use my public key

  172. How do I know you’re you?

  173. PK Dec you Signature HF(m) you

  174. PK Enc you Signature HF(m)

  175. RSA

  176. Victory!

  177. “me” == actually me?

  178. Chains of signatures

  179. I don’t trust you.

  180. But X trusts you.

  181. And I trust X.

  182. So I trust you.

  183. GPG key signing

  184. SSL

  185. TLS

  186. None

  187. version, ciphersuites, ...

  188. Key exchange method (RSA, DH, ...)

  189. Signing algorithm (RSA, DSA, ECDSA)

  190. Bulk encryption algorithm (AES-CBC, RC4...)

  191. MAC algorithm (HMAC-{MD5, SHA2})

  192. version, ciphersuites, ...

  194. RSA Enc srvr random secret OUTDX BHXUS

  195. OUTDXBHXUS

  196. RSA Dec srvr random secret OUTDX BHXUS srvr

  197. random secret AES MAC random secret AES MAC

  198. MAC

  199. None

  200. Encrypted + Authenticated

  202. None

  203. CAs

  204. ...

  205. None

  206. valid vs trustworthy?

  207. valid vs trustworthy?

  208. What if I plant a root cert?

  209. sslbump

  210. ICAP/eCAP

  211. lvh/minitrue

  212. Questions?

  213. Timing attacks

  214. Side-channel

  215. Implementation, not theory

  216. None
  217. None
  218. None
  219. None
  220. None

  221. provided == password

  222. compare length

  223. compare byte by byte

  224. “abc” == “xyz”

  225. “abc” == “ayz”

  226. “abc” == “abz”

  227. len(alpha) ** len(pw)

  228. X * X * X * .... len(alpha) possibilities len(pwd)

    times

  229. k * len(alpha) * len(pw) possibilities measurements characters

  230. More TLS

  231. Client certificates

  232. Ephemeral Diffie-Hellman

  233. Elliptic Curves ECDH/ECDSA