Randall Degges
February 29, 2020
470

# Useful Cryptography, An Introduction

Cryptography is often thought of as a scary topic, but it doesn't have to be. In this talk, you'll learn about different types of useful cryptography, how they work (without needing a PhD in mathematics), and how to immediately start applying these concepts in your projects.

## Randall Degges

February 29, 2020

## Transcript

2. ### @rdegges @oktadev Hey, I'm Randall Builder Python / JS /

Go Hacker Author Open Source Chief Hacker @ Okta

crypto.

8. ### @rdegges @oktadev Hahes are great for information that you need

to verify but never persist. web server Email: r@rdegges.com Password: ilovemymom db Password: <hash(pw)> pwn3d! Password: ilovemymom I want to create an account.

10. ### @rdegges @oktadev There are two types of hashing algorithms. ??!?!

Cryptographic hash functions Password hash functions Oh my!
11. ### @rdegges @oktadev Cryptographic Hash Functions AKA: the fast ones ubuntu-18.04.2-desktop-amd64.iso

(1.9 GB) \$ sha1sum ubuntu-18.04.2-desktop-amd64.iso bcdb9099024c468047f3f31c7d23e68a35ea4de2 (3.176 seconds) ubuntu ubuntu-18.04.2-desktop-amd64.iso Hash: bcdb9099024c468047f3f31c7d23e68a35ea4de2
12. ### @rdegges @oktadev Cryptographic hash functions are useful for verifying the

integrity of data. MD5 (1991) SHA-1 (1995) SHA-2 (2001) SHA-3 (2015) BLAKE 2 (2012) *Latacora (2018) * Ron Rivest RSA!

"ilovemymom" db sha2("ilovemymom") sha2(pass) ??!?! Brute force! for pw in pw_generator(): if sha2(pw) == stolen_hash: print 'Password found!' Dictionary lists Sequential Breached password databases

15. ### @rdegges @oktadev Password hash functions are useful for storing sensitive

password data and keys. PBKDF2 (2000) bcrypt (1999) scrypt (2009) argon2 (2015) argon2i argon2d argon2id hash(pass) hash( )

19. ### @rdegges @oktadev The best way to generate random numbers is

/dev/urandom. OS kernel keyboard timings mouse movements storage timings random pool /dev/random /dev/urandom app OSX FreeBSD Linux NetBSD CSPRNG

24. ### @rdegges @oktadev Symmetric Encryption data secret ciphertext secret data ciphertext

Encryption Decryption Long, random string.
25. ### @rdegges @oktadev Symmetric encryption is useful in circumstances where you

can keep a trusted secret safe. web server AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY SIGNING_KEY ENCRYPTION_KEY ...
26. ### @rdegges @oktadev How should you do symmetric encryption? * Amazon

KMS *Latacora (2018) AWS Encryption SDK KMS master key(s) data data key encryption algorithm ciphertext encryption algorithm encrypted data key encrypted message
27. ### @rdegges @oktadev How should you do symmetric decryption? KMS master

key(s) data data key decryption algorithm ciphertext encrypted data key encrypted message decryption algorithm

29. ### @rdegges @oktadev Asymmetric encryption is useful in circumstances where you

need to exchange data securely between untrusted parties. inbox email rdegges.com tls
30. ### @rdegges @oktadev Asymmetric Encryption ciphertext data public key private key

Bob Alice ciphertext data public key private key shareable
31. ### @rdegges @oktadev How should you do asymmetric encryption? * NaCl/libsodium

*Latacora (2018) Box API Bob Alice public key private key public key private key box(bs, ap) ciphertext data box.encrypt(data)
32. ### @rdegges @oktadev How should you do asymmetric decryption? Bob Alice

public key private key public key private key ciphertext data box(as, bp) box.decrypt(c)