Enough Cryptography to Be Dangerous

E79da0981ef1f312f9ba7d4331653992?s=47 Steve Marx
August 09, 2016

Enough Cryptography to Be Dangerous

This introductory talk aims to demystify cryptography. We’ll define and discuss concepts such as password hashing, cryptographic signatures, and encryption. We’ll also work through examples of what tool to use for what kind of job. This talk won’t make you an expert in cryptography, but it will give you working knowledge and a jumping off point to learn more on your own.

E79da0981ef1f312f9ba7d4331653992?s=128

Steve Marx

August 09, 2016
Tweet

Transcript

  1. None
  2. Enough Cryptography to Be Dangerous Steve Marx @smarx

  3. None
  4. None
  5. I’m perfectly qualified to give this talk • Not an

    expert • Definitely dangerous
  6. My goals • Get you interested in cryptography • Get

    you familiar with concepts and terminology • Encourage use of known, tested solutions
  7. http://www.collegehumor.com/post/6867508

  8. Secrets • Unguessable random numbers • GUID example: f82038a2-ddf4-4cad-b8c1-b7346f34c69c •

    340,282,366,920,938,463,463,374,607,431,768,211,456 possiblities • If you generate 10 trillion GUIDs this year… • Passwords • Threats • Online attacks • Offline attacks
  9. Hash functions • One-way function • Maps arbitrary data to

    a fixed-size bit string • Bad (for cryptography) example: f(x) = f mod 100 • Cryptographic hash functions • Given h, it should be hard to find m such that h = hash(m) • Given m1 , it should be hard to find m2 such that hash(m1 ) = hash(m2 ) • It should be hard to find m1 and m2 such that hash(m1 ) = hash(m2 ) • Good example: SHA256
  10. Password hashing • Cryptographic hash function + expensive • “Expensive”

    is relative, ideally has configurable work factor • Salt: random additional input to the hash • Prevents cracking with a precomputed table • Good example: bcrypt
  11. How would you attack this? isit(password) à boolean • 20-character

    password, all uppercase letters • 2620 = 19,928,148,895,209,409,152,340,197,376 possibilities • My laptop can guess 500,000 passwords per second • 1.2 quadrillion years to guess them all • I wrote a program to do it in 4 minutes
  12. DEMO Timing attack

  13. Implementation of isit(password) def isit(text): for i in range(len(password)): if

    len(text) <= i: return False if text[i] != password[i]: return False return len(text) == len(password)
  14. Timing attacks • The time your algorithm takes can be

    source of leaks • Don’t hash and compare, use a provided “check” method >>> bcrypt.hashpw(b'correct horse battery staple', salt=bcrypt.gensalt(rounds=12)) b'$2b$12$qeYnf…' >>> bcrypt.checkpw(b'correct horse battery staple', b'$2b$12$qeYnf…') True
  15. DEMO Time for a card trick!

  16. $2b$15$bSEHlFk8N0EeVRHnGRwio.RClRZUfz5FWb79ewxky4H6FUkM8/25m

  17. Encryption • Encode a message such that only authorized parties

    can read it • Unguessable key • Infeasible to break without knowing the key • Two major types • Symmetric key • Public key
  18. Symmetric encryption • Same key (shared secret) used for encryption

    and decryption • One-time pad • Provably perfect • Random bit string at least the length of the message • XOR message and OTP together • Good example: AES
  19. Public key encryption • Public key / private key •

    Things encrypted with one can be decrypted by the other • Rely on some process difficult to reverse • Integer factorization • Discrete logarithm • Elliptic curve relationships • Sometimes used just to establish a symmetric “session” key • Good example: RSA
  20. Key exchange • How do two people agree on a

    key over an insecure channel? • Good example: Diffie-Hellman key exchange
  21. Diffie-Hellman example p = 23, g = 5 ALICE chooses

    a=6, computes A = ga mod p = 56 mod 23 = 8 ALICE tells Bob 8 BOB chooses b=15, computes B = gb mod p = 515 mod 23 = 19 BOB tells Alice 19 ALICE computes s = Ba mod p = 196 mod 23 = 2 BOB computes s = Ab mod p = 815 mod 23 = 2
  22. Signatures • HMAC • Keyed-hash message authentication code • Don’t

    do this: SHA256(secret + message) • Or this: SHA256(message + secret) • Or this: SHA256(secret + message + secret) • See “length extension attack”
  23. Time-based one-time passwords (TOTP) • Used for 2-factor authentication, e.g.

    Google Authenticator • Roughly HMAC-SHA1(secret, timestamp)
  24. None
  25. None
  26. None
  27. ORUGC5DDN5XGMZLSMVXGGZI=

  28. Python implementation of TOTP data = struct.pack('>Q', int(time.time()) // 30)

    signature = hmac.new(secret, data, hashlib.sha1).digest() offset = signature[-1] & 0xF b = bytearray(signature[offset:offset+4]) b[0] &= 0x7F print('{:0>6}'.format( struct.unpack('>L', b)[0] % 10**6))
  29. JSON web tokens (JWT) • Message is JSON • Signature

    concatenated to message
  30. Python implementation of JWT header = b64(j({ "alg": "HS256", "typ":

    "JWT" })) payload = b64(j({ "username": "smarx", "admin": True })) signature = b64(hmac.new(b"secret", header + b"." + payload, hashlib.sha256).digest()) print(".".join(s.decode("utf-8") for s in (header, payload, signature)))
  31. Summary • There are lots of GUIDs • Good cryptographic

    hash function: SHA256 • Good password hash function: bcrypt • Symmetric encryption: AES • Public key encryption: RSA • Me: @smarx, smarx@smarx.com
  32. None