Being Boring: A Survivor's Guide to Ruby Cryptography

Transcript

1. None

2. @bascule TONY ARCIERI

3. None

4. How hard could it be? I JUST WANT TO ENCRYPT

   SOMETHING

5. HARD!

6. HOW HARD?

7. You Will Learn! TODAY

8. TODAY Attacks

9. Authenticated Encryption HOWTO TODAY Attacks

10. Authenticated Encryption HOWTO TODAY Attacks Avoiding The Problem By Letting

    Cryptographers Do The Hard Work For Us

11. RUBY OPENSSL

12. How does it work??? CRYPTO

13. MAGIC

14. MAGIC

15. MATH

16. SYMMETRIC MSG

17. SYMMETRIC

18. SYMMETRIC MSG

19. ASYMMETRIC MSG

20. ASYMMETRIC

21. ASYMMETRIC MSG

22. MATH + SECURITY

23. MATH + PROGRAMMING

24. MATH + BUGS

25. “Most codes were designed by dilettantes and amateurs with no

    grasp of the underlying mathematics. It really is quite pitiable.” ! —Neal Stephenson, Cryptonomicon

26. SYMMETRIC

27. AES

28. AES It’s great!*

29. AES It’s great!* *WARNING: Read all instructions before proceeding

30. AES Plaintext AES Block Cipher 16-byte block Key 16/24/32-bytes (Random)

    Ciphertext 16-byte block

31. HOW TO ENCRYPT >16 bytes?

32. PHP Use Rijndael!

33. None

34. RIJNDAEL-256 Plaintext Rijndael Block Cipher 32-byte block Key 16/24/32-bytes (Random)

    Ciphertext 32-byte block

35. HOW TO ENCRYPT >16 bytes?

36. NAIVE SOLUTION

37. ECB MODE

38. None
39. None
40. None

41. ECB MODE Key 16/24/32-bytes (Random) Plaintext ECB 16-byte block Ciphertext

    16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block

42. PROBLEM

43. PROBLEM ECB MODE LEAKS INFORMATION

44. None
45. None

46. SOLUTION

47. SOLUTION BLOCK CIPHER MODES OF OPERATION

48. CBC CFB OFB CTR

49. CBC CFB OFB CTR

50. CTR MODE Key 16/24/32-bytes (Random) Counter 1 AES Random Pad

    16-byte block Counter 2 AES Random Pad 16-byte block Counter 3 AES Random Pad 16-byte block Counter 4 AES Random Pad 16-byte block ⊕ ⊕ ⊕ ⊕ ⊕ Plaintext 16-byte block Plaintext 16-byte block Plaintext 16-byte block Plaintext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Nonce 16-bytes (Random)
51. None
52. None
53. None

54. SUCCESS! CONFIDENTIALITY

55. PROBLEM

56. PROBLEM REPEATING NONCES WILL LEAK INFORMATION

57. SOLUTION

58. SOLUTION DON’T DO THAT

59. PROBLEM

60. PROBLEM SUPPORT FOR CTR MODE IN RUBY OPENSSL IS SPOTTY

61. SOLUTION

62. SOLUTION USE CBC MODE

63. PROBLEM

64. PROBLEM ATTACKERS CAN CHANGE ENCRYPTED MESSAGES

65. PROBLEM MALLEABILITY

66. ATTACK AT DAWN CIPHERTEXT

67. ATTACK AT DAWN CIPHERTEXT ⊕ DAWN ⊕ DUSK CIPHERTEXT CHANGE

68. ATTACK AT DAWN CIPHERTEXT ⊕ DAWN ⊕ DUSK CIPHERTEXT CHANGE

    ATTACK AT DUSK

69. SOLUTION USE A MESSAGE AUTHENTICATION CODE (MAC)

70. SOLUTION AUTHENTICATED ENCRYPTION

71. MAC Message MAC Function Arbitrary length Key 16/32-bytes (Random) MAC

    “tag” 32-bytes (or more)

72. CMAC GMAC UMAC HMAC

73. CMAC GMAC UMAC HMAC

74. PROBLEM

75. PROBLEM WHAT ORDER DO WE ENCRYPT/MAC?

76. MAC-THEN-ENCRYPT PLAINTEXT CIPHERTEXT MAC Used by SSL/TLS

77. ENCRYPT-THEN-MAC PLAINTEXT CIPHERTEXT MAC Used by IPSEC

78. ENCRYPT-AND-MAC PLAINTEXT CIPHERTEXT MAC Used by SSH

79. WHICH ONE GOT IT RIGHT?

80. ENCRYPT-THEN-MAC PLAINTEXT CIPHERTEXT MAC Used by IPSEC

81. WHY?

82. MAC-THEN-ENCRYPT Used by SSL/TLS BEAST PADDING ORACLE

83. ENCRYPT-AND-MAC Used by SSH CHOSEN CIPHERTEXT ATTACKS

84. None

85. REVIEW • AES-CBC! • Encrypt-Then-MAC! • HMAC

86. None

87. WHAT ELSE COULD GO WRONG?

88. TIMING ATTACKS

89. None

90. PROBLEM THIS IS ALREADY GETTING CRAZY…

91. PROBLEM …AND WE HAVEN’T EVEN TALKED ABOUT PUBLIC KEY CRYPTO!

92. HOW CAN WE DO BETTER?

93. BE MORE BORING

94. NOT BORING Ruby OpenSSL A Bunch Of Crazy Code Written

    By Amateurs Crypto API

95. BORING Crypto Library Written By Cryptographers Crypto API

96. RbNaCl Ruby binding to the Networking and Cryptography Library by

    djb https://github.com/cryptosphere/rbnacl

97. https://github.com/jedisct1/libsodium

98. NaCl PRIMITIVES • Symmetric: SecretBox! • Asymmetric: Box! • And

    more!

99. SYMMETRIC MSG SECRETBOX

100. None

101. SecretBox • Cipher: XSalsa20! • MAC: Poly1305

102. WTF is XSalsa20? THAT’S NOT BORING!

103. BORING!

104. NOT BORING!

105. ASYMMETRIC MSG BOX

106. None

107. Box • Diffie-Hellman: Curve25519! • Cipher: XSalsa20! • MAC: Poly1305

108. DIFFIE-HELLMAN PUBLIC PRIVATE PRIVATE PUBLIC + + = = SHARED

     SECRET SHARED SECRET

109. THAT’S ALL FOLKS!

110. THAT’S ALL FOLKS! KEEP IT BORING!

111. LINKS • RbNaCl: https://github.com/cryptosphere/rbnacl! • NaCl: http://nacl.cr.yp.to! • Libsodium: https://github.com!

     • Twitter: @bascule