why you need cryptography - junade ali at php warwickshire
Post on 13-Apr-2017
872 Views
Preview:
TRANSCRIPT
Why You Need Cryptography
Junade Ali (@IcyApril)
What You Need To Know About
CryptographyJunade Ali (@IcyApril)
Back to Basics
This is a login form.
How do you store a password in a
database?
You hash it of course!• Hashes are one-way cryptographic
functions. Maps any data to a fixed length string.
• The hash should be non-invertible, it is infeasible to turn the hash back into the input.
• On a good algorithm, the Avalanche Effect means if you alter the input slightly, the output is completely different. This makes it harder to guess the input.
But how…?• Use a key derivation function like PBKDF2
or BCrypt.• That way the crypto is handled for you,
preventing homebrew insecure crypto.• Some would argue BCrypt is better than
PBKDF2 because it can’t be GPU accelerated.
PHP Password Functions
• PHP 5.5.0 made things easy:• password_hash - to hash passwords• password_verify - Check a password
matches the hash• password_needs_rehash - check if a hash
matches the algorithm supplied
Homebrew Crypto is Bad
• You’re probably not a cryptographer.• Real key derivation functions are peer
reviewed by mathematicians, cryptographers, computer scientists; professional and amateur alike.
• Complicated code doesn’t provide better security. Byte shuffling adds no security, neither does base64 encoding.
-Kerckhoffs's principle
“A cryptosystem should be secure even if everything about the system, except the
key, is public knowledge.”
-Shannon's maxim
"one ought to design systems under the assumption that the enemy will
immediately gain full familiarity with them"
-in layman’s terms
A strong cryptosystem is strong regardless of whether the algorithm is
known to the attacker.
Why We Salt
• Let’s hash a password without a salt:• echo sha1(“p4$$w0rd”);• 6c067b3288c1b5c791afa04e12fb013ed2e8
4d10
Rainbow TablesRainbow Tables are precomputed hashes.
Table from sha1.wisetock.com.
Dictionary Attack• Rainbow Tables help you do Dictionary
Attacks quicker.• You simply check if an unsalted hash
appears in a pre-computed database of hashes.
• If the hash is the same for every hash in the algorithm you can simply pre-compute a database of hashes using known passwords with that salt.
The Caveat…
• If a user’s password is not in any publicly known database of pre-computed hashes, it is secure from Rainbow Tables.
• Hence one reason why you should use strong unique passwords.
Therefore…• We hash our passwords.• We salt our hashes.• We use a unique salt for each password we
hash.• This is easily handled by the
password_hash function in PHP.
Hashes have other uses
• Hashes aren’t great for just for key derivation.
• One other use is in file integrity validation, this is particularly useful in SSL/TLS certificates.
A Ideal Hash Algorithm
• A hash must be easy to compute.• It must be impractical to turn the hash
back into the original input (non-invertible).
• The hash does not have two inputs which lead to the same (collision resistance).
Collision Resistance• Where h() is a hash function, a collision is
where h(A) = h(B), but A ≠ B.• Where two different inputs produce the
same hash.• They are inevitable given the pigeonhole
principle.
Pigeonhole Principle• Given a hash is a fixed length string there
are only a finite number of variations.• On the other hand the input can be
infinitely long.• Therefore there must be more than one
input which has the same hash output.• I.e. A collision is inevitable.
The Birthday Problem
• The chance of 2 people having the same birthday reaches 100% when you have 366 people according to the Pigeonhole Principle.
• However the probability reaches 99% with just 57 people.
The Birthday ProblemThe probability of two people with the same
birthday.
The Birthday Attack
• The Birthday Problem can be used to find hash collisions where amount of possible hashes (pigeonholes) are limited.
• Yuval’s Birthday Attack highlights this.
Yuval’s Birthday Attack
• Let n be the bit-length of a hash output.• With 2n/2 different permutations of the
original message compared to 2n/2 different permutations of a forged message; you should expect to find a collision.
TLS (very basic overview)
• Server has a CipherSuite ordering.• Client submits a list of supported ciphers and server
chooses the highest shared cipher (note SSLHonorCipherOrder in Apache or ssl_prefer_server_ciphers in Nginx).
• Certificate Chain, root certificates sign intermediaries which eventually sign a site. Server sends this certificate.
• Key exchange protocol to share keys for symmetric encryption (quicker than asymmetric).
• Integrity check using Message Authentication Code.
Best Practice with TLS
• Disabling SSL protocols (and only enabling TLS), note POODLE on SSLv3.
• HSTS (Strict Transport Security), enforced TLS with cached time period. Mitigates SSLStrip by Moxie Marlinspike.
• Forward Secrecy setting ciphers that support it to be preferred.
• Qualys SSLLabs tests are a good idea.
Symmetric Encryption
• Caesar Cipher. Simple offsets, easy to brute force.
• DES. Proceeded AES, insecure in a lot of applications.
• Rijndael (AES), TwoFish, Serpent.
Plausible Deniability• Stenography is the practice is hiding one file within
another. • The Rubberhose File System was written by Julian
Assange, Suelette Dreyfus, and Ralf Weinmann.• Available in VeraCrypt, the successor to TrueCrypt.• Uses the random padding data surrounding an
encrypted volume to create alternative encrypted volumes.
• Can be cascaded.• Initially designed for third world dictatorships, but found
a use in the UK due to RIPA.
Asymmetric Encryption
• Diffie-Hellman Key Exchange. Malcolm J. Williamson at GCHQ had already conceived this a year earlier.
• RSA. Named after Ron Rivest, Adi Shamir, and Leonard Adleman but was discovered by Clifford Cocks and James H. Ellis at GCHQ 3 years earlier.
• ECC (Elliptic Curve Cryptography). Entered wide use in 2004/2005.
Trapdoor Functions• Asymmetric encryption uses Trapdoor
Functions.• Easy to compute one way, hard the other
way.• For example it is easy to multiply 2 prime
numbers together, harder to find the prime factors.
RSA Revision• Select two prime numbers p & q.• n = pq. This is the modulus.• φ = (p-1)(q-1). This is the totient. • Calculate integer e where 1 < e < φ and the
greatest common divisor of e and φ is 1.• Calculate integer d where 1 < d < φ and the
congruency relation ed ≡ 1(mod φ) is satisfied.• Public key is n & e whereas the the private key is n
& d.
RSA Revision• Basic encrypt: me mod n• Basic decrypt: cd mod n• Fermat’s Little Theorem underlies this.• In real life padding is used.• Note: Mod is the modulo operator (% or
the fmod function in PHP).
The Problem• RSA and Diffie-Hellman rely on the Discrete
Logarithm Problem being difficult to solve.• RSA relies less heavily on the Discrete Log
Problem than Diffie-Hellman does.• If a discrete logarithm can be computed
easily, these forms of cryptography face an issue.
–Alex Stamos, CTO of Artemis in 2013
“Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for
encryption purposes in four to five years”
Concluding with ECCECC provides the only viable and reasonable
alternative to RSA and Diffie-Hellman so far.
ECC• Consists of points satisfying the equation:
y2=x3+ax+b• Faster (over 20 times!) than RSA.• Already has a Digital Signature alternative to
RSA called ECDSA.• But ECDSA does require a good source of
entropy, a decent source of (pseudo)random numbers is required.
• No mathematical proof of security. Question of whether one-way functions truly exist is open.
https://ju.je/cryptointro• A (Relatively Easy To Understand) Primer
on Elliptic Curve Cryptography (Nick Sullivan): https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
• Guide to Elliptic Curve Cryptography: http://math.boisestate.edu/~liljanab/MATH508/GuideEllipticCurveCryptography.PDF
top related