cryptography for the average developer
DESCRIPTION
This talk was presented at Day Camp for Developers Master Series 2012TRANSCRIPT
![Page 1: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/1.jpg)
CryptographyIn PHP
For The Average Developer
![Page 2: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/2.jpg)
Cryptography● Keeping Data Secure
○ Safe From Viewing○ Safe From Tampering○ Safe From Forgery
● Not A Silver Bullet○ XSS○ SQLI○ Social Engineering
● Very Hard To Do○ Any bug will cause problems
![Page 3: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/3.jpg)
The First Ruleof Cryptography
![Page 4: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/4.jpg)
Don't Do It!
![Page 5: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/5.jpg)
Leave ItFor
Experts
![Page 6: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/6.jpg)
Random!The Foundation of Cryptography
● Classified Under Three Types:○ Weak
■ For non-cryptographic usages○ Strong
■ For cryptographic usages where security does not depend on the strength of randomness
○ Cryptographically Secure■ For cryptographic usage when security does
depend on the strength of randomness
![Page 7: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/7.jpg)
Vulnerabilities of Randomness
● Bias○ Certain values tend to occur more often making it
easier to predict future numbers● Predictability
○ Knowing past numbers helps predict future numbers
● Poisoning○ Ability to alter future random number generation
![Page 8: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/8.jpg)
Weak Random in PHPNot to be used for cryptographic usages!!!
● rand()● mt_rand()● uniqid()● lcg_value()
![Page 9: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/9.jpg)
Strong Random in PHP
● mcrypt_create_iv()○ MCRYPT_DEV_URANDOM
● openssl_random_pseudo_bytes()
● /dev/urandom○ For *nix systems only
![Page 10: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/10.jpg)
Cryptographically Secure
● mcrypt_create_iv()○ MCRYPT_DEV_RANDOM
● openssl_random_pseudo_bytes()○ Maybe
● /dev/random○ For *nix systems only
![Page 11: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/11.jpg)
NEVERUse Weak
For Security
![Page 12: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/12.jpg)
NEVERUse CS
When Not Needed
![Page 13: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/13.jpg)
If In DoubtUse Strong
Randomness
![Page 14: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/14.jpg)
Encryption vs Hashing
● Encryption○ Encoding○ 2 Way / Reversible○ Putting a lock on a box
● Hashing○ Signing○ 1 Way / Non-Reversible○ Taking a person's finger-print
![Page 15: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/15.jpg)
Encryption
![Page 16: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/16.jpg)
Seriously,Don't Do It!
![Page 17: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/17.jpg)
Terms
● Key○ Secure string of data
● Plain-Text○ The text you want to keep secret
● Cipher-Text○ The encrypted output
![Page 18: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/18.jpg)
Two Basic Types
● Symmetric Encryption○ Like a Pad-Lock with a shared key○ The only secret is the key○ Both sides must have the same key
● Asymmetric Encryption○ Like a pair of Pad-Locks
■ The "lock" is the public key○ The only secret is the private key○ Both sides have their own key
![Page 19: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/19.jpg)
Symmetric Encryption 101
● Number:01
Scratch That
● Numbers:01 04 01 54 95 42 64 12
![Page 20: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/20.jpg)
Symmetric Encryption 101Let's Add A "Secret" Number!
01 04 01 54 95 42 64 12
+10
11 14 11 64 05 52 74 22
![Page 21: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/21.jpg)
Secret Numbers
● We just invented the Caesar Cipher○ Commonly known as "ROT13"
● But There Are Problems:○ Vulnerable To Statistical Attacks○ Vulnerable To Brute Forcing
■ Only 100 possible secret numbers!
![Page 22: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/22.jpg)
Symmetric Encryption 101I Know: Let's Add A Different Number!
01 04 01 54 95 42 64 12
+10 43 21 95 42 67 31 83
11 47 22 49 37 09 95 95
![Page 23: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/23.jpg)
How It WorksWe can generate the pads in two ways● Randomly
○ If we only use once, perfect security■ Known as a one-time-pad
○ If we use multiple times, same as caesar cipher
● With A Function○ Give one or two inputs
■ A key, and an "input"○ Generates a "stream" of pseudo random
numbers
![Page 24: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/24.jpg)
Ciphers● Take 2 inputs
○ A secret key○ An "input"
● Produces Pseudo-Random Output○ Looks random (statistically)○ Is deterministic
■ Reproducible given same inputs
![Page 25: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/25.jpg)
Modes● Multiple ways to use the keystream
● Each way is known as a "Mode"
● Some are secure○ Others are not
![Page 26: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/26.jpg)
ECBElectronic Code Book
● Uses plain-text as "input"
● Uses output as cipher-text
● VERY BROKEN!!!
![Page 27: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/27.jpg)
ECB
![Page 28: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/28.jpg)
CBCCipher Block Chaining● Uses an "Initialization Vector"
○ Helps "randomize" the plain-text○ Ensures no non-unique blocks○ Does NOT need to be secret
● Chains each block together○ Propagating the generated "randomness"
● Plain-Text Must Be Padded○ To a multiple of block-size
● Secure!
![Page 29: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/29.jpg)
CBC
![Page 30: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/30.jpg)
CFBCipher FeedBack● Uses an "Initialization Vector"
● Plain-Text never enters cipher○ Does not need to be padded
● "Decrypt" Is Never Used
● Secure!
![Page 31: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/31.jpg)
CFB
![Page 32: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/32.jpg)
Ciphers● AES 128 & 256
○ Standard■ NIST Approved
○ Also Known As RIJNDAEL-128■ 128 here refers to "block size"
○ Very Strong○ Note, the number after AES is *key size*
● Blowfish● TwoFish● Serpent
![Page 33: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/33.jpg)
AuthenticationHow do you know it wasn't tampered with / came from your friend?● HMAC
○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC
○ Always MAC after encryption
![Page 34: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/34.jpg)
All Together Now!
![Page 35: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/35.jpg)
Encrypt$key = 'xxxxxxxxxxxxxxxx';
$authKey = 'XXXXXXXXXXXXXX';
$plain = 'This is plain text that I am going to encrypt';
$size = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_128,
MCRYPT_MODE_CFB
);
$iv = mcrypt_create_iv(
$size,
MCRYPT_DEV_URANDOM
);
$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128,
$key,
$plain,
MCRYPT_MODE_CFB,
$iv
);
$auth = hash_hmac('sha512', $cipherText, $authKey, true);
$encrypted = base64_encode($iv . $cipherText . $auth);
![Page 36: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/36.jpg)
Decrypt$key = 'xxxxxxxxxxxxxxxx';
$authKey = 'XXXXXXXXXXXXXX';
$size = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_128,
MCRYPT_MODE_CFB
);
$encrypted = base64_decode($encrypted);
$iv = substr($encrypted, 0, $size);
$auth = substr($encrypted, -64);
$cipherText = substr($encrypted, $size, -64);
if ($auth != hash_hmac('sha512', $cipherText, $authKey, true)) {
// Auth Failed!!!
return false;
}
$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128,
$key,
$cipherText,
MCRYPT_MODE_CFB,
$iv
);
![Page 37: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/37.jpg)
Please Don't Do It!● Notice How Much Code It Took○ Without error checking
● Notice How Complex It Is○ Without flexibility
● Notice How Easy To Screw Up○ Without Key Storage
● Notice How Many Decisions To Make
![Page 38: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/38.jpg)
If you MUST,Use a Library
![Page 39: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/39.jpg)
Common Encryption Needs
● Between Client / Server○ Use SSL○ Really, just use SSL○ I'm not kidding, just use SSL
● Storage○ Use disk encryption○ Use database encryption
![Page 40: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/40.jpg)
Really,Don't Do It!
![Page 41: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/41.jpg)
Encryption Resources● Zend Framework Encryption○ Very good and complete lib○ ZF2■ Zend\Crypt\BlockCipher
● PHP Sec Lib○ phpseclib.sourceforge.net○ Pure PHP
● Not Many Others○ Beware of online tutorials!!!
![Page 42: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/42.jpg)
PasswordStorage
![Page 43: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/43.jpg)
PasswordsShould BeHASHED!
Not Encrypted!
![Page 44: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/44.jpg)
Password Hashes● Use A Salt○ Defeats Rainbow Tables○ Makes Each Hash a "Proof Of Work"○ Should be random!■ Strong Randomness
● Should Be SLOW!○ Salt is not enough○ Salted SHA256: 11 BILLION per second○ bcrypt: 3200 per second
![Page 45: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/45.jpg)
Good Algorithms
crypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
![Page 46: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/46.jpg)
Cost Parameter● Target: 0.25 - 0.5 Seconds○ As slow as you can afford
● Depends on hardware○ Test it!
● Good Defaults:○ BCrypt: 10○ PBKDF2: 10,000
![Page 47: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/47.jpg)
SimplifiedPasswordHashing
![Page 48: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/48.jpg)
New API for 5.5● string password_hash($pass, $algo, array $options =
array())
○ Generates Salt, hashes password
● bool password_verify($pass, $hash)○ Verifies Hash with Password
● bool password_needs_rehash($hash, $algo, array $options = array())
○ Determines if the hash is the same as specified by algo and options
● array password_get_info($hash)○ Returns information about the hash
![Page 49: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/49.jpg)
Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}
function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
![Page 50: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/50.jpg)
Hashing Resources● PHP 5.5 API
○ wiki.php.net/rfc/password_hash● Password Compat
○ PHP 5.5 Compatibility○ github/ircmaxell/password_compat
● PasswordLib○ 5.3+, Multiple Algorithms, Portable○ github/ircmaxell/PHP-PasswordLib
● PHPASS○ PHP 4+○ openwall.com/phpass
![Page 51: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/51.jpg)
Seriously,Hire an Expert!
![Page 52: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/52.jpg)
You Have BeenWarned
![Page 53: Cryptography For The Average Developer](https://reader034.vdocuments.site/reader034/viewer/2022051411/540604578d7f72a6768b503a/html5/thumbnails/53.jpg)
Questions?
Comments?
Snide Remarks?