1.Cryptography in Zend Framework 2Enrico ZimuelSenior PHP EngineerZend Framework TeamZend TechnologiesUncon 9th June, Dutch PHP Conference 2012

2. ZendCryptZendCrypt is a new component of ZF2(>= 2.0.0beta4)Facilitates the usage of cryptography in PHPprojectsSupports strong cryptography (standards +best practices) 3. ZendCrypt: main featuresSymmetric encryption/decryption +authenticationPublic key cryptographyKey Derivation Function (PBKDF2, Salted2SK)Secure password hashing (bcrypt)HashHash-based Message Authentication Code(HMAC) 4. Supported algorithmsMcrypt: AES (Rijndael-128), Rijndael-192/256,Blowfish, Twofish, DES, 3DES, CAST-128/256,Saferplus, Serpent,OpenSSL: RSA, Diffie HellmanPBKDF2, Salted2SKBcryptHash/HMAC functions provided by PHP: MD5, SHA-1/224/256/384/512, RIPEMD, TIGER, AVAL, ... 5. ZendCrypt componentsZendCryptSymmetricMcryptZendCryptPublicKeyRsaZendCryptPublicKeyDiffieHellmanZendCryptPasswordZendCryptKeyDerivationZendCryptBlockCipherZendCryptHashZendCryptHmac 6. Encryption + authenticationZendCryptBlockCipherDefault: AES encryption in CBC mode HMAC authentication (SHA-256) Random IV for each encryption PKCS7 padding (RFC 5652) PBKDF2 for key derivation (encrypt and auth) Prevent timing attacks 7. Example: encrypt/decryptuse ZendCryptBlockCipher;use ZendCryptBlockCipher;$cipher = BlockCipher::factory(mcrypt,$cipher = BlockCipher::factory(mcrypt, array(algorithm => aes) array(algorithm => aes)););$cipher->setKey(this is the encryption key);$cipher->setKey(this is the encryption key);$text$text= This is the message to encrypt;= This is the message to encrypt;$encrypted = $cipher->encrypt($text);$encrypted = $cipher->encrypt($text);printf("Encrypted text: %sn", $encrypted);printf("Encrypted text: %sn", $encrypted);$text$text= $cipher->decrypt($encrypted);= $cipher->decrypt($encrypted);printf("Decrypted text: %sn", $text);printf("Decrypted text: %sn", $text); 8. Encryption formatEncryption = HMAC . IV . ENCRYPTMSG is the message to encryptKEY is the encryption key (by PBKDF2)AUTH is the authentication key (by PBKDF2)ENCRYPT = AES(MSG, KEY)HMAC = HMAC(sha256, AUTH, AES . IV . ENCRYPT)IV = random 9. How to store a password?More than 6 million LinkedIn passwordsstolen 7th July 2012, cnnmoney.comDont use only an hash algorithm (dictionaryattacks)Even using a salt is insecure (brute forceattacks) 10. How to safely store a passwordbcrypt is an adaptive cryptographic hashfunction for passwordsIts considered secure because is slow(prevent dictionary attacks)Implemented using crypt() of PHPIt uses a parameter, the workload (or cost)that specify the amount of workMore work means more secure hash value 11. Example: usage of bcryptuse ZendCryptPasswordBcrypt;use ZendCryptPasswordBcrypt;$bcrypt$bcrypt = new Bcrypt();= new Bcrypt();$password = $bcrypt->create(password);$password = $bcrypt->create(password);printf ("Password: %sn", $password);printf ("Password: %sn", $password);The output ($password) is a string of 60 bytesThe default value of the working factor is 14 12. The bcrypt workload 13. Check for valid passwordsuse ZendCryptPasswordBcrypt;use ZendCryptPasswordBcrypt;$bcrypt$bcrypt = new Bcrypt(); = new Bcrypt();$password = $_POST[password];$password = $_POST[password];$hash$hash = ; // i.e. get from a database = ; // i.e. get from a databaseif ($bcrypt->verify($password, $hash)) {if ($bcrypt->verify($password, $hash)) { echo The password is valid; echo The password is valid;} else {} else { Echo The password is not valid; Echo The password is not valid;}} 14. Key Derivation FunctionNEVER USE users password as crypto key!Key Derivation Function generatescryptographic keys based on userspasswordsPBKDF2 is a KDF (RFC 2898, PKCS #5 v2.0) 15. PBKDF2PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMACto the input password or passphrase along witha salt value and repeats the process many timesto produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching From Wikipedia 16. Example: Pbkdf2use ZendCryptKeyDerivationPbkdf2,use ZendCryptKeyDerivationPbkdf2,ZendMathMath;ZendMathMath;$salt = Math::randBytes(32);$salt = Math::randBytes(32);$pass = this is the password of the user;$pass = this is the password of the user;$hash = Pbkdf2::calc(sha256, $pass, $salt, 10000, 32);$hash = Pbkdf2::calc(sha256, $pass, $salt, 10000, 32);It generates a crypto key of 32 bytes usingSHA-256 + random salt with an interation of10000 times 17. How many iterations we need?It depends on the CPU power that you useSuggestion: use at least 1 sec. of computationUsing an Intel Core i5 CPU at 3.3Ghz you needat least 100000 iterations to get about 1 sec.of computation 18. ZF2 random number generatorZendMathMath::randBytes($length, $strong = false)ZendMathMath::rand($min, $max, $strong = false)Fallback strategy:1) If OpenSSL: openssl_random_pseudo_bytes()2) If Mcrypt: mcrypt_create_iv()3) If (!$strong): mt_rand()4) else throwing exception Cannot generatestrong random numbers 19. Some referencesNiels Ferguson, Bruce Schneier, and Tadayoshi Kohno Cryptography Engineering John Wiley & Sons, 2010Dan Boneh, Cryptography Course, Stanford University,Coursera free online coursesCoda Hale, How to safely store a passwordZend Framework 2Anthony Ferrara, PHP-CryptLibE.Zimuel Cryptography in PHP Web & PHP Magazine, Issue2/2012E.Zimuel Cryptography made easy with Zend Framework 20. Thanks!Contacts: enrico@zend.com @ezimuel