Blue Orange
Session:
Encryption
Bil Corrylasso.pro
Caveat Emptor
I am not a cryptographer
I only have a rudimentary understanding of cryptography
When in doubt, hire a professional
Encryption is strong, yet fragile
Works well when implemented correctly
Easy to get wrong = broken implementation = insecure
encryption
When there's a breach, keys have to be swapped out
Advice from Experts
Never create/implement your own cipher
Do not implement an encryption scheme using low-level APIs
(OpenSSL, etc)
Use a high-level API such KeyCzar, GPGME, or
cryptlibhttp://www.keyczar.org/
http://www.gnupg.org/gpgme.html
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
High-Level APIs
Abstract technical details
Safe defaults for key lengths, algorithms, and modes
Allow for key rotation and versioning
Automated generation of initialization vectors and other setup
requirements
Encryption Gone Bad
The default Pseudo Number Random Generator (PNRG) not suited for
encryptionUse the following instead:Java:
java.security.SecureRandom
Unix: /dev/urandom
Windows: CryptGenRandom or RtlGenRandom from ADVAPI32.DLL
Encryption Gone Bad (cont)
Block Cipher ModesOFB, CFB, CTR fatal if output or counter
reused
CCM, EAX, GCM, OCB fatal if IV reused
ECB:
ECB-encrypted image of Tux
Plaintext image of Tux
Image of Tux encrypted in other (chained) modes
From:
http://www.subspacefield.org/security/security_concepts/
Encryption Gone Bad (cont)
Encrypting IDs sent roundtrip to client doesn't protect from
tampering (integrity)Use HMAC to verify hasn't been tampered
with
Custom hash constructionshash(key + data) open to length
extension attack to determine the key use HMAC instead
Encryption Gone Bad (cont)
Many real-world examples of popular webapps getting crypto
wrong:WSJ.com authentication flaws
Wordpress Cookie Integrity Vulnerability
Amazon Web Services v1 lacked structure for data
Types of Encryption
Symmetric
Asymmetric
HashMessage Authentication Code (MAC)
Symmetric
Secret key used to both encrypt and decrypt
Examples:Blowfish
DES
3DES
AES
Symmetric Example
[Encode_Hex(Cipher_Encrypt('Data',-Cipher='CAST5-CBC',-Key='supersecretpassword'));
'
';
Cipher_Decrypt(Decode_Hex('D7BF2BE2EA29D2C9'),-Cipher='CAST5-CBC',-Key='supersecretpassword');]
LP8: D7BF2BE2EA29D2C9 Data
Asymmetric
Public/Private Key Cryptography
Encrypt with public key to send over insecure channel that only
can be decrypted with the private key
Encrypt with the private key, the public key can decrypt to
verify the authenticity of the signer
Examples:SSL, PGP, S/MIME
Asymmetric Example
Currently in Lasso, you would need to use [os_process] to use
PGP or similar command-line tool to sign/encrypt using
public/private keys.
Hash
One-way algorithm
Used as an integrity check, storing passwords
Examples:MD5
SHA-1
SHA-256
Hash
The ideal cryptographic hash function has four main
properties:it is easy to compute the hash value for any given
message,
it is infeasible to find a message that has a given hash,
it is infeasible to modify a message without changing its
hash,
it is infeasible to find two different messages with the same
hash.
Hash Example
[encode_hex(cipher_digest('Data',-digest='RIPEMD160'))]
LP8: 934C399FC545B1C385E96CC30EFE8321B84F107C
Rainbow Table Attack
Rainbow tables contain pre-computed hashes of most likely
secrets allows quick reversing of a hash
Example:934C399FC545B1C385E96CC30EFE8321B84F107C = Data
Use a 'salt' to defeat rainbow tables
Iterate hash 1000 times or more key strengthening
Message Authentication Code (MAC)
Similar to hash, but takes a secret key
Protects integrity and authenticity
Secret key used to create MAC and validate its authenticity
HMAC is MAC using a specific algorithm (RFC 2104)
HMAC Example
[Encrypt_HMAC('Data','supersecretpassword',-Digest='SHA1',-Cram)]
LP8: 13c6e2d6bafbbed0723a00a61f79cde424cb83b7
Recommendations for Lasso
SSL for transport
Do not use JavaScript encryption
Symmetric (data at rest)[encrypt_blowfish]
[cipher_encrypt(-cipher='CAST5-CBC')]
Hash (passwords)[cipher_digest(-cipher='RIPEMD160')]
Recommendations for Lasso
HMAC (roundtrip public data, w/symmetric encryption for
roundtrip secret data)[Encrypt_HMAC(-Digest='SHA1')]
Remember to allow for key rotation, key revocation, and
algorithm changes
Use a unique salt for every hash
Use key strengthening of at least 1000 for hashes of
passwords
Protect keys!
Don't Do This
Store passwords in plaintext
Use the same salt for all passwords
Use MD5 for anything
Use ECB mode
Re-use keys for different purposes
Create your own cipher
CarTalk: The Puzzler
2007-12-17
Imagine you have a friend who lives in Russia where the KGB
spies on everyone and everything and you want to send a valuable
object to this friend. So you have a box which is more than large
enough to contain the object and you have several locks with
keys.
Now this box, I suppose you could call it a strongbox, has a
lock ring which is more than large enough to have a padlock
attached to it. In fact it's large enough to accommodate several
locks. But your friend does not have to the key to any lock that
you have. Now you can't send a key in the mail because the KGB will
intercept it and they will copy it. And you can't not lock the box,
because the object is very valuable. So you have to send it through
the mail. You can't hand deliver it. You want to lock it so that
your friend can open it, but the KGB can't.
The question is, how would you do it?
From:
http://www.cartalk.com/content/puzzler/transcripts/200750/
CarTalk: The Puzzler Answer
2007-12-17
RAY: So the question is how do you package your valuable objects
so that the KGB cannot open it, but your friend can? Now instead of
a key, I would have mailed a hacksaw. But in the spirit of the
puzzler that wouldn't have been fair.
TOM: Sure.
RAY: You put the valuable thing in the box. You put as many
locks as you want on the clasp, making sure you leave room for at
least one more.
TOM: Yeah.
RAY: You mail the thing to Russia. Your friend gets it. He
doesn't have a key to any of these locks that you put on it. He
puts another lock on it for which he has the key. He mails it back
to you. You remove all of your locks and you can't get it open now.
But you don't have to.
TOM: He can.
RAY: When you mail it back to him.
From:
http://www.cartalk.com/content/puzzler/transcripts/200750/answer.html
Thank You!
Questions?
