If you can't read please download the document
Upload
bilcorry
View
2.422
Download
2
Embed Size (px)
Citation preview
Blue Orange
Session:
Encryption
Bil Corrylasso.pro
Caveat Emptor
I am not a cryptographer
I only have a rudimentary understanding of cryptography
When in doubt, hire a professional
Encryption is strong, yet fragile
Works well when implemented correctly
Easy to get wrong = broken implementation = insecure encryption
When there's a breach, keys have to be swapped out
Advice from Experts
Never create/implement your own cipher
Do not implement an encryption scheme using low-level APIs (OpenSSL, etc)
Use a high-level API such KeyCzar, GPGME, or cryptlibhttp://www.keyczar.org/
http://www.gnupg.org/gpgme.html
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
High-Level APIs
Abstract technical details
Safe defaults for key lengths, algorithms, and modes
Allow for key rotation and versioning
Automated generation of initialization vectors and other setup requirements
Encryption Gone Bad
The default Pseudo Number Random Generator (PNRG) not suited for encryptionUse the following instead:Java: java.security.SecureRandom
Unix: /dev/urandom
Windows: CryptGenRandom or RtlGenRandom from ADVAPI32.DLL
Encryption Gone Bad (cont)
Block Cipher ModesOFB, CFB, CTR fatal if output or counter reused
CCM, EAX, GCM, OCB fatal if IV reused
ECB:
ECB-encrypted image of Tux
Plaintext image of Tux
Image of Tux encrypted in other (chained) modes
From: http://www.subspacefield.org/security/security_concepts/
Encryption Gone Bad (cont)
Encrypting IDs sent roundtrip to client doesn't protect from tampering (integrity)Use HMAC to verify hasn't been tampered with
Custom hash constructionshash(key + data) open to length extension attack to determine the key use HMAC instead
Encryption Gone Bad (cont)
Many real-world examples of popular webapps getting crypto wrong:WSJ.com authentication flaws
Wordpress Cookie Integrity Vulnerability
Amazon Web Services v1 lacked structure for data
Types of Encryption
Symmetric
Asymmetric
HashMessage Authentication Code (MAC)
Symmetric
Secret key used to both encrypt and decrypt
Examples:Blowfish
DES
3DES
AES
Symmetric Example
[Encode_Hex(Cipher_Encrypt('Data',-Cipher='CAST5-CBC',-Key='supersecretpassword'));
'
';
Cipher_Decrypt(Decode_Hex('D7BF2BE2EA29D2C9'),-Cipher='CAST5-CBC',-Key='supersecretpassword');]
LP8: D7BF2BE2EA29D2C9 Data
Asymmetric
Public/Private Key Cryptography
Encrypt with public key to send over insecure channel that only can be decrypted with the private key
Encrypt with the private key, the public key can decrypt to verify the authenticity of the signer
Examples:SSL, PGP, S/MIME
Asymmetric Example
Currently in Lasso, you would need to use [os_process] to use PGP or similar command-line tool to sign/encrypt using public/private keys.
Hash
One-way algorithm
Used as an integrity check, storing passwords
Examples:MD5
SHA-1
SHA-256
Hash
The ideal cryptographic hash function has four main properties:it is easy to compute the hash value for any given message,
it is infeasible to find a message that has a given hash,
it is infeasible to modify a message without changing its hash,
it is infeasible to find two different messages with the same hash.
Hash Example
[encode_hex(cipher_digest('Data',-digest='RIPEMD160'))]
LP8: 934C399FC545B1C385E96CC30EFE8321B84F107C
Rainbow Table Attack
Rainbow tables contain pre-computed hashes of most likely secrets allows quick reversing of a hash
Example:934C399FC545B1C385E96CC30EFE8321B84F107C = Data
Use a 'salt' to defeat rainbow tables
Iterate hash 1000 times or more key strengthening
Message Authentication Code (MAC)
Similar to hash, but takes a secret key
Protects integrity and authenticity
Secret key used to create MAC and validate its authenticity
HMAC is MAC using a specific algorithm (RFC 2104)
HMAC Example
[Encrypt_HMAC('Data','supersecretpassword',-Digest='SHA1',-Cram)]
LP8: 13c6e2d6bafbbed0723a00a61f79cde424cb83b7
Recommendations for Lasso
SSL for transport
Do not use JavaScript encryption
Symmetric (data at rest)[encrypt_blowfish]
[cipher_encrypt(-cipher='CAST5-CBC')]
Hash (passwords)[cipher_digest(-cipher='RIPEMD160')]
Recommendations for Lasso
HMAC (roundtrip public data, w/symmetric encryption for roundtrip secret data)[Encrypt_HMAC(-Digest='SHA1')]
Remember to allow for key rotation, key revocation, and algorithm changes
Use a unique salt for every hash
Use key strengthening of at least 1000 for hashes of passwords
Protect keys!
Don't Do This
Store passwords in plaintext
Use the same salt for all passwords
Use MD5 for anything
Use ECB mode
Re-use keys for different purposes
Create your own cipher
CarTalk: The Puzzler
2007-12-17
Imagine you have a friend who lives in Russia where the KGB spies on everyone and everything and you want to send a valuable object to this friend. So you have a box which is more than large enough to contain the object and you have several locks with keys.
Now this box, I suppose you could call it a strongbox, has a lock ring which is more than large enough to have a padlock attached to it. In fact it's large enough to accommodate several locks. But your friend does not have to the key to any lock that you have. Now you can't send a key in the mail because the KGB will intercept it and they will copy it. And you can't not lock the box, because the object is very valuable. So you have to send it through the mail. You can't hand deliver it. You want to lock it so that your friend can open it, but the KGB can't.
The question is, how would you do it?
From: http://www.cartalk.com/content/puzzler/transcripts/200750/
CarTalk: The Puzzler Answer
2007-12-17
RAY: So the question is how do you package your valuable objects so that the KGB cannot open it, but your friend can? Now instead of a key, I would have mailed a hacksaw. But in the spirit of the puzzler that wouldn't have been fair.
TOM: Sure.
RAY: You put the valuable thing in the box. You put as many locks as you want on the clasp, making sure you leave room for at least one more.
TOM: Yeah.
RAY: You mail the thing to Russia. Your friend gets it. He doesn't have a key to any of these locks that you put on it. He puts another lock on it for which he has the key. He mails it back to you. You remove all of your locks and you can't get it open now. But you don't have to.
TOM: He can.
RAY: When you mail it back to him.
From: http://www.cartalk.com/content/puzzler/transcripts/200750/answer.html
Thank You!
Questions?