direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries. 9EC4C12949A4F31474F299058CE2B22A
¡ Maps any length input to n-‐bit output § Collision resistant § One-‐way ¡ H(x) might allow you to derive H(y) § Length-‐extension attacks (MD0-‐5, SHA0-‐2) § If you know H(x) you can sometimes find H(x || y)
many iterations § Intentionally slow to deter brute forcing § Usually over 1000 ¡ Keys can be used for many inputs § Symmetric cipher keys § Symmetric authentication keys § Password storage
Kerberos ¡ Change passwords into a key as soon as possible § Using PBDKF2, bcrypt, scrypt, etc ¡ DON’T: store passwords on your server § Even if it is encrypted or encoded § Store one-‐way keys or verifiers
key ¡ Mk (x) doesn’t allow you to derive Mk (y) § No length extension attack ¡ Flickr API used a hash to authenticate API requests where they should have used a MAC § TouchNet also makes this mistake
structured § Amazon got this wrong ▪ key1=value1&key2=value2 èkey1value1key2value2 ¡ DO: verify the entire signature § Nintendo Wii got this wrong ¡ DON’T: leak information via timing side channels when you verify a signature § Many OpenID implementations have this wrong
§ Usually works by combining message with an n-‐ bit keystream (using XOR) ¡ Key re-‐use is fatal § E1 = msg1 XOR keystream § E2 = msg2 XOR keystream § E1 XOR E2 = msg1 XOR msg2 § What if I know one of the messages?
European contest similar to AES process § Hardware and Software profiles ¡ DON’T: use RC4 ¡ DO: use a MAC (i.e., HMAC-‐SHA256) to authenticate your encrypted data ¡ DO: verify the authenticity of your encrypted data before you decrypt it
TripleDES ¡ STOP: using DES ¡ DO: use a MAC to authenticate your encrypted data ¡ DO: verify the authenticity of your encrypted data before you decrypt it ¡ DON’T: use a block cipher without a cipher mode
cipher text ¡ A decryption key (private key) transforms cipher text into plaintext ¡ Typically a shared key is encrypted § Later used with a block or stream cipher
use RSA without message padding ¡ DO: use RSASSA-‐PSS for signing ¡ DO: use RSAES-‐OAEP for encrypting ¡ AVOID: using PKCS v1.5 padding ¡ AVOID: using the same RSA key for both authentication and encryption
its fair share of problems ¡ Education has focused on the padlock icon ¡ DO: use TLS to secure your web server, email, etc ¡ DO: think very carefully which Certificate Authorities you trust