Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cryptography Pitfalls at OSCON 2013

Avatar for John Downey John Downey
July 26, 2013
Programming
820
2

Cryptography Pitfalls at OSCON 2013

Avatar for John Downey

John Downey

July 26, 2013

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
Avatar for John Downey jtdowney
0
200
Intro to Cybersecurity Workshop
Avatar for John Downey jtdowney
0
160
Cryptography Pitfalls at BsidesMSP 2017
Avatar for John Downey jtdowney
0
210
Cryptography Pitfalls at THOTCON 0x8
Avatar for John Downey jtdowney
0
220
Cryptography Pitfalls at ConFoo Montreal 2017
Avatar for John Downey jtdowney
1
370
Cryptography Pitfalls at BSidesPhilly 2016
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at LASCON 2016
Avatar for John Downey jtdowney
0
230
Debugging TLS/SSL at DevOps Days Detroit 2016
Avatar for John Downey jtdowney
1
300
Debugging TLS/SSL at DevOpsDays Boston
Avatar for John Downey jtdowney
1
380

Other Decks in Programming

See All in Programming
The Arts and Crafts of Work in the AI Era — Toward Mastery in Software Development
Avatar for Yoshihito Kuranuki / 倉貫義人 kuranuki
1
750
Make SRE Operations Easier with Azure SRE Agent
Avatar for KAMEGAWA Kazushi kkamegawa
0
5.2k
AI駆動開発で崩れていくコードベースを立て直す
Avatar for Kyoko NR kyoko_nr_nr
1
450
RTSPクライアントを自作してみた話
Avatar for simotin13 simotin13
0
520
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
Avatar for matsukada licux
6
230
ADKを使って簡単にAIエージェントを作ってみよう
Avatar for K1mu21 k1mu21
0
250
[2026年度第1回ORセミナー] 計画最適化ベンチャーと競技プログラミング人材
Avatar for terry-u16 terryu16
0
250
Spec-Driven Development with AI-Agents: From High-Level Requirements to Working Software
Avatar for Anton Arhipov antonarhipov
2
480
キャリア迷子上等 ─ "ない道"は自分で作ればいい
Avatar for 16bit_idol 16bitidol
3
1.9k
Agentic UI
Avatar for Manfred Steyer manfredsteyer
PRO
0
130
PHPで使える日時の表現と、その知り方 #frontend_phpcon_do
Avatar for hideki kinjyo o0h
PRO
0
230
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
Avatar for ギークプラス ソフトウェア事業部 geekplus_tech
0
330

Featured

See All Featured
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
22k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
35k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
270
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
480
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
11
38k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.7k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
Avatar for Marco Roth marcoroth
1
170
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
2
1.5k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.2k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
580
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
170

Transcript

  1. CRYPTOGRAPHY PITFALLS John Downey | @jtdowney

  2. John Downey | Security Engineer

  3. http://www.flickr.com/photos/60445767@N00/2466272019/

  4. http://www.flickr.com/photos/freefoto/5692512457/

  5. http://www.flickr.com/photos/zappowbang/2049368918/

  6. http://www.flickr.com/photos/katieharbath/4382294246/

  7. http://www.flickr.com/photos/kalebdf/2170180285/

  8. http://www.flickr.com/photos/alstonfamily/2237347597/

  9. None

  10. http://www.flickr.com/photos/damiavos/4707651586/ You have probably seen the door to a bank

    vault, at least in the movies. You know, 10-inch- thick, hardened steel, with huge bolts to lock it in place. It certainly looks impressive. We often find the digital equivalent of such a vault door installed in a tent. The people standing around it are arguing over how thick the door should be, rather than spending their time looking at the tent. Cryptography Engineering Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno

  11. http://www.flickr.com/photos/bootycat/5849904501/

  12. •For data in transit •Use TLS/SSL, SSH, or VPN/IPsec •For

    data at rest •Use GnuPG •Use a high level library •Keyczar (Python and Java) •NaCL (C, Ruby, etc)

  13. http://www.flickr.com/photos/proimos/4199675334/

  14. RANDOM NUMBER GENERATION

  15. http://www.flickr.com/photos/brentnewhall/6559793329/

  16. None

  17. MD_Update(&m,buf,j);

  18. Don't add uninitialised data to the random number generator. This

    stop valgrind from giving error messages in unrelated code. (Closes: #363516)

  19. /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */

    MD_Update(&m,buf,j); /* We know that line may cause programs such as purify and valgrind to complain about use of uninitialized data. The problem is not, it's with the caller. Removing that line will make sure you get really bad randomness and thereby other problems such as very insecure keys. */

  20. RECOMMENDATIONS • Use the crypto library RNG • OpenSSL random

    • On Linux (or other Unix-like OS) • /dev/random - blocks for entropy • /dev/urandom - non-blocking

  21. LENGTH EXTENSION ATTACKS

  22. HASH FUNCTIONS

  23. http://www.flickr.com/photos/littlejohncollection/3675547973/

  24. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct

    the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries. 9EC4C12949A4F31474F299058CE2B22A MD5
  25. None

  26. RECOMMENDATIONS •Use SHA-256 (SHA-2 family) •Stop using MD5 •Don’t use

    SHA1 in new projects

  27. RestClient.post( 'https://example.com/things', :name => 'Widget', :price => 1_23, :signature =>

    signature )

  28. secret = "api-key" str = "name=#{name}&" str += "price=#{price}" body

    = "#{secret}|#{str}" signature = sha1(body)

  29. sha1("api-key|name=Widget&price=123") 8CBBCB204861672F93B26A6401E685195AB5719B SHA1

  30. http://www.flickr.com/photos/worldbank/3492662794/

  31. h0 = 0x8CBBCB20 h1 = 0x4861672F h2 = 0x93B26A64 h3

    = 0x01E68519 h4 = 0x5AB5719B h0 = 0x67452301 h1 = 0xEFCDAB89 h2 = 0x98BADCFE h3 = 0x10325476 h4 = 0xC3D2E1F0

  32. h0 = 0x8CBBCB20 h1 = 0x4861672F h2 = 0x93B26A64 h3

    = 0x01E68519 h4 = 0x5AB5719B 8CBBCB204861672F93B26A6401E685195AB5719B

  33. &price=0

  34. api-key|name=Widget&price=123&price=0

  35. h0 = 0x8CBBCB20 h1 = 0x4861672F h2 = 0x93B26A64 h3

    = 0x01E68519 h4 = 0x5AB5719B h0 = 0x7CA17A2B h1 = 0x91BD35C0 h2 = 0x9D50A3AD h3 = 0x5CAD1E9B h4 = 0x396DDEF4

  36. api-key|name=Widget&price=123&price=0 7CA17A2B91BD35C09D50A3AD5CAD1E9B396DDEF4 SHA1

  37. RestClient.post( 'https://example.com/things', :name => 'Widget', :price => 0, :signature =>

    signature )

  38. RECOMMENDATIONS •Use HMAC-SHA-256 for authentication •Keyed hash function •Resistant to

    length extension

  39. ECB MODE

  40. http://www.flickr.com/photos/kevinomara/3422866722

  41. Plaintext ECB

  42. Plaintext “This is a secret” Key 0xE60DC5C9747A 963A86FD9522547 Ciphertext 0x7CD937D779C4

    555CF38244BEC63 AES-128(key, msg) Random IV 0x20B8F0FBE8CCA 71A58FC86E6F256 ⊕

  43. Plaintext “message” Key 0xE60DC5C9747A 963A86FD9522547 Ciphertext 0x5867695E0F48DE A14A33F1E70C416 AES-128(key, msg)

    ⊕ Last Ciphertext 0x7CD937D779C4 555CF38244BEC63

  44. Random IV 0x20B8F0FBE8CCA 71A58FC86E6F256 Ciphertext 0x7CD937D779C4 555CF38244BEC63 Ciphertext 0x5867695E0F48DE A14A33F1E70C416

  45. Plaintext ECB CBC

  46. RECOMMENDATIONS • Use AES • Do not use DES •

    Do not use ECB mode • Use an authenticated encryption mode • GCM, CCM, OCB • CBC with an HMAC of IV and ciphertext • Verify the tag/MAC first

  47. PASSWORD STORAGE

  48. http://www.flickr.com/photos/sponng/4554602341/

  49. None
  50. None
  51. None
  52. None
  53. None

  54. sha1(password)

  55. 1.One-way •Only useful for verification

  56. sha1(salt + password)

  57. 1.One-way •Only useful for verification 2.Randomized •Defeats pre-computed tables •Forces

    focus on one password

  58. http://www.flickr.com/photos/jaffathecake/2618896075/

  59. 1.One-way •Only useful for verification 2.Randomized •Defeats pre-computed tables •Forces

    focus on one password 3.Slow

  60. bcrypt, scrypt, or PBKDF2 ADAPTIVE HASHING

  61. RECOMMENDATIONS • Delegate authentication if possible • Facebook, Twitter, Google,

    Github • Store one-way verifiers using bcrypt, scrypt, or PBDKF2 • Use existing framework • has_secure_password (Rails >= 3.1) • devise

  62. TLS/SSL VERIFICATION

  63. http://www.flickr.com/photos/your_teacher/400805545/

  64. None
  65. None
  66. None
  67. None

  68. RECOMMENDATIONS • Check your SSL connections • Verify certificate /

    verify peer • Verify host • Setup an automated test

  69. TRUST

  70. The authenticity of host 'apollo.local (10.0.2.56)' can't be established. RSA

    key fingerprint is 04:63:c1:ba:c7:31:04:12:14:ff:b6:c4:32:cf:44:ec. Are you sure you want to continue connecting (yes/no)?

  71. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 04:63:c1:ba:c7:31:04:12:14:ff:b6:c4:32:cf:44:ec. Please contact your system administrator.

  72. • AOL Time Warner Inc. • AS Sertifitseerimiskeskus • AddTrust

    • Baltimore • beTRUSTed • Buypass • CNNIC • COMODO CA Limited • Certplus • certSIGN • Chambersign • Chunghwa Telecom Co., Ltd. • ComSign • Comodo CA Limited • Cybertrust, Inc • Deutsche Telekom AG • Deutscher Sparkassen Verlag GmbH • Dhimyotis • DigiCert Inc • DigiNotar • Digital Signature Trust Co. • Disig a.s. • EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. • EDICOM • Entrust, Inc. • Equifax • GTE Corporation • GeoTrust Inc. • GlobalSign nv-sa • Hongkong Post • Japan Certification Services, Inc. • Japanese Government • Microsec Ltd. • NetLock Halozatbiztonsagi Kft. • Network Solutions L.L.C. • PM/SGDN • QuoVadis Limited • RSA Security Inc • SECOM Trust Systems CO.,LTD. • SecureTrust Corporation • Sociedad Cameral de Certificación Digital • Sonera • Staat der Nederlanden • Starfield Technologies, Inc. • StartCom Ltd. • SwissSign AG • Swisscom • TC TrustCenter GmbH • TDC • Taiwan Government • Thawte • The Go Daddy Group, Inc. • The USERTRUST Network • TÜBİTAK • TÜRKTRUST • Unizeto Sp. z o.o. • VISA • ValiCert, Inc. • VeriSign, Inc. • WISeKey • Wells Fargo • XRamp Security Services Inc

  73. CERTIFICATE PINNING

  74. None

  75. RECOMMENDATIONS • Think about what organizations you really trust •

    Consider disabling some roots • Use certificate pinning in your apps

  76. https://www.coursera.org/course/crypto STANFORD CRYPTO CLASS

  77. http://www.matasano.com/articles/crypto-challenges/ MATASANO CRYPTO CHALLENGES

  78. PRAGMATIC CRYPTOGRAPHY http://pragmaticcrypto.com/

  79. • Videos • Theory and Practice of Cryptography series •

    http://www.youtube.com/watch?v=IzVCrSrZIX8 • http://www.youtube.com/watch?v=KDvt_0cafPw • http://www.youtube.com/watch?v=YcgqBEzcD_I • http://www.youtube.com/watch?v=ZDnShu5V99s • Crypto Strikes Back! • http://www.youtube.com/watch?v=ySQl0NhW1J0 • Presentations • http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf • http://www.eff.org/files/DefconSSLiverse.pdf • Books • Cryptography Engineering - Ferguson, Schneier, and Kohno • Blogs • http://blog.cryptographyengineering.com/ • http://rdist.root.org/

  80. QUESTIONS? John Downey | @jtdowney