Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto 101 by Laurens Van Houtven

Avatar for PyCon 2013 PyCon 2013
March 16, 2013
Programming
10
1.6k

Crypto 101 by Laurens Van Houtven

Avatar for PyCon 2013

PyCon 2013

March 16, 2013
Tweet

More Decks by PyCon 2013

See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
Avatar for PyCon 2013 pyconslides
32
6.4k
Python for Humans
Avatar for PyCon 2013 pyconslides
40
6.7k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
Avatar for PyCon 2013 pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
Avatar for PyCon 2013 pyconslides
3
1.6k
Use curses, don't swear by Sean Zicari
Avatar for PyCon 2013 pyconslides
2
1.5k
Namespaces in Python by Eric Snow
Avatar for PyCon 2013 pyconslides
9
1.9k
Internationalization and Localization Done Right by Ruchi Varshney
Avatar for PyCon 2013 pyconslides
9
1.2k
"Good Enough" is good enough! by Alex Martelli
Avatar for PyCon 2013 pyconslides
13
2.6k
Plover: Thought to Text at 240 WPM by Mirabai Knight
Avatar for PyCon 2013 pyconslides
1
1.3k

Other Decks in Programming

See All in Programming
Oracle Database Technology Night 92 Database Connection control FAN-AC
Avatar for oracle4engineer oracle4engineer
PRO
1
420
フロントエンドのmonorepo化と責務分離のリアーキテクト
Avatar for Takuma Kajikawa kajitack
2
160
GitHubとGitLabと AWS CodePipelineで CI/CDを組み比べてみた
Avatar for Satoshi Kaneyasu satoshi256kbyte
4
150
FindyにおけるTakumi活用と脆弱性管理のこれから
Avatar for adachi.ryo rvirus0817
0
450
TanStack DB ~状態管理の新しい考え方~
Avatar for じょうげん bmthd
2
490
MCPでVibe Working。そして、結局はContext Eng(略)/ Working with Vibe on MCP And Context Eng
Avatar for r-kagaya rkaga
5
2.1k
意外と簡単!?フロントエンドでパスキー認証を実現する WebAuthn
Avatar for teamLab teamlab
PRO
2
650
デザイナーが Androidエンジニアに 挑戦してみた
Avatar for Kanon Fujita 874wokiite
0
170
Rancher と Terraform
Avatar for Ryoma Fujiwara fufuhu
2
220
ProxyによるWindow間RPC機構の構築
Avatar for syumai syumai
3
1.1k
Design Foundational Data Engineering Observability
Avatar for suci sucitw
3
180
AI Coding Agentのセキュリティリスク:PRの自己承認とメルカリの対策
Avatar for さうす s3h
0
140

Featured

See All Featured
Done Done
Avatar for chrislema chrislema
185
16k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
55
13k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
2.9k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.8k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.5k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.8k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.8k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.8k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
It's Worth the Effort
Avatar for 3n 3n
187
28k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
How GitHub (no longer) Works
Avatar for Zach Holman holman
315
140k

Transcript

  1. Crypto 101 @lvh

  2. @lvh [email protected]

  3. None
  4. None
  5. None

  6. POST /quantum HTTP/1.1

  7. None

  8. Lightning Talk Version

  9. In motion: TLS

  10. At rest: GPG

  11. (Py)NaCl KeyCzar cryptlib

  12. If you are typing the letters A-E-S into your code,

    you’re doing it wrong.

  13. DES: extra wrong MD5, SHA: maybe wrong

  14. Why stay?

  15. Recognizing wrong stuff still matters

  16. Understanding stuff still matters

  17. None
  18. None

  19. xor

  20. 1 ^ 0 == 1 0 ^ 1 == 1

  21. 1 ^ 1 == 0 0 ^ 0 == 0

  22. Invert? Input Output

  23. Invert: yes (1) Input: 1 Output: 0

  24. Invert: no (0) Input: 1 Output: 1

  25. One-time Pad

  26. 1110010101010110 1010100000111101 0100101010101010 ...

  27. OTP crypto XWCVPR

  28. Perfect secrecy

  29. 0? 1? 1

  30. 1? 0? 1

  31. None
  32. None
  33. None

  34. Victory!

  35. len(one_time_pad)

  36. == len(all_data_ever)

  37. == very_big_number

  38. Exchange?

  39. Ciphers

  40. Block Ciphers

  41. Block Cipher Key abc XYZ Ciphertext Same fixed size Plaintext

    Fixed size

  42. P C

  43. Random permutation

  44. 000: 001 001: 010 010: 111 011: 000 100: 110

    101: 011 110: 100 111: 101

  45. x, C(k, x) vs y, C(k, y)

  46. P C

  47. AES

  48. Blowfish/Twofish

  49. DES/3DES

  50. Victory!

  51. “Hello”

  52. with open(“x.jpg”) as f: send(f, you)

  53. Block Cipher

  54. len(message) > block_size

  55. aes.block_size == 128 (16 bytes)

  56. Stream Ciphers

  57. Native stream ciphers

  58. RC4

  59. Salsa20 ChaCha20

  60. Implemented as construction with block ciphers

  61. abcdefghijklmnopqrstuvw C k C k C k C k C

    k C k C k { { { { { { { { C k padding KEGASVTPCFDRUWBOJNMHXQIL { { { { { { { {

  62. ECB

  63. plaintext chunk ciphertext chunk

  64. None
  65. None
  66. None
  67. None

  68. Replay Attacks

  69. None
  70. None

  71. Block Cipher Modes of Operation

  72. ECB, (P)CBC, CFB, OFB, CTR

  73. ECB, (P)CBC, CFB, OFB, CTR

  74. CBC

  75. Most common in the wild

  76. BEAST

  77. CTR

  78. {nonce}{count:08d}

  79. D501320200000000 D501320200000001 D501320200000002 Nonce Count . . .

  80. C k C k D501320200000000, D501320200000001, ... D1DC4D1FE3679212, 0FD25C7B1CF46485, ...

  81. D1DC4D1FE3679212 0FD25C7B1CF46485 ...

  82. Keystream

  83. Pseudo-OTP

  84. GCM, EAX, OCB, IAPM, CCM, CWC

  85. GCM, EAX, OCB, IAPM, CCM, CWC

  86. PATENT PENDING

  87. Victory!

  88. None

  89. Key exchange?

  90. In person?

  91. None

  92. O(n2)

  93. Diffie-Hellman Key Exchange

  94. None

  95. = +

  96. = + +

  97. - =

  98. Internet Me You

  99. None

  100. + = + =

  101. None
  102. None

  103. + = + =

  104. = + + + +

  105. Victory!

  106. None

  107. Cease fire! ZSTAMUTJMEFFILH Cease fire!

  108. Attack at dawn! HUWKEMMQTXMR Attack at dawn!

  109. Authenticity

  110. sender == expected_sender

  111. message == expected_message

  112. Encryption without authentication

  113. Almost certainly wrong

  114. Attackers don’t need to decrypt to modify

  115. Cryptographic hash functions

  116. lorem ipsum 358d846c39 digest (state) fixed size message arbitrary size

    Hash Function

  117. lorem ipsum 358d846c39 Hash Function

  118. lorem ipsum 358d846c39 Hash Function

  119. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  120. lorem python 358d846c39 lorem ipsum 358d846c39 Hash Function Hash Function

  121. That’s it.

  122. H(x) can be used to compute H(f(x))

  123. Extension attacks

  124. hf = HF(“hello pycon\n”) hf.update(“how are you”) hf.hexdigest()

  125. hf = HF(state=your_hash) hf.update(my_string) hf.hexdigest()

  126. my_string = “\nI am not attending, because I have switched

    to PHP”

  127. Payment processor

  128. MD5(secret + amount)

  129. $12.00: “1200”

  130. hf = HF(state=your_hash) hf.update(“0” * 12) hf.hexdigest()

  131. bwall/HashPump

  132. SHA-3 era: fixed (SHA-3, BLAKE2)

  133. SHA-256, SHA-3 (both are fine)

  134. BLAKE2

  135. MAC

  136. H(x) can be used to compute H(f(x))

  137. MAC(k, x) says nothing about MAC(k, f(x))

  138. MAC(k, x) says nothing about MAC(k, y)

  139. HMAC

  140. hmac(k, hf, msg)

  141. import hmac

  142. Password storage

  143. CHFs are WRONG

  144. password 45ed8f8c31 Hash Function

  145. Brute force?

  146. None

  147. ATI HD 5970, 2GB 5.6e9 MD5/s 2.3e9 SHA2/s

  148. None

  149. SHA-3?

  150. lorem ipsum 358d846c39 Hash Function

  151. SHA-2-256: 14 cpb SHA-3-256: 11 cpb (Intel Ivy Bridge/Sandy Bridge)

  152. Salts?

  153. Dictionary attacks

  154. KDFs should be hard to compute

  155. bcrypt (tunably) time-hard

  156. scrypt time- and space-hard

  157. Sender authentication?

  158. None

  159. Public key Cryptography

  160. None
  161. None
  162. None

  163. Key generation

  164. me me you you

  165. me you

  166. Encryption

  167. PK Enc you hello world BXUWD VWQEF

  168. Decryption

  169. PK Dec you hello world BXUWD VWQEF you

  170. Signing

  171. Anyone can use my public key

  172. How do I know you’re you?

  173. PK Dec you Signature HF(m) you

  174. PK Enc you Signature HF(m)

  175. RSA

  176. Victory!

  177. “me” == actually me?

  178. Chains of signatures

  179. I don’t trust you.

  180. But X trusts you.

  181. And I trust X.

  182. So I trust you.

  183. GPG key signing

  184. SSL

  185. TLS

  186. None

  187. version, ciphersuites, ...

  188. Key exchange method (RSA, DH, ...)

  189. Signing algorithm (RSA, DSA, ECDSA)

  190. Bulk encryption algorithm (AES-CBC, RC4...)

  191. MAC algorithm (HMAC-{MD5, SHA2})

  192. version, ciphersuites, ...

  194. RSA Enc srvr random secret OUTDX BHXUS

  195. OUTDXBHXUS

  196. RSA Dec srvr random secret OUTDX BHXUS srvr

  197. random secret AES MAC random secret AES MAC

  198. MAC

  199. None

  200. Encrypted + Authenticated

  202. None

  203. CAs

  204. ...

  205. None

  206. valid vs trustworthy?

  207. valid vs trustworthy?

  208. What if I plant a root cert?

  209. sslbump

  210. ICAP/eCAP

  211. lvh/minitrue

  212. Questions?

  213. Timing attacks

  214. Side-channel

  215. Implementation, not theory

  216. None
  217. None
  218. None
  219. None
  220. None

  221. provided == password

  222. compare length

  223. compare byte by byte

  224. “abc” == “xyz”

  225. “abc” == “ayz”

  226. “abc” == “abz”

  227. len(alpha) ** len(pw)

  228. X * X * X * .... len(alpha) possibilities len(pwd)

    times

  229. k * len(alpha) * len(pw) possibilities measurements characters

  230. More TLS

  231. Client certificates

  232. Ephemeral Diffie-Hellman

  233. Elliptic Curves ECDH/ECDSA