Cryptography for newcomers

The hitchhiker's guide to cipher in devs

@m4d_z
alwaysdata logo

Developer’s responsibility

Password’s limit

CKI
Chair Keyboard Interface

I don't care; We don't host sensitive data
  • Data War
  • Tracking and Cross-profiling
  • Digital ID

Any sensitive data must be
transferred and stored
in an encrypted form

Encrypt!

Encrypt?

Ciphers' nightmare

What Crypto Isn’t?

  • authentication
  • security layer
  • revoking

Protection

What Crypto Is?

  • Hashing
  • Encrypt
  • Key Exchange
  • Signature

Only The Key
Matters

Cryptography & Cryptanalysis

Once upon a time

Caesar Cipher

Shift Cipher Wheel
Shift Cipher Wheel

Vigenère Cipher

Plain text:  ATTACK AT DAWN
Cipher key:  LEMONL EM ONLE
Cipher text: LXFOPV EF RNHR

The 1st Breach: Repetitions

Frequency Analysis
defeats any ciphers where a
Common Denominator
leads to repetitions

Enigma

Key protection is essential

xkcd://538
xkcd://538

The 2nd Breach: Spying and Brute Force Attack

There is no pattern strong enough to resist an endless attack.

Digital Encryption

Single Token, the Cipher Graal

Hashing, Salting, Cooking

Hashing is
Data Obfuscation

Fail!

  • Rainbow Tables
  • Lookup Tables
  • Reverse-lookup Tables

Salting

  • Entropy
  • Avoid repetitions
  • Must be unique and random

The Bad, and the Ugly

md5(sha1(password))
sha1(sha1(password))
sha1(str_rot13(password + salt))
md5(sha1(md5(md5(password) + sha1(password)) + md5(password)))

The Good!

  1. Generate a long salt w/ CSPRNG
    • min 16 chars
    • mcrypt_create_iv (PHP), os.urandom (Python), SecureRandom (Ruby), crypto.randomBytes (Node.js)
    • /dev/urandom
  2. Apply a secured derivation on [password][salt]
    • CPU intensive algorithm
    • Argon2, bcrypt, scrypt, PBKDF2
  3. Store all elements in database
    • ensure compatibility in case of changes
    • use a format like $[hashfunc]$[rounds]$[salt][hash]
  4. Store along a HMAC digest of the payload
    • prevent SQL Injections
    • keep the key safe

A properly hashed password, with no repetition and a time-controlled execution decrease the risk of brute-force hacking

Symmetric vs. Asymmetric

Block Ciphers

  • DES (Data Encryption Standard)
  • AES (Advanced Encryption Standard)
  • IDEA
  • BlowFish

Stream Ciphers

  • RC4
  • ChaCha20 ?
  • Panama ?

Computers aren’t
truly random

Padding, Randomness, IV

  • unpredictible, non-deterministic values
  • CSPRNG functions rather than direct /dev/urandom access
  • IV (Initialization Vector) blocks used to init a cipher function and put it in a unique state

Block modes of operation

  • ECB (Electronic Code Book)
  • CBC (Cipher Block Chaining)
  • AEAD (Authenticated Encryption with Associated Data)

A symmetric key
must be shared,
which means it could leak

Bob & Alice

RSA or Eliptic Curves?

Keys Exchange, Certificates, Signatures

Symmetric Key

  • one key for all operations
  • fast
  • critic on key exchange

Diffie-Hellman

Asymmetric Keys And Key Wrapping

  1. Encrypt the message with a symmetric cipher and random key (e.g. IDEA)
  2. Encrypt the symmetric key with an asymmetric cipher (e.g. RSA)
  3. Concatenate both encrypted part in one message
  4. Decrypt the symmetric key using the private key
  5. Decrypt the message with the symmetric key
Pretty Good Privacy

Signature

  • Reversed Asymmetric Cipher
  • For trusting purposes only

Certificates

  • Chain Of Trust
  • Revocate identities
  • X.509

Protect

  • Network SSL/TLS, chain of trust
  • Passwords → Hashing functions
  • Data → Asymmetric Cipher w/ Key Wrapping, HSM

Tooling

Low-level languages

  • OS modules
  • Librairies (OpenSSL)
  • Hardware (AES-NI, Co-processor)

Backend languages

  • Python: Cryptography / PyCrypto
  • Ruby: RbNaCl
  • Node.js: Crypto built-in module
  • PHP: Mcrypt
  • Java: JCE Framework

Browser side

WebCrypto API

WebCrypto API

window.crypto.subtle.encrypt(/* ... */)
  .then(encrypted => {
    // return an ArrayBuffer containing the encrypted data
    console.log(new Uint8Array(encrypted))
  })
  .catch(err => {
    console.error(err)
  })

Supported algorithms

  • RSASSA-PKCS1-v1_5 / RSA-OAEP
  • AES-CBC / AES-GCM / AES-KW
  • HMAC
  • SHA-256 / SHA-384 / SHA-512

But editors choose which ones (do you remember canPlayType?)

Browser libs

  • js-nacl
  • jsencrypt
  • jwcrypto
  • CryptoJS

So, what do we do now?

Never play the sorcerer’s apprentice

Never forget that

  1. Security has an inverse relation to the ease of use
  2. Security has a cost
m4dz's avatar
m4dz

Paranoïd Web Dino · Tech Evangelist

alwaysdata logo
https://www.alwaysdata.com

Questions?

Thank You!


Available under licence CC BY-SA 4.0

Illustrations

m4dz, CC BY-SA 4.0

Interleaf images

Courtesy of Unsplash and Pexels contributors

Icons

  • Layout icons are from Entypo+
  • Content icons are from FontAwesome

Fonts

  • Cover Title: Sinzano
  • Titles: Argentoratum
  • Body: Mohave
  • Code: Fire Code

Tools

Powered by Reveal.js

Source code available at
https://git.madslab.net/talks