6. I AM A SECURITY ENGINEER.
!
I AM A GUY WHO HAS SPENT
WAY TOO MUCH TIME WORRYING
ABOUT GIBBERISH
!
I DON’T KNOW MUCH ABOUT THE MATHS
BEHIND ENCRYPTION.
7. I AM A SECURITY ENGINEER.
!
I AM A GUY WHO HAS SPENT
WAY TOO MUCH TIME WORRYING
ABOUT GIBBERISH
!
I DON’T KNOW MUCH ABOUT THE MATHS
BEHIND ENCRYPTION.
I DO KNOW HOW YOU CAN PROTECT YOUR
APPS IN THE REAL WORLD.
8. agenda:
1) alice & bob: a short note on asymmetric
algorithms
2) intro to SSL/TLS on today’s internet
3) tour of the secure web, from the
perspective of a lowly cipher line
4) next-gen ciphers and features
5) useful tools
6) Q&A and story time
!
!
!
20. TLS has its own handshake…
1) client says hello
- passes a list of supported ciphers
- in priority order
- other capabilities like SNI
2) server says hello
- passes a list of supported ciphers
- in priority order
- passes certificate chain
- other capabilities like NPN/ALPN
n) they agree and connect
- a cipher is chosen!
- a protocol is selected!
- keys are exchanged!
… awhile later …
21. elements of a cipher spec
key
exchange standard cipher
symmetric
size
brokenness
ECDHE TLSv1.2 AES-GCM
128: fast
256: strong
“no reason to
believe it’s not
broken… yet”
DHE TLSv1 AES-GCM
128: fast
256: strong
“could be broken
if you’re not
careful”
— SSLv3 RC4
140, that’s all
you get foo
“well, fuck it.
it’s definitely broken,
at least break fast?”
25. Testing: Qualys
!
1) Awesome for experimenting with settings!
2) Great for detecting issues!
3) Pretty reports!
4) Fantastic compatibility simulator
26. Diagnostics: OpenSSL
!
1) Tools for generating keys /
certificates!
2) openssl s_client for SSL client
testing!
3) openssl ocsp for OCSP testing
4) Benchmark your ciphers with
openssl speed
27. Diagnostics: Wireshark
!
1) Extremely powerful!
2) Kind of outside the scope of this
talk!
3) Can be configured with your
private key/cert to decrypt traffic
4) See traffic at all levels!
(ARP, IP, TCP, TLS, DNS & HTTP)
51. with forward secrecy…
1) client says hello
- passes a list of supported ciphers
- in priority order
- other capabilities like SNI
2) server says hello
- passes a list of supported ciphers
- in priority order
- passes certificate chain
- other capabilities like NPN/ALPN
n) they agree and connect
- a cipher is chosen!
- a protocol is selected!
- keys are exchanged!
… awhile later …
… awhile later …
3) Generate ephemeral forward secrecy key
59. OCSP Stapling
!
1) OCSP is a way to verify certificate
validity and health
2) Certs can be “invalidated” by providers
when they are breached!
!
3) “Stapling” a verifiably-valid OCSP
response to an HTTP response
can optimize the process significantly!
60. ECC & DSA Certificates
!
1) ECC is an alternate key structure to RSA or DSA
2) ECC keys are “faster” to compute/sign/verify, and!
“stronger” than RSA and DSA at “smaller” key sizes!
!
3) Almost nobody supports it (CA’s and browsers both)
CA’s: Symantec is the only one I’ve found
Browsers: the usual modern suspects
(Webkit/Blink/SpiderMonkey/barely any Trident)!
62. Salsa20 / Poly1305
!
1) These are new ciphers from Google
2) They haven’t been chill enough to share ‘em yet*!
!
3) Salsa20 is a new stream cipher (replaces RC4!) that is fast"
!
4) Poly1305 is a MAC algorithm that can wrap any reliable!
symmetric cipher (AES being broken won’t fail us again)
5) Would be great to have server-side but only Chrome supports
this stuff yet
*there might be some patches for OpenSSL
that may or may not work in the Chromium
source tree… :)
63. AES-GCM Support
!
1) GCM-based algorithms were only introduced in TLSv1.2
2) Chrome (>=31) is all good, so are Firefox and Safari
3) IE 11 is all good (sometimes)!
!
3) >=iOS 5 should have it, Android "
!
4) Java support is spotty