SlideShare uma empresa Scribd logo

Cryptography for Smalltalkers

E
ESUG

Cryptography for Smalltalkers, Martin Kobetic. (ESUG 2004, Koethen)

Tecnologia
1 de 25
Baixar para ler offline
Cryptography for Smalltalkers Martin Kobetic Cincom Smalltalk Development ESUG 2004
To get the VW presentation  in the open repository in a bundle called Presentations-MK, class ESUG04Crypto. To load it and open it up in a recent version of VW just run this:  | profile |profile := Store.ConnectionProfile newname: 'open repository';driverClassName: 'PostgreSQLEXDIConnection'; environment: 'store.cincomsmalltalk.com:5432_store_public'; userName: 'guest'; password:'guest';yourself.  Store.RepositoryManager addRepository: profile;Store.DbRegistry connectTo: profile.Store.Bundle newestVersionWithName: 'Presentations-MK') loadSrc.ESUG04Crypto open
Cryptographic Objectives  confidentiality – encryption  integrity – message authentication codes (MAC)  authentication – signatures
Encryption  E(P)= C & D(C) = P  symmetric (secret) key ciphers – EK(P) = C & DK(C) = P  asymmetric (public) key ciphers – EK1(P) = C & DK2(C) = P  one-time pad
Secret Key Ciphers  bulk data encryption  built from simple, fast operations (xor, shift, x + y mod n, ...)  two fundamental classes – stream ciphers (RC4) – block ciphers (DES/AES)
Secret Key Ciphers key := ‘secret key’ asByteArray. alice := ARC4 key: key. msg := ‘Hello’ asByteArrayEncoding: #utf_8. msg := alice encrypt: ‘Hello’ msg asString. bob := ARC4 key: key. bob decryptInPlace: msg from: 1 to: 4. msg asStringEncoding: #utf_8.
Stream Ciphers  time-varying transformation on individual plain- text digits key-stream generator: k1, k2, k3, .... State S, NextState(S), Output(S) E: ci = pi xor ki D: pi = ci xor ki  Pike, A5, RC4, SEAL  key reuse is catastrophic! (a xor k) xor (b xor k) = a xor b
RC4 (1992)  leakedtrade secret of RSA Security (1994)  256 byte S-Box; 2 counters i=j=0 S-Box initialization: next key-stream byte: S = 0, ..., 255 i = (i + 1) mod 256 K = 256B of replicated key j = (j+Si) mod 256 for i=0 to 255: swap Si and Sj j = (j + Si + Ki) mod 256 t = (Si + Sj) mod 256 swap Si and Sj K = St
RC4 alice := ARC4 key: key. msg := alice encrypt: 'Hello' asByteArray. msg asHexString. bob := ARC4 key: key. (bob decrypt: msg) asString
Block Ciphers  fixed transformation on blocks of plaintext (e.g 64, 128 bits)  basic transformation applied in rounds  DES, IDEA, CAST, Blowfish, RC2, RC5
DES (1977)  csrc.nist.gov: FIPS PUB 46 (1977)  FIPS PUB 46-3 (1999) – triple DES still approved – single DES legacy systems only  64 bit block size  56 bit key (64 bits with parity)  16 rounds using 48 bit subkeys
Block Ciphers - Padding key := ‘secret8B’ asByteArray. alice := DES key: key. alice encrypt: ‘Hello World!’ asByteArray. alice := BlockPadding on: DES new. alice setKey: key. (alice encrypt: ‘Hello World!’ asByteArray) asString.
Block Ciphers - Padding  must be reversible  pad with bits “100…0”  pad with padding size (1-8) – aka PKCS#5 padding  ciphertext stealing – different for different modes (ECB, CBC)  some modes don’t need padding
Block Ciphers - ECB  electronic codebook mode  Ci = Ek(Pi)  Pi = Dk(Ci)  don’t use !
Block Ciphers - CBC  cipher block chaining mode  Ci = Ek(Pi xor Ci-1)  Pi = Ci-1 xor Dk(Ci)  initialization vector (IV) – isn’t secret but unique, random – timestamp, nonce, random nr
Block Ciphers - CBC alice := CipherBlockChaining on: DES new iv: ‘nonce 8B’ asByteArray. alice setKey: ‘secret8B’ asByteArray. msg := ‘a block a block ’ asByteArray. msg := alice encrypt: msg. msg asString
Block Ciphers - CBC alice := DES newBP_CBC. alice setKey: 'secret8B' asByteArray. alice setIV: 'nonce 8B' asByteArray. msg := 'Hello World!' asByteArray. msg := alice encrypt: msg. msg asString.
Block Ciphers - OFB  output feedback mode  Si = Ek(Si-1)  Ci = Pi xor Si  Pi = Ci xor Si  like synchronous stream cipher (OutputFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
Block Ciphers - CTR  counter mode  Si := Ek(Nonce || i)  Ci = Pi xor Si  Pi = Ci xor Si  OFB variant
Block Ciphers - CFB  cipher feedback mode  Ci = Pi xor Ek(Ci-1)  Pi = Ci xor Ek(Ci-1)  like self-synchronizing stream cipher (CipherFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
Block Ciphers - Mixing  interleaving – parallelizing “chained” modes  multiple encryption with single cipher – double encryption – no good – 3EDE (inner/outer CBC)  cascading different ciphers
Block Ciphers - Mixing des3 := TrippleEDEOuterCBC first: DES new second: DES new third: DES new. des3 := DES new3EDE_CBC. des3 setKey: ’24bytes for 3 keys’ asByteArray. des3 setIV: ‘nonce 8B’ asByteArray.
AES (2001)  NIST FIPS PUB 197 (2001) - Rijndael  15 submissions (1998)  5 finalists: MARS, Serpent, Twofish, RC6  modes: ECB, CBC, CFB, OFB, CTR  block size 128 bits  key sizes 128, 192, 256 bits  10, 12, 14 rounds
Blowfish (1993)  http://www.counterpane.com/blowfish.html  block size 64-bits  variable key size 32-448 bits  not patented, royalty-free  2 parts: key expansion & data encryption  16 rounds, key dependent S-Boxes
Books  Anderson: Security Engineering  Ferguson, Schneier: Practical Cryptography  Kahn: The Codebreakers, …  Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography  Schneier, B: Applied Cryptography

Recomendados

Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004
Martin Kobetic
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
Martin Kobetic
 
Tuga IT 2017 - Redis
Tuga IT 2017 - RedisTuga IT 2017 - Redis
Tuga IT 2017 - Redis
Nuno Caneco
 
Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3
Gene Leybzon
 
Codable routing
Codable routingCodable routing
Codable routing
Pushkar Kulkarni
 
Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Opentalk at Large - StS 2005
Opentalk at Large - StS 2005
Martin Kobetic
 
LLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, JapanLLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, Japan
ujihisa
 
Raspberry Pi for IPRUG
Raspberry Pi for IPRUGRaspberry Pi for IPRUG
Raspberry Pi for IPRUG
Frank Carver
 

Recomendados

Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004
Martin Kobetic
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
Martin Kobetic
 
Tuga IT 2017 - Redis
Tuga IT 2017 - RedisTuga IT 2017 - Redis
Tuga IT 2017 - Redis
Nuno Caneco
 
Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3
Gene Leybzon
 
Codable routing
Codable routingCodable routing
Codable routing
Pushkar Kulkarni
 
Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Opentalk at Large - StS 2005
Opentalk at Large - StS 2005
Martin Kobetic
 
LLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, JapanLLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, Japan
ujihisa
 
Raspberry Pi for IPRUG
Raspberry Pi for IPRUGRaspberry Pi for IPRUG
Raspberry Pi for IPRUG
Frank Carver
 
Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++
corehard_by
 
Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptop
yayaria
 
Coffee script
Coffee scriptCoffee script
Coffee script
Jordan Dichev
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New Rope
Yung-Yu Chen
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
Arduino Aficionado
 
Introduction to Grails
Introduction to Grails Introduction to Grails
Introduction to Grails
Avi Perez
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
aeronbuchanan
 
An (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixAn (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nix
Eleanor McHugh
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your application
rjsmelo
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2
Bahul Neel Upadhyaya
 
Rust言語紹介
Rust言語紹介Rust言語紹介
Rust言語紹介
Paweł Rusin
 
Introduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System LanguageIntroduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System Language
安齊 劉
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
Codemotion
 
GoでKVSを書けるのか
GoでKVSを書けるのかGoでKVSを書けるのか
GoでKVSを書けるのか
Moriyoshi Koizumi
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single Threaded
Bryan Hughes
 
Rust-lang
Rust-langRust-lang
Rust-lang
Anthony Broad-Crawford
 
part2
part2part2
part2
Cameron White
 
Arp
ArpArp
Arp
Ebsil Sherly
 
Native or External?
Native or External?Native or External?
Native or External?
ESUG
 
Rust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneRust: Systems Programming for Everyone
Rust: Systems Programming for Everyone
C4Media
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin Jani
 

Mais conteúdo relacionado

Mais procurados

Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptop
yayaria
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2
Bahul Neel Upadhyaya
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single Threaded
Bryan Hughes
 
Rust-lang
Rust-langRust-lang
Rust-lang
Anthony Broad-Crawford
 

Mais procurados (20)

Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++
 
Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptop
 
Coffee script
Coffee scriptCoffee script
Coffee script
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New Rope
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
 
Introduction to Grails
Introduction to Grails Introduction to Grails
Introduction to Grails
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
 
An (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixAn (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nix
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your application
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2
 
Rust言語紹介
Rust言語紹介Rust言語紹介
Rust言語紹介
 
Introduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System LanguageIntroduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System Language
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
GoでKVSを書けるのか
GoでKVSを書けるのかGoでKVSを書けるのか
GoでKVSを書けるのか
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single Threaded
 
Rust-lang
Rust-langRust-lang
Rust-lang
 
part2
part2part2
part2
 
Arp
ArpArp
Arp
 
Native or External?
Native or External?Native or External?
Native or External?
 
Rust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneRust: Systems Programming for Everyone
Rust: Systems Programming for Everyone
 

Semelhante a Cryptography for Smalltalkers

12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
NYversity
 

Semelhante a Cryptography for Smalltalkers (20)

12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptx
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
 
13528 l8
13528 l813528 l8
13528 l8
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptography
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 

Mais de ESUG

Workshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programmingWorkshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programming
ESUG
 
The Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and RoadmapThe Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and Roadmap
ESUG
 
Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...
ESUG
 
Analyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early resultsAnalyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early results
ESUG
 
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
ESUG
 
A Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test GenerationA Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test Generation
ESUG
 
Creating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic ProgrammingCreating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic Programming
ESUG
 
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesThreaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
ESUG
 
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience ReportExploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience Report
ESUG
 
Pharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIsPharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIs
ESUG
 
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseImproving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
ESUG
 
Pharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and FuturePharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and Future
ESUG
 
A New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and TransformationsA New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and Transformations
ESUG
 

Mais de ESUG (20)

Workshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programmingWorkshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programming
 
Technical documentation support in Pharo
Technical documentation support in PharoTechnical documentation support in Pharo
Technical documentation support in Pharo
 
The Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and RoadmapThe Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and Roadmap
 
Sequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in PharoSequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in Pharo
 
Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...
 
Analyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early resultsAnalyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early results
 
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
 
A Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test GenerationA Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test Generation
 
Creating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic ProgrammingCreating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic Programming
 
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesThreaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
 
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience ReportExploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience Report
 
Pharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIsPharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIs
 
Garbage Collector Tuning
Garbage Collector TuningGarbage Collector Tuning
Garbage Collector Tuning
 
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseImproving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
 
Pharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and FuturePharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and Future
 
thisContext in the Debugger
thisContext in the DebuggerthisContext in the Debugger
thisContext in the Debugger
 
Websockets for Fencing Score
Websockets for Fencing ScoreWebsockets for Fencing Score
Websockets for Fencing Score
 
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScriptShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
 
Advanced Object- Oriented Design Mooc
Advanced Object- Oriented Design MoocAdvanced Object- Oriented Design Mooc
Advanced Object- Oriented Design Mooc
 
A New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and TransformationsA New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and Transformations
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Cryptography for Smalltalkers

  • 1. Cryptography for Smalltalkers Martin Kobetic Cincom Smalltalk Development ESUG 2004
  • 2. To get the VW presentation  in the open repository in a bundle called Presentations-MK, class ESUG04Crypto. To load it and open it up in a recent version of VW just run this:  | profile |profile := Store.ConnectionProfile newname: 'open repository';driverClassName: 'PostgreSQLEXDIConnection'; environment: 'store.cincomsmalltalk.com:5432_store_public'; userName: 'guest'; password:'guest';yourself.  Store.RepositoryManager addRepository: profile;Store.DbRegistry connectTo: profile.Store.Bundle newestVersionWithName: 'Presentations-MK') loadSrc.ESUG04Crypto open
  • 3. Cryptographic Objectives  confidentiality – encryption  integrity – message authentication codes (MAC)  authentication – signatures
  • 4. Encryption  E(P)= C & D(C) = P  symmetric (secret) key ciphers – EK(P) = C & DK(C) = P  asymmetric (public) key ciphers – EK1(P) = C & DK2(C) = P  one-time pad
  • 5. Secret Key Ciphers  bulk data encryption  built from simple, fast operations (xor, shift, x + y mod n, ...)  two fundamental classes – stream ciphers (RC4) – block ciphers (DES/AES)
  • 6. Secret Key Ciphers key := ‘secret key’ asByteArray. alice := ARC4 key: key. msg := ‘Hello’ asByteArrayEncoding: #utf_8. msg := alice encrypt: ‘Hello’ msg asString. bob := ARC4 key: key. bob decryptInPlace: msg from: 1 to: 4. msg asStringEncoding: #utf_8.
  • 7. Stream Ciphers  time-varying transformation on individual plain- text digits key-stream generator: k1, k2, k3, .... State S, NextState(S), Output(S) E: ci = pi xor ki D: pi = ci xor ki  Pike, A5, RC4, SEAL  key reuse is catastrophic! (a xor k) xor (b xor k) = a xor b
  • 8. RC4 (1992)  leakedtrade secret of RSA Security (1994)  256 byte S-Box; 2 counters i=j=0 S-Box initialization: next key-stream byte: S = 0, ..., 255 i = (i + 1) mod 256 K = 256B of replicated key j = (j+Si) mod 256 for i=0 to 255: swap Si and Sj j = (j + Si + Ki) mod 256 t = (Si + Sj) mod 256 swap Si and Sj K = St
  • 9. RC4 alice := ARC4 key: key. msg := alice encrypt: 'Hello' asByteArray. msg asHexString. bob := ARC4 key: key. (bob decrypt: msg) asString
  • 10. Block Ciphers  fixed transformation on blocks of plaintext (e.g 64, 128 bits)  basic transformation applied in rounds  DES, IDEA, CAST, Blowfish, RC2, RC5
  • 11. DES (1977)  csrc.nist.gov: FIPS PUB 46 (1977)  FIPS PUB 46-3 (1999) – triple DES still approved – single DES legacy systems only  64 bit block size  56 bit key (64 bits with parity)  16 rounds using 48 bit subkeys
  • 12. Block Ciphers - Padding key := ‘secret8B’ asByteArray. alice := DES key: key. alice encrypt: ‘Hello World!’ asByteArray. alice := BlockPadding on: DES new. alice setKey: key. (alice encrypt: ‘Hello World!’ asByteArray) asString.
  • 13. Block Ciphers - Padding  must be reversible  pad with bits “100…0”  pad with padding size (1-8) – aka PKCS#5 padding  ciphertext stealing – different for different modes (ECB, CBC)  some modes don’t need padding
  • 14. Block Ciphers - ECB  electronic codebook mode  Ci = Ek(Pi)  Pi = Dk(Ci)  don’t use !
  • 15. Block Ciphers - CBC  cipher block chaining mode  Ci = Ek(Pi xor Ci-1)  Pi = Ci-1 xor Dk(Ci)  initialization vector (IV) – isn’t secret but unique, random – timestamp, nonce, random nr
  • 16. Block Ciphers - CBC alice := CipherBlockChaining on: DES new iv: ‘nonce 8B’ asByteArray. alice setKey: ‘secret8B’ asByteArray. msg := ‘a block a block ’ asByteArray. msg := alice encrypt: msg. msg asString
  • 17. Block Ciphers - CBC alice := DES newBP_CBC. alice setKey: 'secret8B' asByteArray. alice setIV: 'nonce 8B' asByteArray. msg := 'Hello World!' asByteArray. msg := alice encrypt: msg. msg asString.
  • 18. Block Ciphers - OFB  output feedback mode  Si = Ek(Si-1)  Ci = Pi xor Si  Pi = Ci xor Si  like synchronous stream cipher (OutputFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
  • 19. Block Ciphers - CTR  counter mode  Si := Ek(Nonce || i)  Ci = Pi xor Si  Pi = Ci xor Si  OFB variant
  • 20. Block Ciphers - CFB  cipher feedback mode  Ci = Pi xor Ek(Ci-1)  Pi = Ci xor Ek(Ci-1)  like self-synchronizing stream cipher (CipherFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
  • 21. Block Ciphers - Mixing  interleaving – parallelizing “chained” modes  multiple encryption with single cipher – double encryption – no good – 3EDE (inner/outer CBC)  cascading different ciphers
  • 22. Block Ciphers - Mixing des3 := TrippleEDEOuterCBC first: DES new second: DES new third: DES new. des3 := DES new3EDE_CBC. des3 setKey: ’24bytes for 3 keys’ asByteArray. des3 setIV: ‘nonce 8B’ asByteArray.
  • 23. AES (2001)  NIST FIPS PUB 197 (2001) - Rijndael  15 submissions (1998)  5 finalists: MARS, Serpent, Twofish, RC6  modes: ECB, CBC, CFB, OFB, CTR  block size 128 bits  key sizes 128, 192, 256 bits  10, 12, 14 rounds
  • 24. Blowfish (1993)  http://www.counterpane.com/blowfish.html  block size 64-bits  variable key size 32-448 bits  not patented, royalty-free  2 parts: key expansion & data encryption  16 rounds, key dependent S-Boxes
  • 25. Books  Anderson: Security Engineering  Ferguson, Schneier: Practical Cryptography  Kahn: The Codebreakers, …  Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography  Schneier, B: Applied Cryptography