SlideShare uma empresa Scribd logo

Crypto workshop part 3 - Don't do this yourself

H
hannob

Slides from a workshop I held on cryptography for web developers. Part 3 is about the complexity of writing crypto code and why you should avoid doing it yourself it you're not a real expert. https://blog.hboeck.de/archives/849-Slides-from-cryptography-workshop-for-web-developers.html

InternetTecnologiaEducação
1 de 13
Baixar para ler offline
How do I create my own crypto? Crypto pitfalls misc Cryptography for Software and Web Developers Part 3: Don’t do this yourself Hanno B¨ock 2014-05-28 1 / 13
How do I create my own crypto? Crypto pitfalls misc How do I create my own super-secure crypto protocol? Just don’t! 2 / 13
How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system If you ever heard an introduction to crypto you might have learned about RSA like this M = Message, (N, e) = public key, (N, d) = private key Encrypt(M) = Me mod N, Decrypt(M) = Md mod N Don’t do this! This so-called textbook-RSA is completely insecure Real RSA: You need padding and for encryption you use some hybrid between RSA and symmetric encryption like AES 3 / 13
How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system Sidechannels are all attacks where you don’t directly target the crypto, but some kind of ”information” you get otherwise Most popular: timing But also: noise, power usage, radiation, cache behavior (virtualization!), ... Hard to prevent 4 / 13
How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system Zombie vulnerabilities: you already killed them but they come back Padding oracle (2002), came back as timing vulnerability in 2013 (Lucky Thirteen) Bleichenbacher Million Message attack (1998) against RSA PKCS #1 1.5 comes back every now and then, last time in Java and OpenSSL 5 / 13
How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system ”We use 256 bit AES, so we are secure”, ”We use elliptic curves, so we are secure”, ”we use [insert buzzword here], so we are secure” You can create insecure systems out of secure building blocks Lucky Thirteen again: RSA, AES, CBC and HMAC are all fine. But TLS sticks them together in an insecure way 6 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Cryptography is complex To write secure crypto code you need to have a pretty good knowledge of the research of the past 20 years randomness, timing, sidechannels, blinding, padding, ... If someone wants to sell you the latest and greatest new crypto solution, ask: Who in your team has lots of experience in crypto? 7 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Unless you *really* know what you are doing the best advice is: Never do your own crypto. And I mean on all layers: Algorithms, protocols, software. If you implement your own crypto it will be insecure. Not ”may”. It will. 8 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Re-use something existing like TLS, OpenPGP or CMS with a well-established software. (OpenSSL is bad, but it is still amongst the best you can get for this task) If this is not a webpage but your own app/software: You can avoid almost all problems of TLS by not relying on the CA system and by using TLS 1.2 with just one or two secure cipher suites. Or use a fool-proof library like NaCl. 9 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions If you use other people’s software: You need an update strategy Happens far too often: ”Great, it’s open source, we can modify the code and adjust it to our needs.” Yes, you can. However, then you may have to re-do that on every security update. (Not just in crypto, I see this a lot with web apps.) 10 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions ”The security of a cryptosystem should depend solely on the secrecy of the key and the private randomizer” (Wikipedia) Or in other words: Security by obscurity is not a good idea There are countless people out there who’ll say: ”We know ’security by obscurity’ is bad, but in our case it’s different.” Pretty clear security red flag. 11 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions The problem with crypto implementations: Sometimes their API encourages misuse. You want to verify a certificate. What does that mean? It’s syntactically correct? It contains a valid signature? By someone special or by anyone? And most important of all: What does this certificate certify after all? Very popular bug: Yeah, this is a valid certificate. For evilhacker.org? That’s fine, we’ll grab our updates from there. 12 / 13
How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Never invent your own crypto algorithms. Never invent your own crypto protocols. Never write your own crypto code. Don’t believe in security by obscurity. Even when using crypto APIs you should understand what you’re doing and be aware what you’re checking. 13 / 13

Recomendados

Circuit complexity
Circuit complexityCircuit complexity
Circuit complexity
Ami Prakash
 
Parallel Computing 2007: Overview
Parallel Computing 2007: OverviewParallel Computing 2007: Overview
Parallel Computing 2007: Overview
Geoffrey Fox
 
Parallel computing
Parallel computingParallel computing
Parallel computing
virend111
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
OwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
Filip Šebesta
 
Security & Cryptography In Linux
Security & Cryptography In LinuxSecurity & Cryptography In Linux
Security & Cryptography In Linux
Ahmed Mekkawy
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hacking
Ham'zzah Mir-zza
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 

Recomendados

Circuit complexity
Circuit complexityCircuit complexity
Circuit complexity
Ami Prakash
 
Parallel Computing 2007: Overview
Parallel Computing 2007: OverviewParallel Computing 2007: Overview
Parallel Computing 2007: Overview
Geoffrey Fox
 
Parallel computing
Parallel computingParallel computing
Parallel computing
virend111
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
OwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
Filip Šebesta
 
Security & Cryptography In Linux
Security & Cryptography In LinuxSecurity & Cryptography In Linux
Security & Cryptography In Linux
Ahmed Mekkawy
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hacking
Ham'zzah Mir-zza
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
Zoltan Balazs
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped future
Michael Renner
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
PCI OWASP Course Storyboard
PCI OWASP Course StoryboardPCI OWASP Course Storyboard
PCI OWASP Course Storyboard
Jim Piechocki
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docx
JeniceStuckeyoo
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
Alex Payne
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
amiable_indian
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSec
YashSomalkar
 
Top 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk FactorsTop 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk Factors
Maxim Kozlovsky
 
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
Codemotion
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
Robert Leong
 
Honeypots
HoneypotsHoneypots
Honeypots
Jyoti Nagargoje
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Breaking ssl
Breaking sslBreaking ssl
Breaking ssl
Vinayak Raghuvamshi
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
Zoltan Balazs
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
abnmi
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3
hannob
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)
hannob
 

Mais conteúdo relacionado

Semelhante a Crypto workshop part 3 - Don't do this yourself

OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped future
Michael Renner
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docx
JeniceStuckeyoo
 
Top 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk FactorsTop 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk Factors
Maxim Kozlovsky
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
Robert Leong
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
abnmi
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 

Semelhante a Crypto workshop part 3 - Don't do this yourself (20)

How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped future
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
PCI OWASP Course Storyboard
PCI OWASP Course StoryboardPCI OWASP Course Storyboard
PCI OWASP Course Storyboard
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docx
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSec
 
Top 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk FactorsTop 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk Factors
 
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
Situational Awareness, Botnet and Malware Detection in the Modern Era - Davi...
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Breaking ssl
Breaking sslBreaking ssl
Breaking ssl
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 

Mais de hannob

SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
hannob
 

Mais de hannob (10)

The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)
 
Some tales about TLS
Some tales about TLSSome tales about TLS
Some tales about TLS
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?
 
Papierlos
PapierlosPapierlos
Papierlos
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malware
 
SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
 
Stromsparen
StromsparenStromsparen
Stromsparen
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oil
 

Último

一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Último (20)

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 

Crypto workshop part 3 - Don't do this yourself

  • 1. How do I create my own crypto? Crypto pitfalls misc Cryptography for Software and Web Developers Part 3: Don’t do this yourself Hanno B¨ock 2014-05-28 1 / 13
  • 2. How do I create my own crypto? Crypto pitfalls misc How do I create my own super-secure crypto protocol? Just don’t! 2 / 13
  • 3. How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system If you ever heard an introduction to crypto you might have learned about RSA like this M = Message, (N, e) = public key, (N, d) = private key Encrypt(M) = Me mod N, Decrypt(M) = Md mod N Don’t do this! This so-called textbook-RSA is completely insecure Real RSA: You need padding and for encryption you use some hybrid between RSA and symmetric encryption like AES 3 / 13
  • 4. How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system Sidechannels are all attacks where you don’t directly target the crypto, but some kind of ”information” you get otherwise Most popular: timing But also: noise, power usage, radiation, cache behavior (virtualization!), ... Hard to prevent 4 / 13
  • 5. How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system Zombie vulnerabilities: you already killed them but they come back Padding oracle (2002), came back as timing vulnerability in 2013 (Lucky Thirteen) Bleichenbacher Million Message attack (1998) against RSA PKCS #1 1.5 comes back every now and then, last time in Java and OpenSSL 5 / 13
  • 6. How do I create my own crypto? Crypto pitfalls misc Example: RSA Sidechannels Zombie vulnerabilities Secure blocks, insecure system ”We use 256 bit AES, so we are secure”, ”We use elliptic curves, so we are secure”, ”we use [insert buzzword here], so we are secure” You can create insecure systems out of secure building blocks Lucky Thirteen again: RSA, AES, CBC and HMAC are all fine. But TLS sticks them together in an insecure way 6 / 13
  • 7. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Cryptography is complex To write secure crypto code you need to have a pretty good knowledge of the research of the past 20 years randomness, timing, sidechannels, blinding, padding, ... If someone wants to sell you the latest and greatest new crypto solution, ask: Who in your team has lots of experience in crypto? 7 / 13
  • 8. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Unless you *really* know what you are doing the best advice is: Never do your own crypto. And I mean on all layers: Algorithms, protocols, software. If you implement your own crypto it will be insecure. Not ”may”. It will. 8 / 13
  • 9. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Re-use something existing like TLS, OpenPGP or CMS with a well-established software. (OpenSSL is bad, but it is still amongst the best you can get for this task) If this is not a webpage but your own app/software: You can avoid almost all problems of TLS by not relying on the CA system and by using TLS 1.2 with just one or two secure cipher suites. Or use a fool-proof library like NaCl. 9 / 13
  • 10. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions If you use other people’s software: You need an update strategy Happens far too often: ”Great, it’s open source, we can modify the code and adjust it to our needs.” Yes, you can. However, then you may have to re-do that on every security update. (Not just in crypto, I see this a lot with web apps.) 10 / 13
  • 11. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions ”The security of a cryptosystem should depend solely on the secrecy of the key and the private randomizer” (Wikipedia) Or in other words: Security by obscurity is not a good idea There are countless people out there who’ll say: ”We know ’security by obscurity’ is bad, but in our case it’s different.” Pretty clear security red flag. 11 / 13
  • 12. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions The problem with crypto implementations: Sometimes their API encourages misuse. You want to verify a certificate. What does that mean? It’s syntactically correct? It contains a valid signature? By someone special or by anyone? And most important of all: What does this certificate certify after all? Very popular bug: Yeah, this is a valid certificate. For evilhacker.org? That’s fine, we’ll grab our updates from there. 12 / 13
  • 13. How do I create my own crypto? Crypto pitfalls misc Crypto is complex Don’t do it What to use But remember: Updates Kerkhoff’s principle API messup Conclusions Never invent your own crypto algorithms. Never invent your own crypto protocols. Never write your own crypto code. Don’t believe in security by obscurity. Even when using crypto APIs you should understand what you’re doing and be aware what you’re checking. 13 / 13