Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
23. @adam_englander
Any modern hashing algorithm will
never create collision for an input
value whose size is equal to or less
then the hash output size
63. @adam_englander
–iovation: August 2015 Password Survey
https://s3.amazonaws.com/launchkey-blog/LaunchKey_Password_Survey_Results.pdf
“68% of people reuse passwords”
64. @adam_englander
–Keeper Security: The Most Common Passwords of 2016
https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf
“The top 25 passwords of 2016
constitute over 50% of the 10M
passwords that were analyzed.”
65. @adam_englander
–Keeper Security: The Most Common Passwords of 2016
https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf
“Nearly 17% of users are safeguarding
their accounts with “123456."”
73. @adam_englander
English Message Patterns
• Spaces can be determined based on predictable word patterns
• Single letter words will be either the letter i or a
• In a two letter word, one of the letters is a vowel
• Three letter words mostly start and end with consonants and nearly
always have a vowel in the middle
• The letter e is the most common of all letters
89. @adam_englander
// Generating your encryption key
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
// Generate a random nonce
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
90. @adam_englander
// Generating your encryption key
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
// Generate a random nonce
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
// Using your key to encrypt information
$ciphertext = sodium_crypto_secretbox('test', $nonce, $key);
91. @adam_englander
// Generating your encryption key
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
// Generate a random nonce
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
// Using your key to encrypt information
$ciphertext = sodium_crypto_secretbox('test', $nonce, $key);
// Decrypting a message requires the nonce and key used to encrypt
$plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key);
if ($plaintext === false) {
throw new Exception("Bad ciphertext");
}
93. @adam_englander
Books - Introductory
• The Code Book: The Science of Secrecy from
Ancient Egypt to Quantum Cryptography -
Simon Singh - ISBN: 0-385-49532
94. @adam_englander
Books
• Cryptography Engineering: Design Principles
and Practical Applications - Niels Ferguson,
Bruce Schneier, Tadayoshi Kohno - ISBN:
978-0-470-47424-2
• Serious Cryptography: A Practical Introduction
to Modern Encryption - Jean-Philippe
Aumasson - ISBN: 978-1593278267