This is an introduction to cryptography talk I did at PHP Warwickshire. It was largely focussed at a PHP developer audience, hence the large focus on one-way cryptography.
For more info see: https://northernoptic.com/2015/10/29/why-you-need-cryptography-junade-ali-at-php-warwickshire
6. You hash it of course!
• Hashes are one-way cryptographic functions.
Maps any data to a fixed length string.
• The hash should be non-invertible, it is infeasible
to turn the hash back into the input.
• On a good algorithm, the Avalanche Effect
means if you alter the input slightly, the output is
completely different. This makes it harder to
guess the input.
7. But how…?
• Use a key derivation function like PBKDF2 or
BCrypt.
• That way the crypto is handled for you,
preventing homebrew insecure crypto.
• Some would argue BCrypt is better than
PBKDF2 because it can’t be GPU accelerated.
8. PHP Password
Functions
• PHP 5.5.0 made things easy:
• password_hash - to hash passwords
• password_verify - Check a password matches
the hash
• password_needs_rehash - check if a hash
matches the algorithm supplied
9. Homebrew Crypto is Bad
• You’re probably not a cryptographer.
• Real key derivation functions are peer reviewed
by mathematicians, cryptographers, computer
scientists; professional and amateur alike.
• Complicated code doesn’t provide better
security. Byte shuffling adds no security, neither
does base64 encoding.
15. Dictionary Attack
• Rainbow Tables help you do Dictionary Attacks
quicker.
• You simply check if an unsalted hash appears in
a pre-computed database of hashes.
• If the hash is the same for every hash in the
algorithm you can simply pre-compute a
database of hashes using known passwords with
that salt.
16. The Caveat…
• If a user’s password is not in any publicly known
database of pre-computed hashes, it is secure
from Rainbow Tables.
• Hence one reason why you should use strong
unique passwords.
17. Therefore…
• We hash our passwords.
• We salt our hashes.
• We use a unique salt for each password we
hash.
• This is easily handled by the password_hash
function in PHP.
18. Hashes have other uses
• Hashes aren’t great for just for key derivation.
• One other use is in file integrity validation, this is
particularly useful in SSL/TLS certificates.
19. A Ideal Hash Algorithm
• A hash must be easy to compute.
• It must be impractical to turn the hash back into
the original input (non-invertible).
• The hash does not have two inputs which lead to
the same (collision resistance).
20. Collision Resistance
• Where h() is a hash function, a collision is where
h(A) = h(B), but A ≠ B.
• Where two different inputs produce the same
hash.
• They are inevitable given the pigeonhole
principle.
21. Pigeonhole Principle
• Given a hash is a fixed length string there are
only a finite number of variations.
• On the other hand the input can be infinitely long.
• Therefore there must be more than one input
which has the same hash output.
• I.e. A collision is inevitable.
22. The Birthday Problem
• The chance of 2 people having the same
birthday reaches 100% when you have 366
people according to the Pigeonhole Principle.
• However the probability reaches 99% with just 57
people.
24. The Birthday Attack
• The Birthday Problem can be used to find hash
collisions where amount of possible hashes
(pigeonholes) are limited.
• Yuval’s Birthday Attack highlights this.
25. Yuval’s Birthday Attack
• Let n be the bit-length of a hash output.
• With 2n/2 different permutations of the original
message compared to 2n/2 different permutations
of a forged message; you should expect to find a
collision.
26. TLS (very basic overview)
• Server has a CipherSuite ordering.
• Client submits a list of supported ciphers and server chooses
the highest shared cipher (note SSLHonorCipherOrder in
Apache or ssl_prefer_server_ciphers in Nginx).
• Certificate Chain, root certificates sign intermediaries which
eventually sign a site. Server sends this certificate.
• Key exchange protocol to share keys for symmetric
encryption (quicker than asymmetric).
• Integrity check using Message Authentication Code.
27. Best Practice with TLS
• Disabling SSL protocols (and only enabling TLS),
note POODLE on SSLv3.
• HSTS (Strict Transport Security), enforced TLS
with cached time period. Mitigates SSLStrip by
Moxie Marlinspike.
• Forward Secrecy setting ciphers that support it to
be preferred.
• Qualys SSLLabs tests are a good idea.
28. Symmetric Encryption
• Caesar Cipher. Simple offsets, easy to brute
force.
• DES. Proceeded AES, insecure in a lot of
applications.
• Rijndael (AES), TwoFish, Serpent.
29. Plausible Deniability
• Stenography is the practice is hiding one file within another.
• The Rubberhose File System was written by Julian Assange,
Suelette Dreyfus, and Ralf Weinmann.
• Available in VeraCrypt, the successor to TrueCrypt.
• Uses the random padding data surrounding an encrypted
volume to create alternative encrypted volumes.
• Can be cascaded.
• Initially designed for third world dictatorships, but found a use in
the UK due to RIPA.
30. Asymmetric Encryption
• Diffie-Hellman Key Exchange. Malcolm J.
Williamson at GCHQ had already conceived this a
year earlier.
• RSA. Named after Ron Rivest, Adi Shamir, and
Leonard Adleman but was discovered by Clifford
Cocks and James H. Ellis at GCHQ 3 years
earlier.
• ECC (Elliptic Curve Cryptography). Entered wide
use in 2004/2005.
31. Trapdoor Functions
• Asymmetric encryption uses Trapdoor Functions.
• Easy to compute one way, hard the other way.
• For example it is easy to multiply 2 prime
numbers together, harder to find the prime
factors.
32. RSA Revision
• Select two prime numbers p & q.
• n = pq. This is the modulus.
• φ = (p-1)(q-1). This is the totient.
• Calculate integer e where 1 < e < φ and the greatest
common divisor of e and φ is 1.
• Calculate integer d where 1 < d < φ and the congruency
relation ed ≡ 1(mod φ) is satisfied.
• Public key is n & e whereas the the private key is n & d.
33. RSA Revision
• Basic encrypt: me mod n
• Basic decrypt: cd mod n
• Fermat’s Little Theorem underlies this.
• In real life padding is used.
• Note: Mod is the modulo operator (% or the fmod
function in PHP).
34. The Problem
• RSA and Diffie-Hellman rely on the Discrete
Logarithm Problem being difficult to solve.
• RSA relies less heavily on the Discrete Log
Problem than Diffie-Hellman does.
• If a discrete logarithm can be computed easily,
these forms of cryptography face an issue.
35. –Alex Stamos, CTO of Artemis in 2013
“Our conclusion is there is a small but definite
chance that RSA and classic Diffie-Hellman will
not be usable for encryption purposes in four to
five years”
36. Concluding with ECC
ECC provides the only viable and reasonable alternative
to RSA and Diffie-Hellman so far.
37. ECC
• Consists of points satisfying the equation: y2=x3+ax+b
• Faster (over 20 times!) than RSA.
• Already has a Digital Signature alternative to RSA called
ECDSA.
• But ECDSA does require a good source of entropy, a
decent source of (pseudo)random numbers is required.
• No mathematical proof of security. Question of whether
one-way functions truly exist is open.
38. https://ju.je/cryptointro
• A (Relatively Easy To Understand) Primer on
Elliptic Curve Cryptography (Nick Sullivan):
https://blog.cloudflare.com/a-relatively-easy-to-
understand-primer-on-elliptic-curve-
cryptography/
• Guide to Elliptic Curve Cryptography:
http://math.boisestate.edu/~liljanab/MATH508/Gu
ideEllipticCurveCryptography.PDF