Mais conteúdo relacionado
Semelhante a PHP7.2와 모던 암호학 (20)
PHP7.2와 모던 암호학
- 9. Libsodium
• NaCl(salt) (2008-2010)
• Networking and cryptography library, high-speed software library for
network communication, encryption, decryption, signature, etc.
• US EU Funding
• C(with inline assembler), C++, Python Wrapper
• Libsodium NaCl Cross-Platform (2013)
•
• 2017 PHP7.2
- 10. Argon2
• Side Channel Attack Hash Algorithm
• 2015
• password_hash Libsodium , Libsodium
password_hash BCRYPT . (
7.2 )
• password_hash Libsodium
• Libsodium
• hash
- 11. Argon2
$password = 'secret password';
$hash = password_hash($password, PASSWORD_ARGON2I);
echo $hash . PHP_EOL;
if (password_verify($password, $hash)) {
echo 'valid password' . PHP_EOL;
if(password_needs_rehash($hash, PASSWORD_ARGON2I)) {
echo 'save new password hash' . PHP_EOL;
}
} else {
echo 'invalid password!' . PHP_EOL;
}
$argon2i$v=19$m=1024,t=2,p=2$RWRRb01PMnRETU8zMXNrag$/
BKnBpq0Yl82OsimPaNn/SlnAuaGsYWi3H95bfZKFSc
valid password
- 12. Argon2
$password = 'secret password';
$hash = sodium_crypto_pwhash_str(
$password,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);
echo $hash . PHP_EOL;
if (sodium_crypto_pwhash_str_verify($hash, $password)) {
sodium_memzero($password);
echo 'valid password' . PHP_EOL;
if (sodium_crypto_pwhash_str_needs_rehash($hash,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)) {
echo 'save new password hash' . PHP_EOL;
}
} else {
sodium_memzero($password);
echo 'invalid password!' . PHP_EOL;
}
$argon2id$v=19$m=65536,t=2,p=1$zYnVgQGMf+YpTKZzTvqv2g$XHM3XJpOOgeQvibBX9fY4OB
6CA06aJVcsF+DmMFOMtc
valid password
- 13. Hash
• Rainbow table , Collision Attack
• Libsodium generic hash BLAKE2b
• short hash SipHash-2-4
• Libsodium
• PHP hash MD5 SHA-1
. SHA-256 SHA-512
- 14. Hash
$hash = sodium_bin2hex(sodium_crypto_generichash('message'));
echo $hash . PHP_EOL;
2e7836cc18ab1db2a2e239ebf4043772b3359520198b5fd55443b01a1023a5b0
$key = random_bytes(SODIUM_CRYPTO_SHORTHASH_KEYBYTES);
$hash = sodium_bin2hex(sodium_crypto_shorthash('message', $key));
echo $hash . PHP_EOL;
7b02d09fb8bd2289
$hash = hash('sha256', 'message');
echo $hash . PHP_EOL;
ab530a13e45914982b79f9b7e3fba994cfd1f3fb22f71cea1afbf02b460c6d1d
- 16. Secret Key
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
$message = 'secret message';
$cipher_text = sodium_bin2hex(sodium_crypto_secretbox($message, $nonce, $key));
sodium_memzero($message);
echo $cipher_text . PHP_EOL;
9bb7d572868a8ddb773398fd107b3ccbf8f6dd010809bb1f76008a4a2abc
$plain_text = sodium_crypto_secretbox_open(sodium_hex2bin($cipher_text), $nonce, $key);
echo $plain_text . PHP_EOL;
secret message
- 18. Public Key
$key_pair = sodium_crypto_box_keypair();
$public_key = sodium_crypto_box_publickey($key_pair);
$message = 'secret message';
$cipher_text = sodium_bin2hex(sodium_crypto_box_seal($message, $public_key));
sodium_memzero($message);
echo $cipher_text . PHP_EOL;
03fb2a60f2dbbe74c5f5eb2a9d13ea6a58c44badd2aa0963ff096c5b344bc5358a724badf814fa22c5566d
8b36867ddbf9ceb4fccbb77a3f303a037429ea
$plain_text = sodium_crypto_box_seal_open(sodium_hex2bin($cipher_text), $key_pair);
echo $plain_text . PHP_EOL;
secret message