PHP7.2와 모던 암호학

•

2 gostaram•1,767 visualizações

Johney Park

모던 암호학의 이슈와 PHP7.2에 추가된 Libsodium에 대한 설명

Engenharia

Side Channel Attack
• , ( )
?
• , , , ,
, , ?
•  
Meltdown, Spectre
• Large Prime Number

Elliptic Curve Cryptography
•
• RSA 3072bit = ECC 256bit
• key
•
• Side Channel Attack

Authenticated Encryption
• Message Authentication Code
•
• (nonce)
•

Libsodium
• NaCl(salt) (2008-2010)
• Networking and cryptography library, high-speed software library for
network communication, encryption, decryption, signature, etc.
• US EU Funding
• C(with inline assembler), C++, Python Wrapper
• Libsodium NaCl Cross-Platform (2013)
•
• 2017 PHP7.2

Argon2
• Side Channel Attack Hash Algorithm
• 2015
• password_hash Libsodium , Libsodium
password_hash BCRYPT . (
7.2 )
• password_hash Libsodium
• Libsodium
• hash

$Argon2 $password = 'secret password'; $hash = password_hash($password, PASSWORD_ARGON2I); echo $hash . PHP_EOL; if (password_verify($password, $hash)) { echo 'valid password' . PHP_EOL; if(password_needs_rehash($hash, PASSWORD_ARGON2I)) { echo 'save new password hash' . PHP_EOL; } } else { echo 'invalid password!' . PHP_EOL; } $argon2i$v=19$m=1024,t=2,p=2$RWRRb01PMnRETU8zMXNrag$/ BKnBpq0Yl82OsimPaNn/SlnAuaGsYWi3H95bfZKFSc valid password$

$Argon2 $password = 'secret password'; $hash = sodium_crypto_pwhash_str( $password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); echo $hash . PHP_EOL; if (sodium_crypto_pwhash_str_verify($hash, $password)) { sodium_memzero($password); echo 'valid password' . PHP_EOL; if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)) { echo 'save new password hash' . PHP_EOL; } } else { sodium_memzero($password); echo 'invalid password!' . PHP_EOL; } $argon2id$v=19$m=65536,t=2,p=1$zYnVgQGMf+YpTKZzTvqv2g$XHM3XJpOOgeQvibBX9fY4OB 6CA06aJVcsF+DmMFOMtc valid password$

Hash
• Rainbow table , Collision Attack
• Libsodium generic hash BLAKE2b
• short hash SipHash-2-4
• Libsodium
• PHP hash MD5 SHA-1
. SHA-256 SHA-512

Hash
$hash = sodium_bin2hex(sodium_crypto_generichash('message'));
echo $hash . PHP_EOL;
2e7836cc18ab1db2a2e239ebf4043772b3359520198b5fd55443b01a1023a5b0
$key = random_bytes(SODIUM_CRYPTO_SHORTHASH_KEYBYTES);
$hash = sodium_bin2hex(sodium_crypto_shorthash('message', $key));
echo $hash . PHP_EOL;
7b02d09fb8bd2289
$hash = hash('sha256', 'message');
echo $hash . PHP_EOL;
ab530a13e45914982b79f9b7e3fba994cfd1f3fb22f71cea1afbf02b460c6d1d

Secret Key
• XSalsa20
• Poly1305 MAC
• nonce
• AEAD AEAD
. ( ..)

Secret Key
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
$message = 'secret message';
$cipher_text = sodium_bin2hex(sodium_crypto_secretbox($message, $nonce, $key));
sodium_memzero($message);
echo $cipher_text . PHP_EOL;
9bb7d572868a8ddb773398fd107b3ccbf8f6dd010809bb1f76008a4a2abc
$plain_text = sodium_crypto_secretbox_open(sodium_hex2bin($cipher_text), $nonce, $key);
echo $plain_text . PHP_EOL;
secret message

Public Key
• X25519 XSalsa20
• Poly1305 MAC

Public Key
$key_pair = sodium_crypto_box_keypair();
$public_key = sodium_crypto_box_publickey($key_pair);
$message = 'secret message';
$cipher_text = sodium_bin2hex(sodium_crypto_box_seal($message, $public_key));
sodium_memzero($message);
echo $cipher_text . PHP_EOL;
03fb2a60f2dbbe74c5f5eb2a9d13ea6a58c44badd2aa0963ff096c5b344bc5358a724badf814fa22c5566d
8b36867ddbf9ceb4fccbb77a3f303a037429ea
$plain_text = sodium_crypto_box_seal_open(sodium_hex2bin($cipher_text), $key_pair);
echo $plain_text . PHP_EOL;
secret message

Reference
• Official site 
https://www.gitbook.com/book/jedisct1/
libsodium/details
• Paragon IE 
https://paragonie.com/book/pecl-
libsodium

Mais conteúdo relacionado

Mais procurados

2016 TTL Security Gap Analysis with Kali Linux

Jason Murray

The talk will start explaining how Tor project can help us to the research and development of tools for online anonymity and privacy of its users while surfing the Internet, by establishing virtual circuits between the different nodes that make up the Tor network. Later, we will review main tools for discover hidden services in tor network with osint tools. Finally we will use python for extracting information from tor network with specific modules like stem https://stem.torproject.org/ These could be the main points of the talk: - Introduction to Tor project and hidden services - Discovering hidden services with osint tools - Extracting information from tor network with python

osint + python: extracting information from tor network and darkweb

Jose Manuel Ortega Candel

I'm Cuckoo for Malware provides an introductory overview to Cuckoo Sandbox and Malware Analysis. This talk walks through discussing different types of malware and what they do, to explaining how Cuckoo Sandbox works and how to get the best results from it. The talk will cover how to harden your sandbox against Malware authors attempts to avoid analysis and give ideas for listeners wanting to set up custom environments of their own. The goal of the talk is to allow listeners with enough information so that they can begin analyzing malware in their own Cuckoo-based sandbox environment.

Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"

Lane Huff

Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]

RootedCON

Fileextraction with suricata

MrArora Arjuna

Hacking the Gateways

Onur Alanbel

Proofpoint Emerging Threats Suricata 5.0 Webinar

Jason Williams

In late 2016 an anonymous user posted on an hacking forum the source code of an IoT based botnet, named Mirai. A year and a half later, the released code has been adapted and modified by multiple authors, creating a myriad of copycats and generating some of the biggest botnet attacks in history. The talk will be focused on why and how this was possible, starting with an overview of the initial attacks, continuing on with the evolution of Mirai-based IoT botnets compared to the original released source code. Finally, the presention will end with an overview of the present situation of these botnets based on the data we collected.

Dario Durando - IoT: Battle of Bots [rooted2018]

RootedCON

Kasza smashing the_jars

PacSecJP

DEF CON 27 - ROGER DINGLEDINE -tor censorship arms race

Felipe Prado

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low-profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection from IDS/IPS or monitoring systems. This tool gathers information and use a combination of honeypots to trick Automation Systems to give us their network credentials! We will build a physical network & infrastructure lab to show how CIRCO works (live demo) Major features for release v1.5: - Allow existing IP-Phone to co-exist with CIRCO - Eliminate template files (craft all packets) - Support NTP exfiltration - Software encrypted via Bluetooth (prevent forensic) - Self destroy and alarm switch - Bypass active & passive fingerprinting (NAC) - Credentials integration into Faraday

[CB19] CIRCO: Cisco Implant Raspberry Controlled Operations by Emilio Couto

CODE BLUE

BalCCon2k18 - Towards the perfect cryptocurrency wallet

Nemanja Nikodijević

DDoS Challenges in IPv6 environment

Pavel Odintsov

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance on how RFID proximity badge systems work. We'll cover what you'll need to build out your own RFID physical penetration toolkit, and how to easily use an Arduino microcontroller to weaponize commercial RFID badge readers -- turning them into custom, long range RFID hacking tools. This presentation will NOT weigh you down with theoretical details, discussions of radio frequencies and modulation schemes, or talk of inductive coupling. It WILL serve as a practical guide for penetration testers to understand the attack tools and techniques available to them for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas. Schematics and Arduino code will be released, and 100 lucky audience members will receive a custom PCB they can insert into almost any commercial RFID reader to steal badge info and conveniently save it to a text file on a microSD card for later use (such as badge cloning). This solution will allow you to read cards from up to 3 feet away, a significant improvement over the few centimeter range of common RFID hacking tools. Some of the topics we will explore are: * Overview of best RFID hacking tools available to get for your toolkit * Stealing RFID proximity badge info from unsuspecting passers-by * Replaying RFID badge info and creating fake cloned cards * Brute-forcing higher privileged badge numbers to gain data center access * Attacking badge readers and controllers directly * Planting PwnPlugs, Raspberry Pis, and similar devices as physical backdoors to maintain internal network access * Creating custom RFID hacking tools using the Arduino * Defending yourself from RFID hacking threats This DEMO-rich presentation will benefit both newcomers and seasoned professionals of the physical penetration testing field.

RFID Hacking: Live Free or RFID Hard

Bishop Fox

The day I ruled the world (RootedCON 2020)

Javier Junquera

proxy2: HTTPS pins and needles

inaz2

FastNetMon Advanced DDoS detection tool

Pavel Odintsov

Penetration Testing Boot CAMP

Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert

Pyongyang Fortress

Mayank Dhiman

Kali Linux - Falconer

Tony Godfrey

Mais procurados (20)

2016 TTL Security Gap Analysis with Kali Linux

osint + python: extracting information from tor network and darkweb

Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"

Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]

Fileextraction with suricata

Hacking the Gateways

Proofpoint Emerging Threats Suricata 5.0 Webinar

Dario Durando - IoT: Battle of Bots [rooted2018]

Kasza smashing the_jars

DEF CON 27 - ROGER DINGLEDINE -tor censorship arms race

[CB19] CIRCO: Cisco Implant Raspberry Controlled Operations by Emilio Couto

BalCCon2k18 - Towards the perfect cryptocurrency wallet

DDoS Challenges in IPv6 environment

RFID Hacking: Live Free or RFID Hard

The day I ruled the world (RootedCON 2020)

proxy2: HTTPS pins and needles

FastNetMon Advanced DDoS detection tool

Penetration Testing Boot CAMP

Pyongyang Fortress

Kali Linux - Falconer

Semelhante a PHP7.2와 모던 암호학

解密解密

Tom Chen

Phpstormを使いこなす

Yutaka Tachibana

WebRTC と Native とそれから、それから。

tnoho

OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...

OpenNebula Project

Presentation covers various cyber security aspects that are stands behind the AAA-Level game projects. And what is most important it covers a practically proven way to provision own data (game services) in 22 geographical locations in 22 minutes, using opensource solution - OpenNebula and it's DDC features. During this 22 minutes you receive fully distributed mesh infrastructure, located in 22 different geo locations (datacenters) provisioned using only bare metal hardware servers, with preconfigured GNU/Linux OS and preconfigured VM on top of each server. Each server has own control server in own region with backconect to 'mother' server in central location with High Availability configured, own network segments in each datacenter, elastic IP's, Backend Transfer Facilities, Local BGP.

OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...

Dmytro Korzhevin

Advanced SOHO Router Exploitation XCON

Lyon Yang

Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...

Peter Kálnai

Advances in Open Source Password Cracking

n|u - The Open Security Community

Cryto Party at CCU

Jose L. Quiñones-Borrero

A 5 security x line platform

LINE Corporation

DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...

Felipe Prado

OSINT tools for security auditing [FOSDEM edition]

Jose Manuel Ortega Candel

PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...

CODE BLUE

Django cryptography

Erik LaBianca

The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. The presentation also details a competing Amazon-style approach called HTTP Signatures and digs into the architectural differences of all three, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, “I could write this myself.”

2016 JavaOne Deconstructing REST Security

David Blevins

Common crypto attacks and secure implementations

Trupti Shiralkar, CISSP

Cryptography for Absolute Beginners (May 2019)

Svetlin Nakov

Using Cryptography Properly in Applications

Great Wide Open

La curva de aprendizaje para la seguridad es severa e implacable. Las especificaciones prometen una flexibilidad infinita y habitualmente dan nuevos nombres a los conceptos antiguos. Esta sesión profundiza el estado actual y evolución que la seguridad en arquitecturas basadas en servicios REST han requerido con conceptos competitivos como OAuth 2.0 en el mundo mobile y HTTP signatures utilizado por Amazon en API's B2B. Finalmente, se analiza un nuevo borrador de Internet lanzado este año que los combina a ambos en el sistema perfecto de dos factores que podría proporcionar una consolidación para los escenarios de REST mobile y de negocios.

2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest

César Hernández

Kernel Security for 2.8 - Kernel Summit 2004

James Morris

Semelhante a PHP7.2와 모던 암호학 (20)

解密解密

Phpstormを使いこなす

WebRTC と Native とそれから、それから。

OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...

OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...

Advanced SOHO Router Exploitation XCON

Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...

Advances in Open Source Password Cracking

Cryto Party at CCU

A 5 security x line platform

DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...

OSINT tools for security auditing [FOSDEM edition]

PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...

Django cryptography

2016 JavaOne Deconstructing REST Security

Common crypto attacks and secure implementations

Cryptography for Absolute Beginners (May 2019)

Using Cryptography Properly in Applications

2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest

Kernel Security for 2.8 - Kernel Summit 2004

Último

African Journal of Biological Sciences is an International peer-reviewed, Open Access journal that publishes original research articles as well as review articles in all areas of Biological Sciences. It operates a fully open access publishing model which allows open global access to its published content. This model is supported through Article Processing Charges. For more information on Article Processing charges click here. Its scope embraces Animal Sciences, Biochemistry, Bioinformatics, Biotechnology, Botany, Cell Biology, Developmental Biology, Ecology, Environmental Sciences, Ethno Medicine, Food Science, Freshwater Biology, Genetics, Immunology, Marine Biology, Microbiology, Molecular Biology, Physiology, Plant Sciences, Structural Biology,Toxicology,Zoology etc. It is essential that authors prepare their manuscripts according to established specifications. Failure to follow them may result in papers being delayed or rejected. Therefore, contributors are strongly encouraged to read the author guidelines carefully before preparing a manuscript for submission. The manuscripts should be checked carefully for grammatical, punctuation errors. All papers are subjected to peer review. All articles published in this journal represent the opinion of the authors and not reflect the official policy of the Journal of African Journal of Biological Sciences

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...

Christo Ananth

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineers. By Dr. Costas Sachpazis. A Technical Report provides information on Geotechnical Exploration and testing procedures, analysis techniques, allowable criteria, design procedures, and construction consideration for the selection, design, and installation of sheet pile walls. "Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineers" by Dr. Costas Sachpazis provides an in-depth look into the engineering, design, and construction of sheet pile walls. The book details geotechnical exploration, testing procedures, and analysis techniques essential for determining soil properties and stability under various conditions, including seismic activity. It also covers the impact of groundwater on wall design and offers methods for controlling it during construction. Practical considerations for confined space work and the use of emerging technologies in sheet pile construction are discussed. The guide serves as a comprehensive resource for civil engineers aiming to enhance their expertise in creating durable and effective sheet pile wall solutions for complex engineering projects.

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...

Dr.Costas Sachpazis

Call Girl Aurangabad Indira Call Now: 8617697112 Aurangabad Escorts Booking Contact Details WhatsApp Chat: +91-8617697112 Aurangabad Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Aurangabad understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik Booking Contact Details WhatsApp Chat: +91-7001035870 Nashik Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nashik understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik

Call Girls in Nagpur High Profile

AKTU Computer Networks notes --- Unit 3.pdf

ankushspencer015

The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss This Chance Of Getting Into My Sexy Boobs? Booking Contact Details WhatsApp Chat: +91-8250192130 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 30-april-2024(v.n)

The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...

ranjana rawat

(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 nashik Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts nashik understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...

ranjana rawat

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 Nagpur Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nagpur understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts

Call Girls in Nagpur High Profile

The Educational Administration: Theory and Practice publishes prominent empirical and conceptual articles focused on timely and critical leadership and policy issues of educational organizations. The journal embraces traditional and emergent research paradigms, methods, and issues. The journal particularly promotes the publication of rigorous and relevant scholarly work that enhances linkages among and utility for educational policy, practice, and research arenas. The goal of the editorial team and the journal’s editorial board is to promote sound scholarship and a clear and continuing dialogue among scholars and practitioners from a broad spectrum of education. Educational Administration: Theory and Practice presents prominent empirical and conceptual articles focused on timely and critical leadership and policy issues facing educational organizations. As an editorial team, we embrace traditional and emergent theoretical frameworks, research methods, and topics. We particularly promote the publication of rigorous and relevant scholarly work with utility for educational policy, practice, and research. The journal’s primary focus is on studies of educational leadership, organizations, leadership development, and policy as they relate to elementary and secondary levels of education. Examinations of leadership and policy that fall outside K-12 are considered insofar as there are meaningful connections to the K-12 arena (e.g., college pipeline). International comparative investigations are welcome to the extent they have implications for a broad audience.s.

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...

Christo Ananth

Introduction and different types of Ethernet.pptx

upamatechverse

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 nashik Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts nashik understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...

ranjana rawat

High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 Nagpur Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nagpur understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts

Call Girls in Nagpur High Profile

Introduction to Multiple Access Protocol.pptx

upamatechverse

UNIT-III FMM. DIMENSIONAL ANALYSIS

rknatarajan

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Indian Girls Waiting For You To Fuck Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...

Call Girls in Nagpur High Profile

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...

roncy bisnoi

Porous ceramics offer a broad range of characteristics that enable them to be used in a wide variety of applications. By selecting a suitable base material for the intended use, and then adjusting the overall porosity, pore size distribution and pore shape, they can be tailored to suit a diverse range of applications. This generally requires close consultation between the ceramics manufacturer and the customer or user.

Porous Ceramics seminar and technical writing

rakeshbaidya232001

Data security is rapidly gaining importance as the volume of data companies collect, analyze and monetize grows exponentially. New data processing tools and platforms are emerging at an increasing rate, as are the ways in which an organization consumes data. In this presentation Mukund Sarma and Feni Chawla talk about the unique technical and cultural challenges of running a data security program and share some practical solutions that have worked well at our company. These slides were presented at the BSides Seattle 2024 conference.

BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx

fenichawla

ONLINE FOOD ORDER SYSTEM is a website designed primarily for use in the food delivery industry. This system will allow hotels and restaurants to increase scope of business by reducing the labor cost involved. The system also allows to quickly and easily manage an online menu which customers can browse and use to place orders with just few clicks. Restaurant employees then use these orders through an easy to navigate graphical interface for efficient processing.

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf

Kamal Acharya

KubeKraft presentation @CloudNativeHooghly

sanyuktamishra911

PHP7.2와 모던 암호학

1. PHP7.2 Johney Park

2. Use Libsodium TL; DR

3. ? ?

4. Side Channel Attack • , ( ) ? • , , , , , , ? •   Meltdown, Spectre • Large Prime Number

5. Elliptic Curve Cryptography • • RSA 3072bit = ECC 256bit • key • • Side Channel Attack

6. Authenticated Encryption • Message Authentication Code • • (nonce) •

7. Post-Quantum Cryptography • •

8. PHP 7.2 ? Libsodium & Argon2

9. Libsodium • NaCl(salt) (2008-2010) • Networking and cryptography library, high-speed software library for network communication, encryption, decryption, signature, etc. • US EU Funding • C(with inline assembler), C++, Python Wrapper • Libsodium NaCl Cross-Platform (2013) • • 2017 PHP7.2

10. Argon2 • Side Channel Attack Hash Algorithm • 2015 • password_hash Libsodium , Libsodium password_hash BCRYPT . ( 7.2 ) • password_hash Libsodium • Libsodium • hash

11. Argon2 $password = 'secret password'; $hash = password_hash($password, PASSWORD_ARGON2I); echo $hash . PHP_EOL; if (password_verify($password, $hash)) { echo 'valid password' . PHP_EOL; if(password_needs_rehash($hash, PASSWORD_ARGON2I)) { echo 'save new password hash' . PHP_EOL; } } else { echo 'invalid password!' . PHP_EOL; } $argon2i$v=19$m=1024,t=2,p=2$RWRRb01PMnRETU8zMXNrag$/ BKnBpq0Yl82OsimPaNn/SlnAuaGsYWi3H95bfZKFSc valid password

12. Argon2 $password = 'secret password'; $hash = sodium_crypto_pwhash_str( $password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); echo $hash . PHP_EOL; if (sodium_crypto_pwhash_str_verify($hash, $password)) { sodium_memzero($password); echo 'valid password' . PHP_EOL; if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)) { echo 'save new password hash' . PHP_EOL; } } else { sodium_memzero($password); echo 'invalid password!' . PHP_EOL; } $argon2id$v=19$m=65536,t=2,p=1$zYnVgQGMf+YpTKZzTvqv2g$XHM3XJpOOgeQvibBX9fY4OB 6CA06aJVcsF+DmMFOMtc valid password

13. Hash • Rainbow table , Collision Attack • Libsodium generic hash BLAKE2b • short hash SipHash-2-4 • Libsodium • PHP hash MD5 SHA-1 . SHA-256 SHA-512

14. Hash $hash = sodium_bin2hex(sodium_crypto_generichash('message')); echo $hash . PHP_EOL; 2e7836cc18ab1db2a2e239ebf4043772b3359520198b5fd55443b01a1023a5b0 $key = random_bytes(SODIUM_CRYPTO_SHORTHASH_KEYBYTES); $hash = sodium_bin2hex(sodium_crypto_shorthash('message', $key)); echo $hash . PHP_EOL; 7b02d09fb8bd2289 $hash = hash('sha256', 'message'); echo $hash . PHP_EOL; ab530a13e45914982b79f9b7e3fba994cfd1f3fb22f71cea1afbf02b460c6d1d

15. Secret Key • XSalsa20 • Poly1305 MAC • nonce • AEAD AEAD . ( ..)

16. Secret Key $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); $message = 'secret message'; $cipher_text = sodium_bin2hex(sodium_crypto_secretbox($message, $nonce, $key)); sodium_memzero($message); echo $cipher_text . PHP_EOL; 9bb7d572868a8ddb773398fd107b3ccbf8f6dd010809bb1f76008a4a2abc $plain_text = sodium_crypto_secretbox_open(sodium_hex2bin($cipher_text), $nonce, $key); echo $plain_text . PHP_EOL; secret message

17. Public Key • X25519 XSalsa20 • Poly1305 MAC

18. Public Key $key_pair = sodium_crypto_box_keypair(); $public_key = sodium_crypto_box_publickey($key_pair); $message = 'secret message'; $cipher_text = sodium_bin2hex(sodium_crypto_box_seal($message, $public_key)); sodium_memzero($message); echo $cipher_text . PHP_EOL; 03fb2a60f2dbbe74c5f5eb2a9d13ea6a58c44badd2aa0963ff096c5b344bc5358a724badf814fa22c5566d 8b36867ddbf9ceb4fccbb77a3f303a037429ea $plain_text = sodium_crypto_box_seal_open(sodium_hex2bin($cipher_text), $key_pair); echo $plain_text . PHP_EOL; secret message

19. Libsodium 7.1

20. Reference • Official site  https://www.gitbook.com/book/jedisct1/ libsodium/details • Paragon IE  https://paragonie.com/book/pecl- libsodium

PHP7.2와 모던 암호학

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a PHP7.2와 모던 암호학

Semelhante a PHP7.2와 모던 암호학 (20)

Último

Último (20)

PHP7.2와 모던 암호학