This document provides an introduction to encryption. It discusses why encryption is used, including for secure communications, payment gateways, and digital rights management. It then defines encryption as encoding a message so that it is only readable by authorized persons. Several historical encryption methods are described, such as the Caesar cipher, Vigènere cipher, and the one-time pad. Modern symmetric ciphers like the Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are also covered. The document concludes with an overview of public/private key cryptography and recommendations for password storage and encryption in PHP.
7. *Encryption is…
“An algorithm that can encode a message
such that it is only readable by authorized
persons”
*Generally speaking.
8. *Encryption is… a Cipher..
“A pair of algorithms such that the output
ciphertext of the encoding algorithm can be
efficiently transformed back to the original text
by the decoding algorithm”
*not always true
11. Shift 3 chars left
Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
Plaintext: the quick brown fox jumps over the lazy dog
13. Create a repeating key the same length as the message
Plain : PHP BELFAST ENCRYTION TALK
Key : BLI NKSTUDI OSBLINKST UDIO
Cipher: RTY PPEZVWC TEEDHHTHH OEUZ
P = 16 + B=2 = 18 = R
H = 8 + L=12 = 20 = T
L = 12 + S=19 = 31 % 26 = 5 = E
14. Playfair Mr Kennedy
Famous WWII message involving JFK
PHBEL
FASTC
DGIKM
NOQRU
VWXYZ
http://j.mp/pFAIR
IN TR OD UC TI ON TO EN CR YP TI ON
DQ KY NG ZM SK QO AR PR TU VE SK QO
15. The One Time Pad
1917, Vernam
Symantically secure, practically useless
Very fast encode / decode
Stream Cipher
16. The One Time Pad
Uses A Random Key of equal length to the message
AJDPWNCGS82NCPS03NCBS72HGTWX1EZMBLHPY04YDVS2D
24. Data Encryption Standard
DES
1970 – 1976 - IBMs Lucifer cipher approved as Fed. Standard
1997 - DES is broken by exhaustive search
Internet search – took 3 months
1998 – Deep Crack does it in 3 days (cost $250K)
1999 – combined search 22 hours
2000 – New Fed Standard adopted. Rijndael or AES
26. Advanced Encryption Standard
AES
Uses block cipher – But NOT a Fiestel Construction
1997: DES Broken NIST requests proposal for new std
1999: 5 shortlisted options
2000: Rijndael chosen to be new AES
33. Authenticated Encryption
Encrypt then MAC
- always provides A.E.
MAC then Encrypt is open to CCA attacks
- it’s ok IF you use rand-CBC or rand-CTR mode
- still open to padding attacks
35. Public/Private Keys
Public key used to encrypt
Private key used to decrypt
Uses large primes (600+ digits) and modulus of the
powers of factors of that prime
36. Public/Private Keys
ALICE
Generate array of
public & private keys
Alice decrypts with Secret key
To obtain Bobs random number
BOB
Bob chooses one
public key
Chooses a random
secret {0,1}128
encrypts it using
Public Key
They now have a shared secret or key (Bobs
number) with which to encrypt future
messages
37. PHP – password storage
•
•
•
•
•
•
•
Raw / Plaintext – do people really do this?
Roll your own encryption mechanism
MySQL Encrypt()
MD5() – no collision too common
SHA and store salt
bcrypt – No salt storage required
phpass – no salt storage required
j.mp/1nPFttR
Because it’s basically about encoding the data into a format your enemy cannot understand.
Symmettric and Asymmetric encryption is different.
Using a 26 letter alphabet there are 26! Combinations = 2^88 or 88bits
The PT Boat incident.Kennedy’s message gave away the position of the boat and their pick up times.Wheatston & palmerston
Very fast encoding and decoding – but the length of the key makes it impractical. It’s as difficult to transmit the key as the plaintext message.WEP 802.11b is bad crypto – it’s keyspace is exhausted so it’s effectively 2 time pad.IV is 24bit so it recycles after 16million data packetsWorse still it resets to zero each time the router reboots.
Key is very longSharing the Key s difficultSharing the key is as insecure as sharing the messageMessages should never repeatMessages with known portions are prone to being tampered with“nothing to report”
A German in the desert consistently sent the message Nothing to reportKnown plain text + intercepted cipher text meant they could figure out the machine settings for the day
XOR makes hardware encoding really fast and simplegenerally convert plain text messages to HEX pairs and XOR those pairs (perhaps via binary)The XOR rule above is WHY we cannot have a two time PADXOR +XOR = original text
Hopefully one of the only formula’s you’ll encounter tonightBasically Decrypt(encrypted message) = message
The One Time pad is a stream cipherStream ciphers use a small key but PAD it out to the required length with Pseudo randomnessStream ciphers are fast and commonly used by hardware systems – e.g. DVD encryption, GSM phones, Bluetooth all use stream ciphersRC4 (1987) is a common stream cipher encrypts 1 byte per roundDVD Encryption uses CSS (Code scrambling system)Salsa 20 is a modern stream cipher – process 5 x faster than RC4Block ciphers are the workhorse of modern encryptionExamples includes 3DES (64bit blocks) and key is 168 bitAES (128 bit blocks) key is 128,192 or 256 bitKey is expanded into one key per blockEncryption of block one is fed into block two and so on….Block ciphers are much slower than stream ciphers SLOWER is BETTERI’ll do a few definitions only.
Pseudo random keys are generated by PRGsA PRG uses a PRF A PRP is an invertible PRFAll PRPs are PRFsNOT all PRFs are PRPs some are non invertiblePRG – Stream CipherPRP = Block CipherA PRP is used by Block ciphers – not stream ciphers - think AES, 3DES etc
Small keys are EXPANDED by the PRG to form a ONE TIME PAD key of the required length.
DES used for cheque clearing and many other legacy banking systems.AES is Advanced Encryption Standard.Developed by Horst Fiestel in 1970s3DES tripled the workload time2DES is useless as it is prone to a meet in the middle attack
Used by DES, 3DES and Blowfish among othersTakes a *secure* PRF (non invertible) and makes it Efficiently invertble after 3 rounds.DES uses 16 rounds.TODO Small PHP script to demonstrate – add to gist - ? TODO
Substituion permutation layersKey XOR inputByte substitutionShift rowMix columnXOR with next key loop
Timing AttacksPower AttacksSound AttacksReplay attacks – resend a scrambled signal – could result in a duplicate web order
Electronic Code book sometimes falls foul of two time padSematic security says that cipher text tells you NOTHING about plain textBut in ECB if block n == block m then those two cipher texts are identicalEach block is encoded separately and independently of the others.
CBC gets over the short comings of ECB by feeding the results of one block into the intiialisation of the next block
Turns a Block Cipher into Stream CipherThe initalisation vector in this instance is eth Nonce + The CounterEach block differs from previous one due to eth counter – but not dependant on the previous blockYou can decrypt block independently of each other, or simultaneously is you know the number of blocksHence stream cipher
Most of the time when talking about encryption – we really mean hashingBecause most of the time we don’t need to decrypt only to confirm.Checking and rejecting an encrypted message based on MAC can leave you open to timing attacksIf decrypt fails or (login guessing) always add a random time interval before returning an error code.MAC also used to authenticate a message but do not provide confidentiality (Authenticated Encryption)
CCA – Chosen Cipher text attackCPA – Chosen Plaintext AttackAlways use hmac() in your own code.hash_hmac() provides keyed hashing not JUST hashing.Authenticated Encryption is relatively new – circa 2000
Physical world representation of secure communicationMathematical handshakes basically carry out the above scenario.The mathematical equivalent Public Key crypto was thought up by GCHQ employeeCliff Cocks 1973 – only declassified in 1997He worked it out in his head in 3 hours and had to remember it!!!!Source The Infinite Monkey Cage – 3rd Dec 2012 - Secret ScienceSimon Singh, Dr. Sue Back
Diffie / Hellmann is the modern approved Public Key system (RSA)It’s all about prime numbers & factorsPick a large primePick a number less than the primeRaise a fixed number to the power of that number less than the prime128bit encryption has modulus size of 3072 bits256bit AES has modulus size of 15,360bits – that’s why it’s a good protocol.
This is basically Diffie Hellman.
Many older systems still have plain text passowrds stored
Use a really long random key – Generate a random key with e.g. openssl_random_pseudo_bytes(64)Don’t reuse the same key over and over againUse a random 64bit minimum saltStore the salt along side the hashYou can store an encrypted version of the Salt with a re-usable key from your site configvars
Use OPEN SSL if decryption is required.Use openssl for Public private key encryption/decryptionOpenssl_public_[en|de]cryptOpenssl_private_[en|de]crypt
For versions of PHP less than 5.5 this is a good solid easy to use option
Php 5.5 password_hash is a wrapper for crypt()Hashes created by crypt can be used with password_hash()By default uses bcrypt CRYPT_BLOWFISHThe $hash returned by password_hash contains the algorith, workload and salt.Retrievable with password_get_info()
