SlideShare una empresa de Scribd logo
1 de 41
julius caesar : caesar cipher
key = 3
julius caesar : caesar cipher

key = 3



hasin = kdvlq
rise of the machines
cryptography in bangla way
!@#$%^&*


 The science of writing in
 secret code
daily cryptography

SSL

Session/Cookie Encryption

Storing Sensitive Information

Secure Message Transportation

Signing Documents
terms
 Plaintext

 Key

 Cipher

 Encryption

 Ciphertext

 Decryption
techniques

 Symmetric Cryptography = shared secret key

 Asymmetric Cryptography = public key + private key

 Hash Cryptography = One way
cryptography in PHP
 cracklib

 hash

 mCrypt

 openSSL

 mHash
one way journey
 md5

 sha1

 Sha2
   Sha 256
   Sha 512
problems of MD5/SHA1
 Collision Attack


                     




                         hash(data1) = hash(data2)
why salt?
password!
Use a salt value in hash functions or bcrypt


   hash( $salt . $password );
   hash_hmac( ‘sha512’, $salt . $password
   );
   crypt($password , $salt );
symmetric encryption
 One single key

 Shared between parties

 Popular
sample encryption - AES…

$ivlength = mcrypt_get_iv_size(
     MCRYPT_RIJNDAEL_256,
     MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv(
     $ivlength,
     MCRYPT_RAND);
sample encryption - AES
$encryptedText = mcrypt_encrypt(
     MCRYPT_RIJNDAEL_256,
     $key,
     $data,
     MCRYPT_MODE_CBC,
     $iv);
sample decryption – AES
$decryptedText = mcrypt_decrypt(
     MCRYPT_RIJNDAEL_256,
     $key,
     $encryptedText,
     MCRYPT_MODE_CBC,
     $iv);
asymmetric encryption
 public / private key

 semi-shared
meet with bob and alice
bob and alice’s story
Bob Asks Alice For her public key


Bob signs msg with the public key of Alice


Alice gets encrypted msg


Alice decrypts msg with her secret private key


Alice reads It
public/private key encryption
 RSA

 openSSL
RSA key-pair
 ssh-keygen –t RSA –b <bit>

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /tmp/pk_rsa

Your public key has been saved in /tmp/pk_rsa.pub
RSA key to PEM format

openssl rsa -in pk_rsa
              -outform pem
   > pk_rsa.pem
generate RSA key in PEM format

 openssl genrsa -des3
                  -out pk_rsa.pem 2048
public key out of PEM file
openssl rsa -pubout
            -in pk_rsa.pem
            -out pk_pub.pem
encrypt with public key
$pub_key=openssl_get_publickey(
      file_get_contents("/tmp/pk_pub.pem"));


$enc= openssl_public_encrypt(
      $source,
      $crypttext,
      $pub_key);
decrypt using private key…
$passphrase = “<secret passphrase>";



$key = openssl_get_privatekey(

      file_get_contents("/tmp/pk.pem"),

      $passphrase);
decrypt using private key
$dec=openssl_private_decrypt(

      $decoded_source,

      $newsource,

      $res);
there are always some
      bad guys…
best practices
 PCI DSS Compliance
best practices
AES (RIJNDAEL)
BLOWFISH
TWOFISH
SHA-256, 384, 512
RSA
random!

rand()

mt_rand()

openssl_random_pseudo_bytes()
key space

 Secret key space >= 128 bit
 Public key space >= 2048 bit
thanks
 M A Hossain Tonu
     Sr. Software Engineer, somewherein…
     http://mahtonu.wordpress.com

 Hasin Hayder
     Founder, Leevio
     http://hasin.wordpress.com

Más contenido relacionado

La actualidad más candente

Simple php backdoor_by_dk
Simple php backdoor_by_dkSimple php backdoor_by_dk
Simple php backdoor_by_dk
Stan Adrian
 
Up.Php
Up.PhpUp.Php
Up.Php
wsoom
 
Huong dan cai dat hadoop
Huong dan cai dat hadoopHuong dan cai dat hadoop
Huong dan cai dat hadoop
Quỳnh Phan
 

La actualidad más candente (19)

C99[2]
C99[2]C99[2]
C99[2]
 
Simple php backdoor_by_dk
Simple php backdoor_by_dkSimple php backdoor_by_dk
Simple php backdoor_by_dk
 
Php Mysql
Php Mysql Php Mysql
Php Mysql
 
PHP
PHP PHP
PHP
 
Redis for the Everyday Developer
Redis for the Everyday DeveloperRedis for the Everyday Developer
Redis for the Everyday Developer
 
Not Really PHP by the book
Not Really PHP by the bookNot Really PHP by the book
Not Really PHP by the book
 
Redis
RedisRedis
Redis
 
C99
C99C99
C99
 
Path::Tiny
Path::TinyPath::Tiny
Path::Tiny
 
Up.Php
Up.PhpUp.Php
Up.Php
 
Laporan setting dns
Laporan setting dnsLaporan setting dns
Laporan setting dns
 
Huong dan cai dat hadoop
Huong dan cai dat hadoopHuong dan cai dat hadoop
Huong dan cai dat hadoop
 
DPAPI AND DPAPI-NG: Decryption toolkit. Black Hat 2017
DPAPI AND DPAPI-NG: Decryption toolkit. Black Hat 2017DPAPI AND DPAPI-NG: Decryption toolkit. Black Hat 2017
DPAPI AND DPAPI-NG: Decryption toolkit. Black Hat 2017
 
Macros code for Protecting and Unprotecting Sheets
Macros code for Protecting and Unprotecting SheetsMacros code for Protecting and Unprotecting Sheets
Macros code for Protecting and Unprotecting Sheets
 
Hadley verse
Hadley verseHadley verse
Hadley verse
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with Puppet
 
Persistence patterns for containers
Persistence patterns for containersPersistence patterns for containers
Persistence patterns for containers
 
2018-06-06 @nuxtjs/auth with Django Rest Framework
2018-06-06 @nuxtjs/auth with Django Rest Framework2018-06-06 @nuxtjs/auth with Django Rest Framework
2018-06-06 @nuxtjs/auth with Django Rest Framework
 
08 php-files
08 php-files08 php-files
08 php-files
 

Destacado

언론홍보학과김현지
언론홍보학과김현지언론홍보학과김현지
언론홍보학과김현지
Hyun Jee Kim
 

Destacado (10)

Software Engineering in PHP
Software Engineering in PHPSoftware Engineering in PHP
Software Engineering in PHP
 
언론홍보학과김현지(@jeehalo, blog.naver.com/guswl1987)
언론홍보학과김현지(@jeehalo, blog.naver.com/guswl1987)언론홍보학과김현지(@jeehalo, blog.naver.com/guswl1987)
언론홍보학과김현지(@jeehalo, blog.naver.com/guswl1987)
 
온라인Pr
온라인Pr온라인Pr
온라인Pr
 
언론홍보학과김현지
언론홍보학과김현지언론홍보학과김현지
언론홍보학과김현지
 
JavaScript Wash - Story of UI Development
JavaScript Wash - Story of UI DevelopmentJavaScript Wash - Story of UI Development
JavaScript Wash - Story of UI Development
 
Google Maps API
Google Maps APIGoogle Maps API
Google Maps API
 
Succeeding with FOSS!
Succeeding with FOSS!Succeeding with FOSS!
Succeeding with FOSS!
 
언론홍보학과김현지
언론홍보학과김현지언론홍보학과김현지
언론홍보학과김현지
 
Blogging, the wordpress way
Blogging, the wordpress wayBlogging, the wordpress way
Blogging, the wordpress way
 
Let’s be productive with spring boot
Let’s be productive with spring bootLet’s be productive with spring boot
Let’s be productive with spring boot
 

Similar a Cryptography for the mere mortals

Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006
Martin Kobetic
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
Aleksandr Yampolskiy
 

Similar a Cryptography for the mere mortals (20)

Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend Framework
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWest
 
veracruz
veracruzveracruz
veracruz
 
veracruz
veracruzveracruz
veracruz
 
veracruz
veracruzveracruz
veracruz
 
veracruz
veracruzveracruz
veracruz
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
 
Perl object ?
Perl object ?Perl object ?
Perl object ?
 
Computer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdfComputer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdf
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
 
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
 
comp security lab.ppsx
comp security lab.ppsxcomp security lab.ppsx
comp security lab.ppsx
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
 

Más de M A Hossain Tonu

Más de M A Hossain Tonu (8)

Before you jump into Angular
Before you jump into AngularBefore you jump into Angular
Before you jump into Angular
 
Understanding Microservices
Understanding Microservices Understanding Microservices
Understanding Microservices
 
Understanding meteor
Understanding meteorUnderstanding meteor
Understanding meteor
 
Introduction to Meteor - Worldwide Meteor Day
Introduction to Meteor - Worldwide Meteor DayIntroduction to Meteor - Worldwide Meteor Day
Introduction to Meteor - Worldwide Meteor Day
 
Secure my ng-app
Secure my ng-appSecure my ng-app
Secure my ng-app
 
Google Map API
Google Map APIGoogle Map API
Google Map API
 
Google Maps API
Google Maps APIGoogle Maps API
Google Maps API
 
Developing WordPress Plugins : For Begineers
Developing WordPress Plugins :  For BegineersDeveloping WordPress Plugins :  For Begineers
Developing WordPress Plugins : For Begineers
 

Último

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Cryptography for the mere mortals

Notas del editor

  1. H
  2. H
  3. H
  4. H
  5. H
  6. H
  7. H
  8. H
  9. H
  10. H
  11. Plaintext The initial unencrypted (unscrambled) data to be communicated. CiphertextPlaintext is encrypted (scrambled) into something unintelligible – ciphertext for communication Example: “esqbsuibqsbujnebt” Encryption The process of converting ordinary information ( plaintext ) into ciphertext . Decryption The reverse process of moving from unintelligible ciphertext to plaintext . Cipher Pair of algorithms performing encryption &amp; decryption. Key A secret parameter for the cipher algorithm. Key Management Management of generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. Provisions in Cryptosystem design, Cryptographic protocols in that design, User procedures, and so on. Crypto Analysis / Code Breaking The study of how to circumvent the confidentiality sought by using encryption.
  12. To check if a given $password string is valid, for a given hash, you can use the following condition:If($hash==crypt($password,$hash)) echo ‘valid’;
  13. Advanced encryption standard
  14. H
  15. H
  16. H
  17. H
  18. H
  19. H
  20. H
  21. H
  22. H
  23. H
  24. H
  25. H
  26. H
  27. rand() predictablea cryptographically strong random number in PHP you have to use the function openssl_random_pseudo_bytes() of the OpenSSL library, available at PHP 5.3
  28. DES cipher uses 56-bit key, that means the key space is 2^56.