Using SSL/TLS the right way is often a big hurdle for developers. We prefer to have that one colleague perform “something with certificates” because he/she knows how that works. But what if “that one colleague” is enjoying their vacation and something goes wrong with the certificates?
In this session, we’ll take a close look at secure communication at the transport level. Starting with what exactly SSL and TLS is, we’ll dive into public/private keys, and signing. We’ll also learn what all this has to do with an unfortunate Dutch notary. Of course, there’ll be plenty of practical tips & tricks, as well as demos.
Attend this session to become “that one colleague”!
5. 7 L OSI M
data unit layers
Data
Data
Data
Segments
Packets
Frames
Bits
Application
Network Process to Application
Presentation
Data Representation
and Encryption
Session
Interhost Communication
Transport
EndtoEnd Connections
and Reliability
Network
Path Determination and
Logical Addressing (IP)
Data Link
Physical Addressing
(MAC and LLC)
Physical
Media, Signal and
Binary Transmission
Host Layers
Media Layers
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals
13. N , P Q
1.
2. Find d, so that
Pretty hard without knowing and !
When you know , calculating is easy.
p ∗ q = 299, e = 5
(d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0
p q
p = 13, q = 23 d = 317
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals
15. L "G"
p ∗ q = 187, e = 3, G ⇒ 7
= = 343
7
e
7
3
343 mod 187 = 156
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals
16. L "156"
Since we know and , we can calculate
p q d = 107
= ≈ 4.6 ∗
156
d
156
107
10
234
mod 187 = 7
156
107
7 ⇒ G
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals
40. P -
1. Don't use SSL!
Use TLS v1.2 or v1.3.
2. Be careful whom you trust!
3. When in doubt, open your toolbox:
openssl, curl, nmap, ssldump and Portecle
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals
41. Q
I
Router by
Public Key Krüpto by , , and ( )
Puss In Boots by
IANA Root KSK Ceremony #36 @
Beverwijk by @
unknown author
Sándor P. Fekete Sebastian Morr Sebastian Stiller @ideainstruction
kisspng
https://www.iana.org/dnssec/ceremonies/36
Gerard Hogervorst Wikimedia Commons
Maarten Mulders (@mthmulders)
Devoxx UK #tlsformortals