Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Próxima SlideShare
Cargando en…5
×

# Cryptography: way to Arkham - Andriy Savchenko

166 visualizaciones

Ruby Meditation #20
February 17, 2018
Kyiv

• Full Name
Comment goes here.

Are you sure you want to Yes No
• Sé el primero en comentar

### Cryptography: way to Arkham - Andriy Savchenko

1. 1. Cryptography: way to Arkham Andrii Savchenko
2. 2. Crypto primitives
3. 3. One-way hash functions Symmetric encryption Asymmetric encryption PRNGs Boring large prime number math (MOST COMMONLY USED) CRYPTO PRIMITIVES 3
4. 4. ONE WAY HASH FUNCTIONS 4
5. 5. ONE WAY HASH FUNCTIONS – DUMMY EXAMPLE 5 D U C K 4 21 3 11 22450325 1 / 421311 = 0.000002373543534 = 34 = 22 2 / 421311 = 0.000004747087069 = 69 = 45 3 / 421311 = 0.000007120630603 = 03 = 03 4 / 421311 = 0.000009494174137 = 37 = 25
6. 6. ONE WAY HASH FUNCTIONS – DUMMY EXAMPLE 6 F U C K 6 21 3 11 0C192531 1 / 621311 = 0.000001609499912 = 12 = 0C 2 / 621311 = 0.000003218999825 = 25 = 19 3 / 621311 = 0.000004828499737 = 37 = 25 4 / 621311 = 0.000006437999649 = 49 = 31
7. 7. ONE WAY HASH FUNCTIONS – DUMMY EXAMPLE 7 DUCK = 22450325 FUCK = 0C192531
8. 8. ONE WAY HASH FUNCTIONS – DUMMY EXAMPLE 8 ANDRII = 083B2712 ANDRIJ = 0E1C2A38
9. 9. SHA MD5 BLAKE ONE WAY HASH FUNCTIONS – REAL WORLD 9
10. 10. SYMMETRIC ENCRYPTION 10
11. 11. Key: Joker Phrase: Why so serious SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 11
12. 12. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 12 whysoserious jokerjokerjo
13. 13. 13
14. 14. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 14 whysoserious jokerjokerjo
15. 15. 15
16. 16. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 16 whysoserious jokerjokerjo f
17. 17. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 17 whysoserious jokerjokerjo f
18. 18. 18
19. 19. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 19 whysoserious jokerjokerjo fv
20. 20. SYMMETRIC ENCRYPTION – CHIFFRE DE VIGENÈRE 20 whysoserious jokerjokerjo fviwfbsbmfdg
21. 21. AES 3DES RC4 Blowﬁsh Salsa20 SYMMETRIC ENCRYPTION – REAL WORLD 21
22. 22. ASYMMETRIC ENCRYPTION 22
23. 23. Lets say, we have some magic public key and private key, for example: ASYMMETRIC ENCRYPTION – SIMPLE RSA 23 Public key: 3 Private key: 7
24. 24. Also, we need another magic number n, for example 33 ASYMMETRIC ENCRYPTION – SIMPLE RSA 24
25. 25. 25
26. 26. So, Harley Quinn want to send message "14" to Joker, knowing only Joker's public key ASYMMETRIC ENCRYPTION – SIMPLE RSA 26
27. 27. Harley Quinn: encrypted = messagepublic mod n = 143 mod 33 = 5 Joker: encryptedprivate mod n = 57 mod 33 = 14 ASYMMETRIC ENCRYPTION – SIMPLE RSA 27
28. 28. Batman want to know what Harley sent to Joker, but only knows the public key 3, message 5 and magic number 33, but have no possibility to decipher message without private key 7 ASYMMETRIC ENCRYPTION – SIMPLE RSA 28
29. 29. Not every 3 numbers may give you expected result PROBLEM 1 29
30. 30. Choose two prime numbers: p and q (in this example: p = 11, q = 3) Get magic number n = p * q = 33 Get Euler's phi = (p - 1) * (q - 1) = 10 * 2 = 20 Choose public key which should be coprime with phi, p-1 and q-1 and satisfy 1 < public < phi Find private key where phi divides public * private - 1 (3 * 7 - 1 = 20, 20 / 20 = 1, private = 7) You are all done! Easy-peasy! Enjoy your public key encryption GETTING KEY PAIR 30
31. 31. message could not be bigger or equal than n PROBLEM 2 31
32. 32. Well, latin alphabet is only 25, let's write small Ruby script PROBLEM 2 32
33. 33. 33 PUB = 3 PRIV = 7 N = 33 DICT = { 'a' => 1, 'b' => 2, 'c' => 3, ... } RDICT = DICT.invert def encrypt(message) message.each_char.map { |letter| DICT[letter] ** PUB % N } end def decrypt(array) array.inject('') { |message, letter| message += RDICT[letter ** PRIV % N] } end encrypted = encrypt('batman') # => [8, 1, 14, 19, 1, 5] decrypt('encrypted') # => 'batman'
34. 34. Protocols
35. 35. Protocol, basically, is a set of crypto primitives PROTOCOLS 35
36. 36. TLS IPSec oAuth SSH 100500 more… PROTOCOLS 36
37. 37. Implementing crypto protocols
38. 38. Good mathematicians often makes very bad code Partial implementations Incorrect implementations Outdated protocol versions or crypto primitives Abandoned projects Absence of implementation Fun WHY? 38
39. 39. PROBLEMS 39
40. 40. HTTPS://VIMEO.COM/52882780 40
41. 41. 41 Secure Remote Password protocol
42. 42. 42 RFC2945
43. 43. 43
44. 44. 44 RFC2945
45. 45. RFC2945 45
46. 46. RFC2945 46
47. 47. 47
48. 48. 48
49. 49. 49
50. 50. 50
51. 51. 51 S = (B - kg^x) ^ (a + ux)
52. 52. 52 S = ((B - kg^x) ^ (a + ux)) mod N
53. 53. 53 S = ((B - kg^x) mod N ^ (a + ux) mod N) mod N
54. 54. 54 S = ((B - kg^x mod N) mod N ^ (a + ux mod N) mod N) mod N
55. 55. 55
56. 56. 56 B = k * v + ((g ** b) % N)
57. 57. 57 B = k * v + ((g ** b) mod N)
58. 58. 58 B / k = v + I
59. 59. 59 B = k * v + ((g ** b) mod N) mod N
60. 60. 60
61. 61. 61
62. 62. 62 One possible way
63. 63. 63 One possible way
64. 64. 64 One possible way
65. 65. 65 One possible way
66. 66. 66 One possible way
67. 67. 67 M = H(A | B | S) M = H(A | B || K) M = H(H(N) xor H(g) | H(I) | s | A | B | K)
68. 68. 68 H(A | M | S) H(A | M | K)
69. 69. 69
70. 70. 70
71. 71. 71 One possible way
72. 72. 72
73. 73. 73 x = H(s | p) x = H(s | H(I) | H(p)) x = H(s | H(I | ":" | p)) x = KDF(s, p)
74. 74. UTF-8 Binary values representation Implementation incompatibilities Ruby limitations BONUS 74
75. 75. 75 > 3 ** 7 % 33 => 9 > 3 ** 1234567890 % 33 (pry):62: warning: in a**b, b may be too big => NaN
76. 76. 76 > require 'openssl' => true > 3.to_bn.mod_exp(1234567890, 33).to_i => 12
77. 77. 77
78. 78. Thank you for attention! https://github.com/esrp/ruby
79. 79. Andrii Savchenko @ptico andrii@aejis.eu @ptico My contacts