SlideShare una empresa de Scribd logo

Cipher block modes

Descargar como KEY, PDF
Joshua Thijssen
Joshua Thijssen

http://www.adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/

TecnologíaEmpresariales
1 de 20
Block cipher modes or: what the heck are those MCRYPT_MODE_ECB, MCRYPT_MODE_CBC constants?
What are block cipher modes ‣ Modes to handle “blocks” during block cipher encryption / decryption. ‣ Work on blocks of data (8-256 byte mostly) instead of a continuous stream. ‣ Each block is en/decrypted separately. ‣ mcrypt_*() functions in PHP ‣ FOOTER TEXT
What are block cipher modes ‣ ECB - electronic cookbook ‣ CBC - cipher block chaining ‣ CFB - cipher feedback ‣ (N)OFB - Output feedback
Electronic Cookbook (ECB) http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Electronic Cookbook (ECB) <?php // The key size does not matter $key = "1234567890"; // Message is 10x the string HELLOYOU. Since each string is // 64bit, this will result in every HELLOYOU be encrypted // separately. $message = str_repeat("HELLOYOU", 10); // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB); // Display the result in hex for ($i=0; $i!=strlen($crypted); $i++) { printf ("%02X ", ord($crypted[$i])); if ($i % 8 == 7) print "n"; } ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
Electronic Cookbook (ECB) 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD ‣ RESULT IS DETERMINISTIC
Electronic Cookbook (ECB) <?php // The key size does not matter $key = "1234567890"; // again: all padded to the blocksize $message = "1111111122222222333333334444444455555555666666667777777788888888"; // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB); // Lets "corrupt" a byte in the second block $crypted[10] = "A"; // Decrypt, and see the results: $plaintext = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $crypted, MCRYPT_MODE_ECB); print $plaintext."n"; ‣ CREATE A CORRUPT ENCRYPTED BLOCK
Electronic Cookbook (ECB) 11111111T#####zO333333334444444455555555666666667777777788888888 ‣ ERRORS ARE ISOLATED IN ONE BLOCK
Electronic Cookbook (ECB) Thread 1 Thread 2 Thread 3 Block 1 Block 6 Block 8 Block 2 Block 5 Block 7 Block 3 Block 4 Block 9 assemble = Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 Block 9 ‣ PARALLEL ENCRYPTION AND DECRYPTION IS POSSIBLE
Cipher Block Chaining (CBC) http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Cipher Block Chaining (CBC) <?php // The key size does not matter $key = "1234567890"; // The IV MUST be equal to the block size of the encryption method $iv = "IAMWEASL"; // Message is 10x the string HELLOYOU. Since each string is // 64bit, this will result in every HELLOYOU be encrypted // separately. $message = str_repeat("HELLOYOU", 10); // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_CBC, $iv); // Display the result in hex for ($i=0; $i!=strlen($crypted); $i++) { printf ("%02X ", ord($crypted[$i])); if ($i % 8 == 7) print "n"; } ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
Cipher Block Chaining (CBC) 02 67 2E AA 4A EB E1 C1 F8 DB A6 2A 66 47 22 A7 5A 5B 7B 46 7D 68 8E E4 B4 BE 7D F7 00 73 B0 DD 72 71 4D 32 A9 A2 36 73 BB 8E 42 25 49 1D 65 B6 D9 36 F2 43 6A A9 E2 85 E4 C0 56 CC 24 05 73 22 52 A3 BA 85 88 5C A3 0D 98 29 3F 87 15 76 2E 98 ‣ RESULT IS NON-DETERMINISTIC
Cipher Block Chaining (CBC) Limited error propagation. 11111111?Թ~*IU33&333334444444455555555666666667777777788888888 ‣ ERRORS ARE ISOLATED IN ONE BLOCK PLUS THE NEXT
Cipher Block Chaining (CBC) +%,#&=#322222222333333334444444455555555666666667777777788888888 ‣ INCORRECT IV ONLY RESULTS IN FIRST BLOCK FAILURE
Cipher Block Chaining (CBC) ‣ IV is not a additional secret key! ‣ non-deterministic, since we’re chaining each block ‣ Change IV for each message for optimal security for non- deterministic messages.
Cipher feedback (CFB) http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Cipher feedback (CFB) ‣ Only needs “encryption” ‣ Effectively convert a block cipher into a stream cipher. ‣ No padding is needed (can be used on non-matching block lenghts)
Output feedback (OFB) http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Output feedback (OFB) ‣ Don’t use MCRYPT_MODE_OFB (8bit) ‣ Use MCRYPT_MODE_NOFB ‣ Cipher text is fed back instead of the output.
Conclusion ‣ You should use MCRYPT_MODE_CBC. ‣ Use randomize IV’s for each message (mcrypt_create_iv()) ‣ You should use the correct cipher algorithm (DES vs AES)

Recomendados

FLTK Summer Course - Part VI - Sixth Impact - Exercises
FLTK Summer Course - Part VI - Sixth Impact - ExercisesFLTK Summer Course - Part VI - Sixth Impact - Exercises
FLTK Summer Course - Part VI - Sixth Impact - ExercisesMichel Alves
 
Loadsilde
LoadsildeLoadsilde
LoadsildeJust1Singh
 
Implementing JMS Integration Solutions with WSO2 ESB
Implementing JMS Integration Solutions with WSO2 ESBImplementing JMS Integration Solutions with WSO2 ESB
Implementing JMS Integration Solutions with WSO2 ESBWSO2
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationShafaan Khaliq Bhatti
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardShafaan Khaliq Bhatti
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 

Recomendados

FLTK Summer Course - Part VI - Sixth Impact - Exercises
FLTK Summer Course - Part VI - Sixth Impact - ExercisesFLTK Summer Course - Part VI - Sixth Impact - Exercises
FLTK Summer Course - Part VI - Sixth Impact - ExercisesMichel Alves
 
Loadsilde
LoadsildeLoadsilde
LoadsildeJust1Singh
 
Implementing JMS Integration Solutions with WSO2 ESB
Implementing JMS Integration Solutions with WSO2 ESBImplementing JMS Integration Solutions with WSO2 ESB
Implementing JMS Integration Solutions with WSO2 ESBWSO2
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationShafaan Khaliq Bhatti
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardShafaan Khaliq Bhatti
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 
Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionJoshua Thijssen
 
Moved 301
Moved 301Moved 301
Moved 301Joshua Thijssen
 
Workshop unittesting
Workshop unittestingWorkshop unittesting
Workshop unittestingJoshua Thijssen
 
Representation state transfer and some other important stuff
Representation state transfer and some other important stuffRepresentation state transfer and some other important stuff
Representation state transfer and some other important stuffJoshua Thijssen
 
Deploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APTDeploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APTJoshua Thijssen
 
15 protips for mysql users
15 protips for mysql users15 protips for mysql users
15 protips for mysql usersJoshua Thijssen
 
Alice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpcAlice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpcJoshua Thijssen
 
PFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - AdvancedPFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - AdvancedJoshua Thijssen
 
PFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - BasicPFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - BasicJoshua Thijssen
 
15 protips for mysql users pfz
15 protips for mysql users pfz15 protips for mysql users pfz
15 protips for mysql users pfzJoshua Thijssen
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4sikindir
 
Czzawk
CzzawkCzzawk
Czzawk宗志 陈
 
Awk programming
Awk programming Awk programming
Awk programming Dr.M.Karthika parthasarathy
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and securitysangusajjan
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Byte Rotation Algorithm
Byte Rotation AlgorithmByte Rotation Algorithm
Byte Rotation AlgorithmEngr0918
 
euclids division lemma
euclids division lemmaeuclids division lemma
euclids division lemmaJashan Kainth
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Arofiah Hidayati
 
Naive Bayes
Naive Bayes Naive Bayes
Naive Bayes Eric Wilson
 
BlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilitiesBlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilitiesBlueHat Security Conference
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaSisimon Soman
 

Más contenido relacionado

Destacado

Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionJoshua Thijssen
 
Representation state transfer and some other important stuff
Representation state transfer and some other important stuffRepresentation state transfer and some other important stuff
Representation state transfer and some other important stuffJoshua Thijssen
 
Deploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APTDeploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APTJoshua Thijssen
 
15 protips for mysql users
15 protips for mysql users15 protips for mysql users
15 protips for mysql usersJoshua Thijssen
 
Alice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpcAlice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpcJoshua Thijssen
 
PFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - AdvancedPFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - AdvancedJoshua Thijssen
 
PFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - BasicPFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - BasicJoshua Thijssen
 
15 protips for mysql users pfz
15 protips for mysql users pfz15 protips for mysql users pfz
15 protips for mysql users pfzJoshua Thijssen
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4sikindir
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and securitysangusajjan
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Byte Rotation Algorithm
Byte Rotation AlgorithmByte Rotation Algorithm
Byte Rotation AlgorithmEngr0918
 
euclids division lemma
euclids division lemmaeuclids division lemma
euclids division lemmaJashan Kainth
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Arofiah Hidayati
 

Destacado (20)

Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG edition
 
Moved 301
Moved 301Moved 301
Moved 301
 
Workshop unittesting
Workshop unittestingWorkshop unittesting
Workshop unittesting
 
Representation state transfer and some other important stuff
Representation state transfer and some other important stuffRepresentation state transfer and some other important stuff
Representation state transfer and some other important stuff
 
Deploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APTDeploying and maintaining your software with RPM/APT
Deploying and maintaining your software with RPM/APT
 
15 protips for mysql users
15 protips for mysql users15 protips for mysql users
15 protips for mysql users
 
Alice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpcAlice & bob public key cryptography 101 - uncon dpc
Alice & bob public key cryptography 101 - uncon dpc
 
PFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - AdvancedPFZ WorkshopDay Linux - Advanced
PFZ WorkshopDay Linux - Advanced
 
PFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - BasicPFZ WorkshopDay Linux - Basic
PFZ WorkshopDay Linux - Basic
 
15 protips for mysql users pfz
15 protips for mysql users pfz15 protips for mysql users pfz
15 protips for mysql users pfz
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4international data encryption Algoritm (IDEA) and RC-4
international data encryption Algoritm (IDEA) and RC-4
 
Czzawk
CzzawkCzzawk
Czzawk
 
Awk programming
Awk programming Awk programming
Awk programming
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and security
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
Byte Rotation Algorithm
Byte Rotation AlgorithmByte Rotation Algorithm
Byte Rotation Algorithm
 
euclids division lemma
euclids division lemmaeuclids division lemma
euclids division lemma
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)
 
Naive Bayes
Naive Bayes Naive Bayes
Naive Bayes
 

Similar a Cipher block modes

BlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilitiesBlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilitiesBlueHat Security Conference
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaSisimon Soman
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)yang firo
 
Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)yang firo
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionlinuxlab_conf
 
Kernelvm 201312-dlmopen
Kernelvm 201312-dlmopenKernelvm 201312-dlmopen
Kernelvm 201312-dlmopenHajime Tazaki
 
MicroLab2 2011.pptx
MicroLab2 2011.pptxMicroLab2 2011.pptx
MicroLab2 2011.pptxHebaEng
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
NYU hacknight, april 6, 2016
NYU hacknight, april 6, 2016NYU hacknight, april 6, 2016
NYU hacknight, april 6, 2016Mikhail Sosonkin
 
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loops
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loopsMultiple Choice Questions on JAVA (object oriented programming) bank 4 -- loops
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loopsKuntal Bhowmick
 
CSS architecture: How To Write Clean & Scalable Code
CSS architecture: How To Write Clean & Scalable CodeCSS architecture: How To Write Clean & Scalable Code
CSS architecture: How To Write Clean & Scalable CodeNetguru
 
Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Béo Tú
 
Verilog Lecture2 thhts
Verilog Lecture2 thhtsVerilog Lecture2 thhts
Verilog Lecture2 thhtsBéo Tú
 
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan WanCODE BLUE
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeupnkslides
 

Similar a Cipher block modes (20)

BlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilitiesBlueHat v18 || A mitigation for kernel toctou vulnerabilities
BlueHat v18 || A mitigation for kernel toctou vulnerabilities
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in florida
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)
 
Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruption
 
Kernelvm 201312-dlmopen
Kernelvm 201312-dlmopenKernelvm 201312-dlmopen
Kernelvm 201312-dlmopen
 
MicroLab2 2011.pptx
MicroLab2 2011.pptxMicroLab2 2011.pptx
MicroLab2 2011.pptx
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware Analysis
 
NYU hacknight, april 6, 2016
NYU hacknight, april 6, 2016NYU hacknight, april 6, 2016
NYU hacknight, april 6, 2016
 
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loops
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loopsMultiple Choice Questions on JAVA (object oriented programming) bank 4 -- loops
Multiple Choice Questions on JAVA (object oriented programming) bank 4 -- loops
 
The propeller
The propellerThe propeller
The propeller
 
CSS architecture: How To Write Clean & Scalable Code
CSS architecture: How To Write Clean & Scalable CodeCSS architecture: How To Write Clean & Scalable Code
CSS architecture: How To Write Clean & Scalable Code
 
Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014
 
Verilog Lecture2 thhts
Verilog Lecture2 thhtsVerilog Lecture2 thhts
Verilog Lecture2 thhts
 
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeup
 
Meltdown & Spectre
Meltdown & Spectre Meltdown & Spectre
Meltdown & Spectre
 
Meltdown & spectre
Meltdown & spectreMeltdown & spectre
Meltdown & spectre
 
Bitcoin, the Protocol
Bitcoin, the ProtocolBitcoin, the Protocol
Bitcoin, the Protocol
 

Último

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Cipher block modes

  • 1. Block cipher modes or: what the heck are those MCRYPT_MODE_ECB, MCRYPT_MODE_CBC constants?
  • 2. What are block cipher modes ‣ Modes to handle “blocks” during block cipher encryption / decryption. ‣ Work on blocks of data (8-256 byte mostly) instead of a continuous stream. ‣ Each block is en/decrypted separately. ‣ mcrypt_*() functions in PHP ‣ FOOTER TEXT
  • 3. What are block cipher modes ‣ ECB - electronic cookbook ‣ CBC - cipher block chaining ‣ CFB - cipher feedback ‣ (N)OFB - Output feedback
  • 5. Electronic Cookbook (ECB) <?php // The key size does not matter $key = "1234567890"; // Message is 10x the string HELLOYOU. Since each string is // 64bit, this will result in every HELLOYOU be encrypted // separately. $message = str_repeat("HELLOYOU", 10); // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB); // Display the result in hex for ($i=0; $i!=strlen($crypted); $i++) { printf ("%02X ", ord($crypted[$i])); if ($i % 8 == 7) print "n"; } ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
  • 6. Electronic Cookbook (ECB) 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD 3F 89 AD 58 3C C8 21 CD ‣ RESULT IS DETERMINISTIC
  • 7. Electronic Cookbook (ECB) <?php // The key size does not matter $key = "1234567890"; // again: all padded to the blocksize $message = "1111111122222222333333334444444455555555666666667777777788888888"; // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB); // Lets "corrupt" a byte in the second block $crypted[10] = "A"; // Decrypt, and see the results: $plaintext = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $crypted, MCRYPT_MODE_ECB); print $plaintext."n"; ‣ CREATE A CORRUPT ENCRYPTED BLOCK
  • 8. Electronic Cookbook (ECB) 11111111T#####zO333333334444444455555555666666667777777788888888 ‣ ERRORS ARE ISOLATED IN ONE BLOCK
  • 9. Electronic Cookbook (ECB) Thread 1 Thread 2 Thread 3 Block 1 Block 6 Block 8 Block 2 Block 5 Block 7 Block 3 Block 4 Block 9 assemble = Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 Block 9 ‣ PARALLEL ENCRYPTION AND DECRYPTION IS POSSIBLE
  • 10. Cipher Block Chaining (CBC) http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
  • 11. Cipher Block Chaining (CBC) <?php // The key size does not matter $key = "1234567890"; // The IV MUST be equal to the block size of the encryption method $iv = "IAMWEASL"; // Message is 10x the string HELLOYOU. Since each string is // 64bit, this will result in every HELLOYOU be encrypted // separately. $message = str_repeat("HELLOYOU", 10); // Blowfish is an encryption that uses 64bit blocks $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_CBC, $iv); // Display the result in hex for ($i=0; $i!=strlen($crypted); $i++) { printf ("%02X ", ord($crypted[$i])); if ($i % 8 == 7) print "n"; } ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
  • 12. Cipher Block Chaining (CBC) 02 67 2E AA 4A EB E1 C1 F8 DB A6 2A 66 47 22 A7 5A 5B 7B 46 7D 68 8E E4 B4 BE 7D F7 00 73 B0 DD 72 71 4D 32 A9 A2 36 73 BB 8E 42 25 49 1D 65 B6 D9 36 F2 43 6A A9 E2 85 E4 C0 56 CC 24 05 73 22 52 A3 BA 85 88 5C A3 0D 98 29 3F 87 15 76 2E 98 ‣ RESULT IS NON-DETERMINISTIC
  • 13. Cipher Block Chaining (CBC) Limited error propagation. 11111111?Թ~*IU33&333334444444455555555666666667777777788888888 ‣ ERRORS ARE ISOLATED IN ONE BLOCK PLUS THE NEXT
  • 14. Cipher Block Chaining (CBC) +%,#&=#322222222333333334444444455555555666666667777777788888888 ‣ INCORRECT IV ONLY RESULTS IN FIRST BLOCK FAILURE
  • 15. Cipher Block Chaining (CBC) ‣ IV is not a additional secret key! ‣ non-deterministic, since we’re chaining each block ‣ Change IV for each message for optimal security for non- deterministic messages.
  • 17. Cipher feedback (CFB) ‣ Only needs “encryption” ‣ Effectively convert a block cipher into a stream cipher. ‣ No padding is needed (can be used on non-matching block lenghts)
  • 19. Output feedback (OFB) ‣ Don’t use MCRYPT_MODE_OFB (8bit) ‣ Use MCRYPT_MODE_NOFB ‣ Cipher text is fed back instead of the output.
  • 20. Conclusion ‣ You should use MCRYPT_MODE_CBC. ‣ Use randomize IV’s for each message (mcrypt_create_iv()) ‣ You should use the correct cipher algorithm (DES vs AES)

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n