Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Próxima SlideShare
Cargando en…5
×

# Cryptography for Absolute Beginners (May 2019)

374 visualizaciones

Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/

• Full Name
Comment goes here.

Are you sure you want to Yes No
• Sé el primero en comentar

• Sé el primero en recomendar esto

### Cryptography for Absolute Beginners (May 2019)

1. 1. Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA Cryptography for Absolute Beginners Dr. Svetlin Nakov Co-Founder, Chief Training & Innovation @ Software University (SoftUni) https://nakov.com Software University (SoftUni) – http://softuni.org
2. 2. Table of Contents 1. About the Speaker 2. What is Cryptography? 3. Hashes, MAC Codes and Key Derivation (KDF) 4. Encrypting Passwords: from Plaintext to Argon2 5. Symmetric Encryption and AES 6. Digital Signatures, Elliptic Curves and ECDSA 2
3. 3.  Software engineer, trainer, entrepreneur, PhD, author of 15+ books, blockchain expert  3 successful tech educational initiatives (150,000+ students) About Dr. Svetlin Nakov 3
4. 4. Book "Practical Cryptography for Developers" 4 GitHub: github.com/nakov/pra ctical-cryptography- for-developers-book Book site: https://cryptobook. nakov.com
5. 5. What is Cryptography?
6. 6.  Cryptography provides security and protection of information  Storing and transmitting data in a secure way  Hashing data (message digest) and MAC codes  Encrypting and decrypting data  Symmetric and asymmetric schemes  Key derivation functions (KDF)  Key agreement schemes, digital certificates  Digital signatures (sign / verify) What is Cryptography? 6
7. 7. Cryptographic Hash Functions
8. 8. What is Cryptographic Hash Function? 8  One-way transformation, infeasible to invert  Extremely little chance to find a collision Some text Some text Some text Some text Some text Some text Some text 20c9ad97c081d63397d 7b685a412227a40e23c 8bdc6688c6f37e97cfb c22d2b4d1db1510d8f6 1e6a8866ad7f0e17c02 b14182d37ea7c3c8b9c 2683aeb6b733a1 Text Hash (digest) Cryptographic hash function
9. 9.  SHA-2 (SHA-256, SHA-384, SHA-512)  Secure crypto hash function, the most widely used today (RFC 4634)  Used in Bitcoin, IPFS, many others  SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256  Strong cryptographic hash function, more secure than SHA-2  Used in Ethereum blockchain and many modern apps Modern Hashes: SHA-2, SHA3 9 SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7 425e73043362938b9824 SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4 24d792af4b9202398f392
10. 10.  BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)  Secure crypto hash function, very fast  RIPEMD-160 (160-bit crypto hash)  Considered weak, just 160-bits, still unbroken  Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2  Git and GitHub still use SHA-1 and suffer of collision attacks Modern Hashes: BLAKE2, RIPEMD-160 10 BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8 997eb00be456f140ca25 RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
11. 11. Hashes – Demo Play with Hash Functions Online http://hash-functions.online-domain-tools.com https://www.fileformat.info/tool/hash.htm
12. 12. HMAC and Key Derivation (KDF) MAC, HMAC, Scrypt, Argon2
13. 13.  HMAC = Hash-based Message Authentication Code (RFC 2104)  HMAC(key, msg, hash_func)  hash  Message hash mixed with a secret shared key  Used for message integrity / authentication / key derivation MAC Codes and HMAC 13 HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc c798c6c0ef1456d66ded1a6aa723a58b7b HMAC('key', 'hello', RIPEMD-160) = 43ab51f803a68a8b894cb32ee19e6854e9f4e468
14. 14. HMAC – Demo Calculate HMAC- SHA256 Online https://www.freeformatter.com/hmac-generator.html
15. 15.  Encryption and digital signatures use keys (e.g. 256-bits)  Users prefer passwords  easier to remember  KDF functions transform passwords to keys  Key derivation function (KDF) == function(password)  key  Don't use SHA256(msg + key)  its is insecure  Use PBKDF2, Scrypt, Bcrypt, Argon2  Bcrypt, Scrypt and Argon2 are modern key-derivation functions  Use a lot of iterations + a lot of memory  slow calculations HMAC and Key Derivation 15
16. 16.  Scrypt (RFC 7914) is a strong cryptographic key-derivation function  Memory intensive, designed to prevent ASIC and FPGA attacks  key = Scrypt(password, salt, N, r, p, derived-key-len)  N – iterations count (affects memory and CPU usage), e.g. 16384  r – block size (affects memory and CPU usage), e.g. 8  p – parallelism factor (threads to run in parallel), usually 1  Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB  Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)  Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB) Key Derivation Functions: Scrypt 16
17. 17. Scrypt Live Demo https://gchq.github.io/CyberChef/?op=Scrypt
18. 18.  Clear-text passwords, e.g. store the password directly in the DB  Never do anti-pattern!  Simple password hash, e.g. store SHA256(password) in the DB  Highly insecure, still better than clear-text, dictionary attacks  Salted hashed passwords, e.g. store HMAC(pass, random_salt)  Almost secure, GPU / ASIC-crackable  ASIC-resistant KDF password hash, e.g. Argon2(password)  Recommended, secure (when the KDF settings are secure) Password Encryption (Register / Login) 18
19. 19.  Argon2 is the recommended password-hashing for apps Encrypting Passwords: Argon2 19 hash = argon2.hash(8, 1 << 16, 4, "password"); print("Argon2 hash (random salt): " + hash); print("Argon2 verify (correct password): " + argon2.verify(hash, "password")); print ("Argon2 verify (wrong password): " + argon2.verify(hash, "wrong123")); Argon2 hash (random salt): \$argon2id\$v=19\$m=65536,t=8,p=4\$FW2kqbP+nidwHnT3Oc vSEg\$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk Argon2 verify (correct password): true Argon2 verify (wrong password): false Register Login Invalid Login
20. 20. Argon2 Calculate Hash / Verify Password – Online Demo https://argon2-generator.com
21. 21. Symmetric Encryption AES, Block Modes, Authenticated Encryption encrypt (secret key) I am a non- encrypted message … decrypt (secret key) I am a non- encrypted message …
22. 22.  Symmetric key ciphers  Use the same key (or password) to encrypt and decrypt data  Popular symmetric algorithms  AES, ChaCha20, Twofish, Serpent, RC5, RC6  Broken algorithms (don't use them!)  DES, 3DES, RC2, RC4 Symmetric Key Ciphers 22
23. 23.  Block ciphers  Split data on blocks (e.g. 128 bits), then encrypt each block separately, change the internal state, encrypt the next block, …  Stream ciphers  Work on sequences of data (encrypt / decrypt byte by byte)  Block ciphers can be transformed to stream ciphers  Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Symmetric Key Ciphers 23
24. 24.  AES – Advanced Encryption Standard (Rijndael)  Symmetric key block cipher (128-bit blocks)  Key lengths: 128, 160, 192, 224 and 256 bits  No significant practical attacks are known for AES  Modern CPU hardware implements AES instructions  This speeds-up AES and secure Internet communication  AES is used by most Internet Web sites for the https:// content The "AES" Cipher 24
25. 25.  AES is a "block cipher" – encrypts block by block (e.g. 128 bits)  Supports several modes of operation (CBC, CTR, GCM, …)  Some modes of operation (like CBC / CTR) require initial vector (IV)  Non-secret random salt  used to get different result each time  Recommended modes: CTR (Counter) or GCM (Galois/Counter)  CBC may use a padding algorithm (typically PKCS7) to help splitting the input data into blocks of fixed block-size (e.g. 128 bits)  May use password to key derivation function, e.g. Argon2(passwd)  May use MAC to check the password validity, e.g. HMAC(text, key) AES Cipher Settings 25
26. 26. The AES Encryption Process 26 input msg random IV+ AES key+ ciphertext input msg MAC key+ MAC code input msg key+ AES ciphertext MAC+IV+ KDF password key kdf-salt+
27. 27. The AES Decryption Process 27 original msg MAC key+ MAC code AES ciphertext IV+ KDF password key original msg decrypt Decryption MAC code compare Encryption MAC code key+ kdf-salt+
28. 28. AES-256-CTR-Argon2-HMAC – Encrypt 28 some text {cipher=AES-256-CTR-Argon2-HMACSHA256, cipherText=a847f3b2bc59278107, cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49, kdf=argon2, kdfSalt=90c6fcc318fd273f4f661c019b39b8ed, mac=6c143d139d0d7b29aaa4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a} Text: pass@123Password: AES-256-CTR-Argon2-HMACSHA256Cipher: Encrypted message:
29. 29. AES Online Demo https://myetherwallet.com/ create-wallet
30. 30. Asymmetric Encryption Public Key Cryptography and ECIES
31. 31.  Uses a pair of keys: public key + private key  Encrypt / verify by public key  Decrypt / sign by private key Public Key Cryptography 31
32. 32.  Asymmetric encryption is slow and inefficient for large data  Hybrid encryption schemes (like ECIES and RSA-OAEP) are used  Hybrid encryption schemes  Asymmetric algorithm encrypts a random symmetric key  Encrypted by the user's public key  Decrypted by the user's private key  Symmetric algorithm (like AES) encrypts the secret message  Message authentication algorithm ensures message integrity Asymmetric Encryption Schemes 32
33. 33. Asymmetric Encryption 33
34. 34. Asymmetric Decryption 34
35. 35. ECIES Online Demo https://asecuritysite.com/encryption/ecc3
36. 36. Digital Signatures ECDSA, Sign / Verify
37. 37.  Digital signatures provide message signing / verification  Authentication (proof that known sender have signed the message)  Integrity (the message cannot be altered after signing)  Non-repudiation (signer cannot deny message signing)  Digital signatures are based on public key cryptography  Messages are signed by someone's private key  Signatures are verified by the corresponding public key  May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA Digital Signatures – Concepts 37
38. 38.  Well-known public-key crypto-systems  RSA – based on discrete logarithms  ECC – based on elliptic curves  ECC cryptography is considered more secure  3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level  Most blockchains (like Bitcoin, Ethereum and EOS) use ECC  But be warned: ECC is not quantum-safe! Public Key Crypto Systems 38
39. 39. ECDSA Online Demo https://kjur.github.io/js rsasign/sample/sample -ecdsa.html
40. 40. https://nakov.com Cryptography for Absolute Beginners