node.js interactive na 2016: tales from the crypt
TRANSCRIPT
@adam_englander
Tales From the CryptA Cryptography Primer
Adam Englander, iovation
@adam_englander
Who Am I?
@adam_englander
What We Will Discuss
Wearegoingtotalkaboutthecommonmethodsandtermsusedforcryptographyinapplicationdevelopment.
@adam_englander
Don’t Dwell
Donotfeelashamedbecauseyouaredoinganyofthiswrong.Justfixitmovingforward.
@adam_englander
What Is Cryptography?
Cryptography…isthepracticeandstudyoftechniquesforsecurecommunicationinthepresenceofthirdpartiescalledadversaries. Wikipedia
@adam_englander
My Definition of Cryptography
Cryptographyobscuresdatainsuchawaythatitisdifficultandcostlytoduplicateorreverse.
@adam_englander
What is Good Cryptography?
Goodcryptographyhasahighlevelofentropy.Thatis,thattheencryptedorhasheddatahasalowlevelofpredictability.
@adam_englander
Why Is Entropy Important?
Alldatahaspatterns.Ifyourencryptedorhasheddataretainsthosepatterns,itismuchlessdifficultandlesscostlytoduplicateorreverse.
@adam_englander
Example of Poor Entropy
@adam_englander
How To Increase Entropy
•Increaseentropybymixingincryptographicallysecurepseudorandomdataintheformofaninitializationvector(IV)orsalt•Increaseentropywithfeedbackloops
@adam_englander
Feedback Loop Example
@adam_englander
Example of Good Entropy
@adam_englander
Localized vs Global Entropy
• Highentropyonanitemisgood• Highentropyacrossthedatasetisbetter• Patternsexistacrossyourentiredatasetthatmayaidadversaries
@adam_englander
Cryptography Types
• Symmetric Key Cryptography uses shared secrets• Asymmetric Key Cryptography uses
private/public key pairs
@adam_englander
Cryptography Applications
• Encryption• Digital Signatures• Key Derivation
@adam_englander
Encryption
• Protecting data that needs to be recalled• Can be reversed via decryption
@adam_englander
Digital Signature
• Used to verify authenticity of data• Used mostly for data transfer• Can not be reversed but can be
reproduced for verification
@adam_englander
Key Derivation
• A.K.A. password hashing• Cannot be reversed• Computationally expensive by design
@adam_englander
Symmetric Key Cryptography
@adam_englander
Symmetric Key Cryptography
• Shared secrets• Uses cipher algorithms against blocks
or streams of data• Most implementations will use block
@adam_englander
Block Cipher Modes
• DO NOT USE Electronic Cookbook (ECB)!!!• Cipher Block Chaining (CBC) will be
the right choice for most implementations
@adam_englander
Cipher Block Chaining (CBC)
• Entire message is required for decryption• Full cipher text block is used as the
seed for the next block
@adam_englander
Cipher Block Chaining (CBC)
@adam_englander
Digital Signatures (HMAC)
• Hash-based Message Authentication Code (HMAC)• Hashing combined with key• SHA-256 or better is preferred to
ensure uniqueness
@adam_englander
Asymmetric Key Cryptography
@adam_englander
Asymmetric Key Cryptography
• RSA is common and available• Uses very large prime integers• Very computationally expensive• Uses key pairs to protect secret
@adam_englander
Private/Public Key Pair
• Private key can do encrypt, decrypt, sign, and verify signature• Public key does not have enough data
to decrypt or sign. Can only encrypt and verify signature
@adam_englander
Key Size and Hash Algorithm
• Current minimum recommend key size is 2048• SHA1 is considered safe but SHA-256
is better
@adam_englander
Data Limitations
• RSA can only encrypt or sign data up to the length of the key size• Signatures use hashing• Crypto often mixed with symmetric key
cryptography
@adam_englander
Padding
• Padding is how RSA creates additional entropy• RSA_PKCS1_OAEP_PADDING is
default and should always be used• RSA_PKCS1_PADDING is not safe
@adam_englander
Key Derivation Functionsa.k.a Password Hashing
@adam_englander
Password Hashing
NEVERusestandardhashingfunctionlikeMD5orSHA!
Onlyusekeyderivationfunctions!
@adam_englander
Key Derivation
• Injects salt for entropy• Iterates to increase cost• Can create cost via threads and memory• Bigger is better!
@adam_englander
Which KDF Should I Use
• argon2i is the new hotness• scrypt is preferred• bcrypt is acceptable• pbkdf2 can be used in a pinch• No passwords are best
@adam_englander
Recommendations
@adam_englander
Types
• Use RSA asymmetric key cryptography when transferring data and AES/CBC otherwise• Mix with AES and random keys/IVs per transfer• Use crypto.randomBytes for randomness• Use bcrypt/scrypt/argon2i for passwords
@adam_englander
Strength
• AES: aes-256-cbc / sha256• RSA: 2048+ PKCS1_OAEP / RSA-
SHA256• Hash until it hurts!
@adam_englander
Further Reading
• https://nodejs.org/api/crypto.html• https://www.wikipedia.org/• https://www.npmjs.com/package/bcrypt• https://www.npmjs.com/package/scrypt• https://www.npmjs.com/package/argon2
@adam_englander
Please Provide Feedback
• @adam_englander• https://speakerrate.com/talks/70701-
tales-from-the-crypt-a-cryptography-primer