using cryptography properly in applications
TRANSCRIPT
![Page 1: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/1.jpg)
Using Cryptography Properly in
Applications
Andy WatsonIonic Security
#GWOCryptoParty
Great Wide Open2016
![Page 2: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/2.jpg)
About:Name: Andy WatsonOccupation: Byte ManglerEmployer: Ionic Security
http://ionic.com/
![Page 3: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/3.jpg)
Why am I here?I’ve seen too many people not using cryptography or using it incorrectly.
This information may help you not be one of them.
![Page 4: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/4.jpg)
Agenda:● Random● Salt● Hash● Key Derivation● Symmetric Encryption● Famous Mistakes
![Page 5: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/5.jpg)
Random
![Page 6: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/6.jpg)
Random Number GeneratorsRNG: A computational or physical device designed to generate a sequence of numbers that lack any patternTrue random number generators depend on an entropy source like radioactive decay or radio frequency noise
For cryptographic functions, higher levels of entropy are required to work properlyhttps://www.random.org/randomness/
![Page 7: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/7.jpg)
PseudoComputational RNG are known as Pseudo RNG
PRNG are “seeded” with a value to generate a series of numbers
![Page 8: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/8.jpg)
Hashes
![Page 9: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/9.jpg)
HASH!
![Page 10: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/10.jpg)
Hashing Function (n.)A Function that represents data of arbitrary size as data of a fixed size.
$ echo "Great Wide Open 2016" | md5 e2be8adfadee4bfe635041c4c37dadac
$ echo "All Things Open 2015 " | md5402854038fbffe281a518b53cdbd5594
![Page 11: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/11.jpg)
When to HashUse hashing functions when saving the original data would be a liability you have no business dealing with
For Example: Linux Passwords
$6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2DwuS4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4.I5x5NtqidhBTGobQLOqxBAFe1
![Page 12: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/12.jpg)
Don’t Store The ClearCredentials should be hashed when stored
During login, hash the password entered and check it against the hash you saved
![Page 13: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/13.jpg)
When Hashes CollideThese two blocks have the same md5 hash of 79054025255fb1a26e4bc422aef54eb4
d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70
d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
![Page 14: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/14.jpg)
You. Must. Hash. Securely.Cryptographically Secure Hash Function (n.)A hash function which is infeasible to reverse back to the original message and not subject to collisions$ echo "Great Wide Open 2016" | shasum -a 51240094ad14fec6107ccabbc430e00cb9ef34f75a45420ca055eb294ccbcc8f2084da4ec10f852c4e6cc372d2f3f7ab34fbfc113661b2735243621509ef9b3d3dd
![Page 15: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/15.jpg)
Taste the Rainbow TableA rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.
Password MD5 Hash123456e10adc3949ba59abbe56e057f20f883epassword5f4dcc3b5aa765d61d8327deb882cf99
![Page 16: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/16.jpg)
It’s not just for your friesSALT
![Page 17: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/17.jpg)
What is a Salt?Random data added to your input to create better output from one way functionsUseful for defending against dictionary and rainbow table attacks.$ echo "secret" | md5Dd02c7c2232759874e1c205587017bed$ openssl rand -hex 1672f72e199d1292317ee60cbe3c50b5ba$ echo "72f72e199d1292317ee60cbe3c50b5ba secret" | md57cb940bf5166c52834a9e831a6299091
![Page 18: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/18.jpg)
Key Derivation
![Page 19: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/19.jpg)
Key Derivation FunctionsKDF create new secret keys from a secret value and a known value - like a password
Key Derivation Functions can be used in a “key stretching” routing to enhance hashing functions to provide much more protection from rainbow tables and brute force attacks
![Page 20: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/20.jpg)
Original KDF: crypt● Invented in 1978 to protect UNIX
passwords● Used only a 12 bit salt● Limited passwords to 8 characters
![Page 21: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/21.jpg)
Modern KDFsPDKDF2● 64 bit random salt● 5000 iterations of SHA1 (hashing function)
SCRYPT● Consumes large amounts of memory
on purpose
![Page 22: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/22.jpg)
PBKDF2 In A Nutshell™
Password
SALT + Password
Prepend SALT
Intermediate Hash
SHA1
REPEAT 5000 TIMES
Final Hash
![Page 23: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/23.jpg)
Save the SaltStore the salt, the resulting hash and the number of iterations in your data store
You’ll have to calculate the derived key of the credential again to verify it is correct
https://crackstation.net/hashing-security.htm
![Page 24: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/24.jpg)
Vulnerabilities• ASICs exists that can run PBKDF2
processes very quickly• bcrypt requires the use of more
memory so it makes it harder to implement in silicon
• scrypt is more modern and can be tuned to use even more memory
![Page 25: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/25.jpg)
Symmetric Encryption
![Page 26: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/26.jpg)
Symmetric EncryptionUsed when your application needs to protect data at rest (on disk etc) but will need to use those values later
The most common algorithm for symmetric encryption is AES (Advanced Encryption Standard)
It can operate in multiple modes like ECB, CBC, CTR and GCM - each suited to different uses
![Page 27: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/27.jpg)
ECB ModeElectronic Code BookSimplest mode: Operates on blocks of plaintext
![Page 28: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/28.jpg)
Comparing ECB to other modes
http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
![Page 29: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/29.jpg)
Galois Counter Mode (GCM)Encrypts and Authenticates Messages
Reduces the opportunity for interference with messages to go undetected
Functions at a high rate of speed
Became NIST standard in 2007
![Page 30: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/30.jpg)
Simple!
https://en.wikipedia.org/wiki/Galois/Counter_Mode
![Page 31: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/31.jpg)
Uses of GCM• TLS 1.2• SSH• IPsec
![Page 32: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/32.jpg)
Let’s talk about it.Mistakes Were Made
![Page 33: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/33.jpg)
The Stupid. It Hurts.
![Page 34: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/34.jpg)
Le Sigh.My password is stored in their database in plaintext.
It was not hashed or they could not have emailed it to me!
Obviously, the password I use with them is a special snowflake.
![Page 35: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/35.jpg)
Which is bad because...A lot of people use the same password everywhere and use their email address as their login!
![Page 36: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/36.jpg)
So...An attacker that gets this password list can try to log in to all kinds of things as you!
1. email2. banks3. credit reporting4. even NetFlix!
![Page 37: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/37.jpg)
Adobe HackMillions of “encrypted” passwords stolenHashed with MD5Large numbers of them found in rainbow tables
Most Common Password: 123456http://stricture-group.com/files/adobe-top100.txt
![Page 38: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/38.jpg)
![Page 39: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/39.jpg)
Beware The Default SettingsDefault settings for Android Bouncy Castle starting in 2.1 were horribly unsafeDefaulted to ECB mode!
![Page 40: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/40.jpg)
Empirical Study of Android Apps11,748 applications analyzed5,656 used ECB mode by default3,644 used a constant symmetric key2,000 used ECB mode ON PURPOSE!1,932 used a constant IV1,629 seeded PRNG with static value
![Page 41: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/41.jpg)
Seeding the PRNGIn 2006 a bug in Debian and Ubuntu caused the PID to be used as the output of the PRNG - only 32,768 possible values!
(hint: that’s not enough!)
![Page 42: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/42.jpg)
UnSalted HashesIn 2012, LinkedIn password hashes were stolen.
They were not salted.
60% of them were cracked.
![Page 43: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/43.jpg)
Crisis Averted at SlackUser profile data stolen in February 2015
Passwords hashed with bcrypt and random salts
![Page 44: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/44.jpg)
Unlocking Your PriusSystem uses rotating codes in a small rangeSome built in (pre-shared) keys for repair use
No protection from replaying codesBrute force attacks possible
![Page 45: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/45.jpg)
Scared yet?
![Page 46: Using Cryptography Properly in Applications](https://reader035.vdocuments.us/reader035/viewer/2022062904/5877097e1a28ab890e8b6197/html5/thumbnails/46.jpg)
@andrewwatsonhttp://about.me/andrewwatson
Thank You