cryptography for software and web developers
play

Cryptography for Software and Web Developers Part 4: randomness, - PowerPoint PPT Presentation

Nov 13, 2023 •665 likes •811 views

Random numbers Hashes Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B ock 2014-05-28 1 / 13 Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad

  1. Random numbers Hashes Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B¨ ock 2014-05-28 1 / 13

  2. Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad randomness ◮ In security (not just crypto) we often need random numbers ◮ Examples: CSRF-tokens, one-time-action tokens, password salts, key generation, ... ◮ There’s even crypto out there that needs good random numbers to run or it’ll completely break: DSA, ECDSA (but better avoid that). ◮ Good randomness is hard 2 / 13

  3. Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad randomness ◮ OS or programming language default random functions often not secure random numbers. ◮ Rounding problems, conversion problems can reduce space of possible random numbers vastly. ◮ 2008 Debian OpenSSL bug. ◮ PRNGs need a seed or they don’t work. ◮ NSA managed to make a backdoored RNG an official standard and payed RSA Inc. 10 Million $ to make it the default in BSAFE ◮ No way to test random numbers reliably. 3 / 13

  4. Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad randomness ◮ An RSA public key consists of an exponent e and a modulus N which is the product of two primes ◮ If you know the primes you can get the private key ◮ What happens if we have two RSA keys with a shared prime, e. g. N 1 = p ∗ q 1 , N 2 = p ∗ q 2 ? You can break this key with the greatest common divisor algorithm. ◮ Some people tried this with lots of SSH and TLS keys and found over 50 embedded devices that created such factorable keys. [url] ◮ Linux seed sources: HD timings, keyboard strokes, mouse movements. Embedded devices often have no HD, no keyboard, no mouse. 4 / 13

  5. Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad randomness ◮ PHP good: openssl random pseudo bytes(), PHP bad: mt rand(), rand(), uniqid() ◮ JavaScript good: window.crypto.getRandomValues(), bad: Math.random() (only latest browser support window.crypto.getRandomValues()) ◮ /dev/urandom is good if it is properly seeded. For embedded devices: Better create the keys on a desktop PC. 5 / 13

  6. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ So many people have wrong ideas about hashes... ◮ Completely typical situation: I write about cryptographic hashes, people in the comments discuss about password hashes and salting ◮ Hashes used in many contexts: error detection (CRC32), signatures (SHA256, SHA516), passwords (bcrypt, scrypt) ◮ If you use a hash function you need to know what it should do 6 / 13

  7. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ CRC32: Very fast, no security at all ◮ Reliably detects errors, but trivial to construct another input for an existing hash ◮ Usable only for errors and if no attacker is involved (e. g. error detection on hard disks or file comparison over otherwise secure network connections). 7 / 13

  8. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ Cryptographic hashes need to be collision resistant and preimage resistant ◮ Collision: It should be practically impossible to create two different inputs with same hash ◮ Preimage: It should be practically impossible to create an input for a given hash value. ◮ Used in many places, e. g. signatures ◮ Some crypto protocols need hashes and don’t have collision resistance requirement (e. g. HMAC), but that’s usually not something that should bother you 8 / 13

  9. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ In 2004/2005 big breakthroughs on hash attacks, mostly the work of a Chinese team led by Wang Xiaoyun. ◮ Most important results: practical collision attacks on MD5, almost practical attacks on SHA1 ◮ 2008: MD5 attack on RapidSSL leads to fake CA, 2012: Flame worm uses MD5 attack to create rogue code signing cert ◮ SHA-2 functions (SHA256, SHA512) considered safe today, SHA-3 will come soon. 9 / 13

  10. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ Idea: We don’t save passwords, we just save hashes so if our database gets stolen the attacker has no direct access to the passwords ◮ Attackers can brute force ◮ Salting makes it harder ◮ Security requirements for password hashes completely different from cryptographic hash functions ◮ Collision resistance doesn’t matter, they should ideally not be fast 10 / 13

  11. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ glibc uses several iterations of cryptographic hashes (default SHA512) and a salt. ◮ bcrypt and scrypt are functions designed to be password hashes. bcrypt is designed to be slow, scrypt is designed to be slow and use lots of memory. ◮ There’s a Password Hashing Competition (PHC), results expected in 2015. 11 / 13

  12. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ The importance of secure password hashing is IMHO vastly overstated. ◮ glibc-type SHA512, bcrypt, scrypt are all ”good enough”, just make sure you have a salt. ◮ Password hashing only gives you a tiny little bit of extra protection if your database gets stolen. But if that happens you’re screwed anyway. ◮ Make sure nobody steals your database. That’s much more important. 12 / 13

  13. Simple hashes Cryptographic hashes Problems with MD5, SHA1 Random numbers Passwords Hashes Password hash functions A note on password hashes Sources ◮ Factorable RSA keys https://factorable.net/ http://media.ccc.de/browse/congress/2012/ 29c3-5275-en-facthacks_h264.html ◮ Password Hashing Competition https://password-hashing.net/ 13 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B

Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B

Snake Oil Nationalism Conclusion Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B ock 2014-05-28 1 / 10 New fancy crypto tool Snake Oil Example Telegram Nationalism Example Threema

670 views • 11 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Funding Free Software Developers with... Why? Because Free Software Developers... Freely

Funding Free Software Developers with... Why? Because Free Software Developers... Freely

Funding Free Software Developers with... Why? Because Free Software Developers... Freely share the Need to pay their result of their work in bills in order to a way that benefits continue doing what the whole society. they do.

369 views • 8 slides
Development-Driven Testing Ensuring Testing Meets the Needs of Software Developers

Development-Driven Testing Ensuring Testing Meets the Needs of Software Developers

Development-Driven Testing Ensuring Testing Meets the Needs of Software Developers tim.farley@gylity.com Whos your customer? Focus on needs of software developers Understand Projects Constraints & Critical Developer Needs

510 views • 21 slides
Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If

Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If

Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If you think cryptography is the solution to your problem, then you don't understand your problem " - Roger Needham Cryptography basics are

417 views • 25 slides
CrashCourseCrypto Cryptography 101 for Developers Mathias T ausig Erstellt von: Mathias T

CrashCourseCrypto Cryptography 101 for Developers Mathias T ausig Erstellt von: Mathias T

CrashCourseCrypto Cryptography 101 for Developers Mathias T ausig Erstellt von: Mathias T ausig, mathias.tausig@fh-campuswien.ac.at 1 Who am I? > MSc in Mathematics (University of T echnology Vienna) > Professional experience as a

1.3k views • 87 slides
2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers World QCon London 2020 Miguel Ramalho Quantum Spectrum Software Physicists Scientists Developers Engineers Engineers Theorise Empirically

710 views • 51 slides
CSS for Software Engineers for CSS Developers He Harry Roberts http://csswizardry.com 1959

CSS for Software Engineers for CSS Developers He Harry Roberts http://csswizardry.com 1959

CSS for Software Engineers for CSS Developers He Harry Roberts http://csswizardry.com 1959 2015 Flow Matic CSS 1996 5 Principles of Software Engineering 1 DRY Dont repeat yourself Every piece of knowledge must have a single,

968 views • 50 slides
Developers' Contribution to Structural Complexity in Free Software Projects Antonio Terceiro

Developers' Contribution to Structural Complexity in Free Software Projects Antonio Terceiro

Developers' Contribution to Structural Complexity in Free Software Projects Antonio Terceiro Supervisor: prof. Christina Chavez Co-supervisor: prof. Manoel Mendona Introduction Developers rewriting entire systems EOG rewritten from

595 views • 46 slides
Understanding the Structure of Programs is Difficult Software Clustering Developers create

Understanding the Structure of Programs is Difficult Software Clustering Developers create

Understanding the Structure of Programs is Difficult Software Clustering Developers create sophisticated applications that Decomposing a large software system into meaningful subsystems are complex and involve a large number of

301 views • 5 slides
BORN FOR IT? How the image of software developers came about A programmer is The computer

BORN FOR IT? How the image of software developers came about A programmer is The computer

@ b i r g i t t a 4 1 0 BORN FOR IT? How the image of software developers came about A programmer is The computer boys take over Nathan Ensmenger, 2010 1940s The ENIAC girls

746 views • 35 slides
Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art Director FOSS: A Developers World? Creatives have abilities to ofer Challenge Ignorance & Bias Feature Gaps Inertia Introduce FOSS

514 views • 34 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

1 2 High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is University of Illinois at Chicago & much slower than it could be. Technische Universiteit Eindhoven Is software applied to much data? with

1.17k views • 115 slides
The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com www.hotmail.com and other free email sites Why is the best software designed in the US, will this continue to be the case? 1992, The

462 views • 8 slides
Scientific Software Development with Eclipse A Best Practices for HPC Developers Webinar

Scientific Software Development with Eclipse A Best Practices for HPC Developers Webinar

Scientific Software Development with Eclipse A Best Practices for HPC Developers Webinar Gregory R. Watson ORNL is managed by UT-Battelle for the US Department of Energy Contents Downloading and Installing Eclipse C/C++

859 views • 58 slides
Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk

Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk

Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk kmatus@ics.mq.edu.au, josef@ics.mq.edu.au Centre For Advanced Computing, Algorithms and Cryptography, Department of Computing, Macquarie University

822 views • 48 slides
Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy Vanhoef, Domien Schepers, Frank Piessens imec-DistriNet, KU Leuven Asia CCS 2017 Introduction More and more Wi-Fi network use encryption: 2010 Most

531 views • 19 slides
HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R.

HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R.

HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R. Desmarais, R. Enge, D. Grundy, A. Norton, D. Penfold-Brown, R. Seuster, R.J. Sobie, D. C. Vanderster National Research Council of Canada, Ottawa, Ontario,

244 views • 20 slides
Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan

Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan

Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan Technologies Pvt. Ltd. Place: New Delhi. GitHub Pull Request Builder Plugin for Jenkins Tools We will going to use: What is Jenkins? Jenkins is an

219 views • 20 slides
. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

fle XOR : flexible garbling for XOR gates that beats free- XOR . Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . . background 1 . . . Enc A C B Enc A C B Enc A C B Enc A C B . background: garbled

1.29k views • 92 slides
Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers

Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers

Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers University of Technology June 2008 Dictionary Passwords on UNIX systems attacks, offline attacks, ... Universal Access /etc/passwd RootAccess

775 views • 38 slides
CptS 360 (System Programming) Unit 8: System Data Files Bob Lewis School of Engineering and

CptS 360 (System Programming) Unit 8: System Data Files Bob Lewis School of Engineering and

Unit 8: System Data Files CptS 360 (System Programming) Unit 8: System Data Files Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2020 Bob Lewis WSU CptS 360 (Spring, 2020) Unit 8: System Data Files

604 views • 13 slides
User Accounts Even a single-user workstation (Desktop Computer) uses multiple accounts. Such a

User Accounts Even a single-user workstation (Desktop Computer) uses multiple accounts. Such a

User Accounts Even a single-user workstation (Desktop Computer) uses multiple accounts. Such a computer may have just one user account, but several system accounts help keep the computer running. Accounts enable multiple users to share a single

481 views • 11 slides

More recommend