Cryptography With PHP - ZendCon 2017 Workshop

CRYPTOGRAPHY WITH PHPMARK NIEBERGALL

ZendCon 2017 Workshop

https://joind.in/talk/7b305


CRYPTOGRAPHY WITH PHP

ABOUT MARK NIEBERGALL

▸ PHP since 2005 ▸ Masters degree in MIS ▸ Senior Software Engineer ▸ Drug screening project ▸ UPHPU President ▸ SSCP, CSSLP Certified and SME ▸ Drones, fishing, skiing, father, husband








OBJECTIVES

▸ Time on the keyboard

▸ Learn about and use PHP cryptography and hashing libraries

▸ Security considerations with implementation


OBJECTIVES

▸ Coding time!

▸ Various modules

▸ Estimated time (5, 10, or 15 minutes)

▸ Cryptography games will apply what was covered


SCHEDULE

▸ 9:00-9:30 Setup and covering slides that including terminology and cryptography

▸ 9:30-9:50 PHP hash, password hashing

▸ 9:50-10:00 Break, lock picking

▸ 10:00-10:50 CSPRNG, OpenSSL

▸ 10:50-11:00 Break, more lock picking

▸ 11:00-11:15 libsodium

▸ 11:15-11:55 Cryptography Games

▸ 11:55-12:00 Regroup and conclusion


OVERVIEW

▸ Environment Setup

▸ Why Cryptography

▸ Definitions

▸ Role of Cryptography

▸ Algorithms

▸ Encryption with PHP

▸ Considerations

▸ Cryptography Games


ENVIRONMENT SETUP


ENVIRONMENT SETUP

▸ PHP 5.5+, best is 7.0+

▸ Ideally have libsodium PECL extension (see https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium) or 7.2 (RC)

▸ Once you are up and running, please help others

▸ Worse case, use https://3v4l.org/

https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium




https://3v4l.org/


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY

▸ Over 100,000 incidents in 2016 with 3,141 confirmed breaches

▸ Attacks largely for financial gain

▸ Many going after sensitive data


WHY CRYPTOGRAPHY

▸ Review Verizon 2017 Data Breach Investigations Report

▸ Yearly report

▸ Cybersecurity investigations report

▸ Pulls from many sources

▸ Lots of informative charts


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY

Incidents by industry


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY


WHY CRYPTOGRAPHY

▸ No organization is immune

▸ Cryptography significantly reduces breach cost

▸ Cryptography can prevent leak of actual sensitive data


WHY CRYPTOGRAPHY

▸ Attack Countermeasures

▸ Good password policy

▸ Encrypt sensitive data

▸ Encrypt computer disks and devices

▸ Keep current with patches


DEFINITIONS


DEFINITIONS

▸ Cryptography

▸ The process of writing or reading secret messages or codes

▸ Classical cryptography started thousands of years ago

▸ Advanced during wars of 20th century

▸ The science or study of secret communications


DEFINITIONS

▸ Encryption

▸ To change information from one form to another especially to hide its meaning

▸ En: to make

▸ Crypto: secret or hidden

▸ The actual changing of a communication


DEFINITIONS

▸ Algorithm

▸ A set of steps that are followed in order to solve a mathematical problem or to complete a computer process


DEFINITIONS

▸ Cipher

▸ A way of changing a message to keep it secret

▸ An algorithm used to encrypt or decrypt

▸ Classically included substitution and transposition

▸ A becomes 1 ▸ A becomes Z ▸ Abc123 becomes 123Abc ▸ Backwards


DEFINITIONS

▸ Hash

▸ To chop into small pieces

▸ Maps data to a string

▸ One-way hash functions

▸ Schneier “workhorses of modern cryptography”

▸ Input is the message, output is the digest


ROLE OF CRYPTOGRAPHY



▸ World War II

▸ Enigma Machine used by Nazi Germany

▸ Code breaking by Allies, including Alan Turing



▸ Secure communications from third parties

▸ Confidentiality of communications



▸ Secure data at rest

▸ Secure data in transit



▸ First 2 A’s in the AAA Framework

▸ Authentication: credentials

▸ Authorization: encrypt and decrypt data

▸ Accounting


ALGORITHMS


ALGORITHMS

▸ One Way Hash


ALGORITHMS

▸ One Way Hash

▸ Data is hashed

▸ Cannot go backwards

▸ Integrity checks

▸ Password checks

▸ Identifiers; ex: Git and Mercurial


ALGORITHMS

▸ One Way Hash

▸ MD5

▸ SHA-1, SHA-2, SHA-3


ALGORITHMS

▸ Symmetric-Key


ALGORITHMS

▸ Symmetric-Key

▸ Same key to encrypt and decrypt

▸ Shared secret key

▸ Susceptible to plaintext attacks (known and chosen) and cryptanalysis (differential and linear)


ALGORITHMS

▸ Symmetric-Key

▸ DES

▸ Triple DES

▸ AES


ALGORITHMS

▸ Symmetric-Key

▸ Blowfish

▸ Twofish

▸ Threefish


ALGORITHMS

▸ Asymmetric-Key


ALGORITHMS

▸ Asymmetric-Key

▸ Heavily used in cryptography

▸ Public and private keys

▸ Public key is publicly available

▸ Private key is kept secret


ALGORITHMS

▸ Asymmetric-Key


ALGORITHMS

▸ Asymmetric-Key

▸ Public key used to authenticate messages from owner of the private key

▸ Public key used to encrypt message to send to owner of the private key

▸ Private key used to decrypt inbound messages

▸ Private key used to encrypt outbound messages


ALGORITHMS

▸ Asymmetric-Key (Public-Key)

▸ RSA

▸ DSA


ALGORITHMS

▸ Broken

▸ DES

▸ MD2, MD4, MD5

▸ SHA-1

▸ GOST

▸ Panama

▸ RC4


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP

▸ String functions just don’t cut it

▸ bin2hex

▸ strrev

▸ base64_encode

▸ dechex

▸ ord and chr (ASCII)

▸ str_replace


ENCRYPTION WITH PHP

▸ Hash

▸ Password hashing

▸ mcrypt

▸ CSPRNG

▸ openssl

▸ libsodium

▸ StupidPass


ENCRYPTION WITH PHP

▸ Hash

▸ hash_algos for array of options

▸ hash($algorithm, $message, $raw = false);

▸ hash_file for file contents hash

▸ hash_equals for comparing hashed values


ENCRYPTION WITH PHP

▸ Hash - Coding time!

▸ 5 minutes

▸ hash_algos for array of algorithms

▸ Output available algorithms<?phpprint_r(hash_algos());

▸ See https://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions

https://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions

https://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions


ENCRYPTION WITH PHP


▸ 10 minutes

▸ hash($algorithm, $message, $raw = false);

▸ foreach hash_algos generate hash

▸ Review output content, including characters, length

▸ Does different message or message length impact hash length?


ENCRYPTION WITH PHP


▸ 5 minutes

▸ hash_file for file contents hash

▸ make a text file with some text in it

▸ compare with hash of plain text


ENCRYPTION WITH PHP

▸ Hash

▸ == and === are not timing safe comparisons

▸ Nuances with PHP == returning truevar_dump(md5('240610708') == md5(‘QNKCDZO')); var_dump(md5('aabg7XSs') == md5('aabC9RqS')); var_dump(sha1('aaroZmOk') == sha1('aaK1STfY'));var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m')); var_dump('0010e2' == '1e3');var_dump('0x1234Ab' == '1193131');var_dump('0xABCdef' == ' 0xABCdef');


ENCRYPTION WITH PHP


▸ 15 minutes

▸ hash_equals as a timing safe hash comparison

▸ run thousands of iterations, look for patterns with averages

▸ $timeStart = microtime(true); … $timeEnd = mircotime(true);

▸ array_multisort($timing, SORT_NUMERIC);


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP

▸ 10 minute break

▸ Lock picking


ENCRYPTION WITH PHP

▸ CSPRNG


ENCRYPTION WITH PHP

▸ CSPRNG

▸ Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)

▸ Part of PHP 7 core

▸ For PHP < 7: composer require paragonie/random_compat


ENCRYPTION WITH PHP

▸ CSPRNG - Coding time!

▸ 10 minutes

▸ random_bytes($length)

▸ bin2hex($randomBytes) for human readable version

▸ random_int($min, $max)

▸ PHP_INT_MIN and PHP_INT_MAX


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP



ENCRYPTION WITH PHP


▸ $insecure = md5($password);

▸ Too fast

▸ Brute force

▸ 5f4dcc3b5aa765d61d8327deb882cf99


ENCRYPTION WITH PHP


▸ Anthony Ferrara RFC in 2012 to simplify password hashing

▸ Use password_hash and password_verfiy (PHP 5.5+)

▸ $current = password_hash($password, PASSWORD_DEFAULT);

▸ PASSWORD_DEFAULT can change over time, currently is blowfish, max password length of 72

▸ $isValid = password_verify($password, $current);


ENCRYPTION WITH PHP


▸ Salt generated automatically

▸ Deprecated as option in PHP 7

▸ Option ‘cost’, target time it takes

▸ password_hash($password, PASSWORD_DEFAULT, [‘cost’ => 10]);


ENCRYPTION WITH PHP

▸ Password hashing - Coding time!

▸ 10 minutes

▸ password_hash($password, PASSWORD_DEFAULT, [‘cost’ => 10]);

▸ notice output pattern, repeat for same password, try variations, different costs

▸ $2y$10$i49TRWieyhYtQ6P.76R5aOwRisUIqnQJxS6tszUobVkGG8bP9/XsW

▸ $2y$ for algorithm

▸ 10 for cost

▸ 22 character salt, varies by algorithm

▸ Hash as the rest


ENCRYPTION WITH PHP

▸ Password hashing - Coding time!

▸ 10 minutes

▸ password_verify($plaintext, $hash);

▸ password_needs_rehash($hash, PASSWORD_DEFAULT, $options)

▸ Timing safe check


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP

▸ mcrypt


ENCRYPTION WITH PHP

▸ mcrypt

▸ Encrypt and decrypt

▸ Uses libmcrypt, which hasn’t been updated since 2007

▸ Bug fixes and patches

▸ Use libsodium or OpenSSL instead!


ENCRYPTION WITH PHP

▸ openssl


ENCRYPTION WITH PHP

▸ openssl

▸ Generate and verify signatures

▸ Certificate Signing Requests (CSR)

▸ Encrypt and decrypt data

▸ Actively supported


ENCRYPTION WITH PHP

▸ openssl

▸ Private key generation

▸ openssl_pkey_new([$configs]);

▸ openssl_pkey_export_to_file($privateKey, $fileName);

▸ openssl_free_key($privateKey);


ENCRYPTION WITH PHP

▸ openssl

▸ Configuration defaults to openssl.conf

▸ digest_alg: Digest method to use

▸ x509_extensions: Extensions to use for x509 cert

▸ req_extensions: Extensions to use for CSR

▸ private_key_bits: Bits for private key generation

▸ private_key_type: Type of key

▸ encrypt_key: Export key with passphrase

▸ encrypt_key_cipher: Cipher for key


ENCRYPTION WITH PHP

▸ openssl - Coding time!

▸ 5 minutes

▸ Private key generation

▸ $config = [‘private_key_bits’ => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA];

▸ openssl_pkey_new([$configs]);

▸ openssl_pkey_export_to_file($privateKey, $fileName);

▸ openssl_free_key($privateKey);


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


▸ 5 minutes

▸ Public key generation

▸ Continue on from private key generation

▸ openssl_pkey_get_details($privateKey);

▸ file_put_contents(‘public.pem’, $details[‘key’]);

▸ Array with keys ‘bits’, ‘key’ (public key), ‘rsa’, ‘type’


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


ENCRYPTION WITH PHP


▸ 5 minutes

▸ Encrypting data with the public key, decrypt with private

▸ $isEncrypted = openssl_public_encrypt($message, $encrypted, file_get_contents(‘public.pem’));

▸ $isDecrypted = openssl_private_decrypt($encrypted, $decrypted, file_get_contents(‘private.pem’);


ENCRYPTION WITH PHP


▸ 5 minutes

▸ Encrypting data with the private key, decrypt with public

▸ $isEncrypted = openssl_private_encrypt($message, $encrypted, file_get_contents(‘private.pem’));

▸ $isDecrypted = openssl_public_decrypt($encrypted, $decrypted, file_get_contents(‘public.pem’);


ENCRYPTION WITH PHP

▸ cracklib


ENCRYPTION WITH PHP

▸ cracklib

▸ PECL extension, must be installed

▸ Checks complexity of passwords

▸ Still experimental


ENCRYPTION WITH PHP

▸ cracklib

▸ crack_opendict(‘/path/to/dictionary’)

▸ crack_check($dictionary, $password)

▸ crack_getlastmessage()

▸ crack_closedict($dictionary)


ENCRYPTION WITH PHP

▸ cracklib

▸ it's WAY too short

▸ it is too short

▸ it does not contain enough DIFFERENT characters

▸ it is all whitespace

▸ it is too simplistic/systematic

▸ it looks like a National Insurance number.

▸ it is based on a dictionary word

▸ it is based on a (reversed) dictionary word

▸ strong password


ENCRYPTION WITH PHP

▸ 10 minute break

▸ Find group of up to 4 for games


ENCRYPTION WITH PHP

▸ libsodium


ENCRYPTION WITH PHP

▸ libsodium

▸ PECL extension

▸ PHP 7.2 core

▸ modern cryptography library

▸ namespaced as \Sodium\function_name


ENCRYPTION WITH PHP

▸ libsodium - Coding time!

▸ 10 minutes

▸ Cryptographically secure randomness

▸ \Sodium\randombytes_buf($numberBytes) with each byte being a random value between 0 and 255 (bin2hex for readability)

▸ \Sodium\randombytes_random16() for random integer between 0 and 65535

▸ \Sodium\randombytes_uniform($maxPlusOne) for uniformly distributed random integers between 0 and max


ENCRYPTION WITH PHP

▸ libsodium - Coding time!

▸ 10 minutes

▸ Secret-key encryption and decryption

▸ $key = \Sodium\randombytes_buf(\Sodium\CRYPTO_SECRETBOX_KEYBYTES);

▸ $nonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_SECRETBOX_NONCEBYTES);

▸ $ciphertext = \Sodium\crypto_secretbox('test', $nonce, $key);

▸ $plaintext = \Sodium\crypto_secretbox_open($ciphertext, $nonce, $key);


ENCRYPTION WITH PHP

▸ libsodium

▸ Public-key encryption and decryption

▸ \Sodium\crypto_box_* functions


ENCRYPTION WITH PHP

▸ libsodium

▸ Much more functionality

▸ Password hashing and checking

▸ Key signing

▸ Message Authentication Code (MAC)

▸ Hashing


ENCRYPTION WITH PHP

▸ StupidPass


ENCRYPTION WITH PHP

▸ StupidPass

▸ composer require northox/stupid-password

▸ $stupidPass = new StupidPass;

▸ $isValid = $stupidPass->validate($password);

▸ $stupidPass->getErrors();

▸ new StupidPass($maxLength, $environmental, $pathToDictionary, $errorText, $options);


ENCRYPTION WITH PHP

▸ StupidPass - Coding time!

▸ 10 minutes

▸ install composer, StupidPass

▸ Try out common passwords, custom dictionary, see the errors

▸ composer require northox/stupid-password

▸ $stupidPass = new StupidPass;

▸ $isValid = $stupidPass->validate($password);

▸ $stupidPass->getErrors();

▸ new StupidPass($maxLength, $environmental, $pathToDictionary, $errorText, $options);


CONSIDERATIONS


CONSIDERATIONS

▸ Salts

▸ Algorithm costs

▸ Timing attacks

▸ Brute force attacks

▸ Rainbow tables

▸ Max message length


CONSIDERATIONS

▸ Salts

▸ Increased security for digest if done correctly

▸ Ex: $salt . $password

▸ Pepper debate

▸ Let password_hash generate the salt for you

▸ Different salt per password or message


CONSIDERATIONS

▸ Algorithm Costs

▸ Default cost for password_hash is 10

▸ Higher cost leads to more processing time

▸ 8-12 is generally a good baseline

▸ Might change depending on hardware available


CONSIDERATIONS

▸ Timing Attacks

▸ Analyzing timing for algorithms

▸ Time variation for hashing, encrypting, decrypting

▸ Ex: Username not found, no password check attempted

▸ Ex: String comparisons stop after first mismatch

▸ Timing safety built into functions, take same time for positive or negative match


CONSIDERATIONS

▸ Brute Force Attacks

▸ Timing attack used to brute force list of usernames

▸ Dictionary attack using dictionary and common passwords

▸ Take time

▸ Advanced Persistent Threat (APT)


CONSIDERATIONS


▸ Countermeasures

▸ Lock accounts, but causes Denial of Service

▸ Add time to each login

▸ Lock by IP address

▸ Vary failed login attempt behavior (Ex: HTTP status, redirect)


CONSIDERATIONS


▸ Countermeasures

▸ Key words in HTML comments (invalid login, bad username or password)

▸ Security questions

▸ CAPTCHA

▸ Add another factor (multi-factor authentication)


CONSIDERATIONS

▸ Rainbow Tables

▸ Table with hashes already figured out

▸ Used for hashing that always generates same hash for an input

▸ Counter with modern algorithms, salts

▸ Common for MD5, SHA1, and other older algorithms


CONSIDERATIONS

▸ Rainbow Tables

▸ Internet search for the hash

▸ Online hash cracking sites


CONSIDERATIONS

▸ Max Message Length

▸ Only X characters considered when generating hash

▸ Ex: MD5 max is 128 characters in, 32 hex out

▸ Ex: password_hash max is 72 characters


CONSIDERATIONS

▸ Identify sensitive data

▸ Determine appropriate encryption

▸ Use cryptography to keep data safe


CONSIDERATIONS

▸ Cryptography can help minimize damage

▸ Electronic data breaches

▸ Stolen electronic devices

▸ Data transmission


CONSIDERATIONS

▸ Cryptography cannot help minimize damage

▸ Phishing attacks

▸ Credential theft

▸ Escalation of privileges

▸ DoS/DDoS

▸ Social engineering


CONSIDERATIONS

▸ Security education

▸ Verizon Data Breach Investigation Report

▸ SANS Institution, email digest

▸ Krebs on Security blog

▸ OWASP

▸ BrightTALK


CRYPTOGRAPHY GAMES


CRYPTOGRAPHY GAMES

▸ Groups of up to 4

▸ 11:15-11:20 Instructions and rules, get in groups

▸ 11:20-11:45 Coding time!

▸ 11:45-11:55 Review answers

▸ 11:55-12:00 Closing


CRYPTOGRAPHY GAMES

▸ Get into your groups of up to 4


CRYPTOGRAPHY GAMES

▸ Instructions and rules

▸ Use PHP

▸ Decrypt the data

▸ Record how you decrypted the message

▸ Record plain text answer

▸ Winning team is team with most correct answers


CRYPTOGRAPHY GAMES

▸ Time is up!


CRYPTOGRAPHY GAMES

▸ Answers


CRYPTOGRAPHY GAMES

▸ Conclusion

▸ Leverage PHP cryptography and hashing features

▸ Use modern libraries

▸ Encrypt sensitive information

▸ Hash passwords correctly


QUESTIONS?

▸ Rate on joind.in

▸ https://joind.in/talk/7b305



SOURCES

▸ Merriam-Webster Dictionary online

▸ PHP.net documentation

▸ Virendra Chandak https://www.virendrachandak.com

▸ OWASP

▸ Verizon 2017 Data Breach Investigations Report

▸ https://paragonie.com/book/pecl-libsodium/read/00-intro.md

▸ https://www.cryptologie.net/article/268/how-to-compare-password-hashes-in-php/

▸ http://blog.ircmaxell.com/2014/11/its-all-about-time.html

http://php.net

https://www.virendrachandak.com

https://paragonie.com/book/pecl-libsodium/read/00-intro.md

https://www.cryptologie.net/article/268/how-to-compare-password-hashes-in-php/

https://www.cryptologie.net/article/268/how-to-compare-password-hashes-in-php/

http://blog.ircmaxell.com/2014/11/its-all-about-time.html