cryptography for the mere mortals

rosetta stone

julius caesar : caesar cipher

key = 3

julius caesar : caesar cipher

key = 3

hasin = kdvlq

rise of the machines

cryptography in bangla way

!@#$%^&*

The science of writing in secret code

daily cryptography

SSL

Session/Cookie Encryption

Storing Sensitive Information

Secure Message Transportation

Signing Documents

terms

Plaintext

Key

Cipher

Encryption

Ciphertext

Decryption

techniques

Symmetric Cryptography = shared secret key

Asymmetric Cryptography = public key + private key

Hash Cryptography = One way

cryptography in PHP

cracklib

hash

mCrypt

openSSL

mHash

one way journey

md5

sha1

Sha2

Sha 256

Sha 512

problems of MD5/SHA1 Collision Attack

hash(data1) = hash(data2)

why salt?

password!

Use a salt value in hash functions or bcrypt

hash( $salt . $password );

hash_hmac( ‘sha512’, $salt . $password );

crypt($password , $salt );

symmetric encryption

One single key

Shared between parties

Popular

sample encryption - AES…

$ivlength = mcrypt_get_iv_size(

MCRYPT_RIJNDAEL_256,

MCRYPT_MODE_CBC);

$iv = mcrypt_create_iv(

$ivlength,

MCRYPT_RAND);

sample encryption - AES

$encryptedText = mcrypt_encrypt(

MCRYPT_RIJNDAEL_256,

$key,

$data,

MCRYPT_MODE_CBC,

$iv);

sample decryption – AES

$decryptedText = mcrypt_decrypt(

MCRYPT_RIJNDAEL_256,

$key,

$encryptedText,

MCRYPT_MODE_CBC,

$iv);

asymmetric encryption

public / private key

semi-shared

meet with bob and alice

bob and alice’s storyBob Asks Alice For her public key

Bob signs msg with the public key of Alice

Alice gets encrypted msg

Alice decrypts msg with her secret private key

Alice reads It

public/private key encryption

RSA

openSSL

RSA key-pair

ssh-keygen –t RSA –b <bit>

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /tmp/pk_rsa

Your public key has been saved in /tmp/pk_rsa.pub

RSA key to PEM format

openssl rsa -in pk_rsa -outform pem > pk_rsa.pem

generate RSA key in PEM format

openssl genrsa -des3

-out pk_rsa.pem 2048

public key out of PEM file

openssl rsa -pubout

-in pk_rsa.pem

-out pk_pub.pem

encrypt with public key$pub_key=openssl_get_publickey(

file_get_contents("/tmp/pk_pub.pem"));

openssl_public_encrypt(

$source,

$crypttext,

$pub_key);

decrypt using private key…$passphrase = “<secret passphrase>";

$key = openssl_get_privatekey(

file_get_contents("/tmp/pk.pem"),

$passphrase);

decrypt using private key

openssl_private_decrypt(

$crypttext,

$plaintext,

$res);

there are always some bad guys…

best practices

PCI DSS Compliance

best practices

AES (RIJNDAEL)

BLOWFISH

TWOFISH

SHA-256, 384, 512

RSA

random!

openssl_random_pseudo_bytes()

key space

Secret key space >= 128 bit

Public key space >= 2048 bit

thanks

M A Hossain Tonu

Sr. Software Engineer, somewherein…

http://mahtonu.wordpress.com

Hasin Hayder

Founder, Leevio

http://hasin.wordpress.com