Post on 08-Feb-2017
Tales From the CryptA Cryptography Primer
Adam Englander, iovation@adam_englander
@adam_englander
I am a Virtual Crime Fighter
@adam_englander
I am a lover of PHP
@adam_englander
I Am Not…
• … a security researcher
• … a cryptographer
• … a mathematician
@adam_englander
What To Expect• Gain a working understanding of common
terms used in cryptography.
• Understand the key drivers for choosing cryptography methodologies, algorithms and strengths.
• Know which PHP modules to use.
@adam_englander
What Is Cryptography?
Cryptography…isthepracticeandstudyoftechniquesforsecurecommunicationinthepresenceofthirdpartiescalledadversaries.
Wikipedia
@adam_englander
My Definition of Cryptography
Cryptographyobscuresdatainsuchawaythatitisdifficultandthereforecostlyforanadversarytoduplicateorreverse.
@adam_englander
Who Are Your Adversaries?• Lone Gunmen - The 400 lb. hacker on their bed.
• Hactivist Groups - Anonymous is most known.
• Competitors - Industrial espionage.
• Organized Crime - Identity theft, fraud, extortion.
• Nation State - Data farming, credential theft.
@adam_englander
What Contributes to Cost?
Secrets
Computation
Entropy
@adam_englander
How Secret is Secret?• Asymmetric Encryption is more secret than
Symmetric Encryption. No shared secrets.
• How predictable is your secret?
• Who has access to your secrets?
• Secrets encrypted at rest? Those secrets?
• Are your secrets encrypted in transit?
@adam_englander
Computational Cost
• Complexity of algorithm increases cost.
• Key length increases cost.
• Some algorithms specifically target memory and thread utilization to increase cost.
• Feedback loops increase cost.
@adam_englander
Thedegreeofdisorderoruncertaintyinasystem
What is Entropy?
Merriam-Webster
@adam_englander
Good Cryptographic Entropy
@adam_englander
Poor Cryptographic Entropy
@adam_englander
Achieving Maximum Entropy• Use Cryptographically Secure Pseudo-Random Number
Generators (CSPRNG).
• Salts add global randomness to hashing.
• Feedback loops add local randomness to block ciphers.
• Initialization Vectors add global randomness to block ciphers.
• Some ciphers introduce randomness with padding.
@adam_englander
Local vs Global Entropy
Local entropy is entropy with a singular pice of data within a larger system.
Global entropy is entropy of the same or similar data across the entirety of a larger system.
@adam_englander
How Random Is Random?• It turns out it can be quite random as long as you
use the correct tools.
• Since PHP7, CSPRNG extension provides platform independent cryptographically secure pseudo-random data.
• Until you move to PHP7, paragonie/random_compat package will give you the same functionality.
@adam_englander
Cryptography Systems
• Symmetric Key Cryptography uses shared secrets
• Asymmetric Key Cryptography uses private/public key pairs
@adam_englander
Cryptography Applications
• Encryption
• Digital Signatures
• Key Derivation
@adam_englander
Encryption
• Protecting data that needs to be recalled
• Can be reversed via decryption
@adam_englander
Digital Signature
• Used to verify integrity of data
• Used mostly for data transfer
• Can be used for verifying data at rest
• Can not be reversed but can be reproduced for verification
@adam_englander
Key Derivation
• A.K.A. password hashing
• Cannot be reversed
• Computationally expensive by design
@adam_englander
Symmetric Key Cryptography
@adam_englander
Symmetric Key Cryptography• Shared secrets
• Lower computation costs than most asymmetric algorithms for same key size
• Uses algorithms against blocks or streams of data
• Most implementations will use block as stream ciphers use less resources making them less secure
@adam_englander
Stream vs. Block CiphersStream ciphers very quickly encrypt streams of data as they pass. One portion of the stream does not affect the other. They are not terribly secure.
Block ciphers deal with the data one block at a time. Block ciphers are very secure. They allow for feedback loops that create greater entropy of the entire package.
@adam_englander
Block Algorithms
• Use AES
• Camellia can be used if it is required. It has restricted use due to a patent. Make sure you are not infringing on the patent.
• DES should not be used
Block Cipher ModesDO NOT USE Electronic Cookbook (ECB)!!!
@adam_englander
Blockciphermodesdeterminehowtheblocksofcleartextaretranslatedintociphertext.
What are Block Cipher Modes?
@adam_englander
Cipher Block Chaining (CBC)
• Entire message is required for decryption
• Full cipher text block is used as the seed for the next block
@adam_englander
Cipher Block Chaining (CBC)
@adam_englander
Galois Counter Mode (GCM)• Counter based cipher stream
• Entire message is required for decryption
• Encrypts plain text and generates an authentication code similar to an HMAC simultaneously that is returned with the IV in the cipher text
@adam_englander
Galois Counter Mode (GCM)
@adam_englander
Cipher Feedback (CFB)
• Self-synchronizing cipher stream
• If one segment of the message is lost, you can pick up again with the remaining data
@adam_englander
Cipher Feedback (CFB)
@adam_englander
Output Feedback (OFB)
• Synchronous stream cipher
• Key stream blocks are merged with plain text
• Key stream blocks can be pre-generated on both sides reducing real time processing required.
@adam_englander
Output Feedback
@adam_englander
Digital Signatures (HMAC)
• Hash-based Message Authentication Code (HMAC)
• Hashing combined with key
• SHA-256 or better is preferred to ensure uniqueness
@adam_englander
Asymmetric Key Cryptography
@adam_englander
Asymmetric Key Cryptography
• RSA and DSA are available in PHP. Use RSA.
• Uses very large prime integers
• Very computationally expensive
• Uses key pairs to protect secret
@adam_englander
Super Duper Secret
• Private key can do encrypt, decrypt, sign, and verify signature
• Public key does not have enough data to decrypt or sign. Can only encrypt and verify signature
@adam_englander
Key Size and Hash Algorithm
• Current minimum recommend key size is 2048
• SHA1 is considered safe but SHA-256 is better
@adam_englander
Data Limitations
• RSA can only encrypt or sign data up to the length of the key size
• Signatures use hashing
• Crypto often mixed with symmetric key cryptography
@adam_englander
Padding• Padding is how RSA creates additional
entropy
• Use Optimal Asymmetric Encryption Padding (OAEP)
• Do not use PKCS1-V1_5 as it is no longer considered cryptographically secure
Key Derivation Functionsa.k.a Password Hashing
@adam_englander
Password Hashing
• Always use Key Derivation Functions like bcrypt and PBKDF2.
• If you are currently using MD5 or SHA for hashing, use a random salted with your hash now and a key derivation function soon.
@adam_englander
Key Derivation
• Uses salt for entropy
• Iterates to increase cost
• Can create cost via threads and memory
• Bigger is better!
@adam_englander
Which KDF Should I Use?
• argon2i is the new hotness
• scrypt is preferred
• bcrypt is acceptable
• PBKDF2 can be used in a pinch
@adam_englander
How Can I Use KDFs?• PHP has the best package for managing that
PERIOD! Use the password extension. Just use it!
• For *cough* pre-5.5.0, you can use ircmaxell/password-compat
• Provides tools for hash upgrades. AWESOME!
@adam_englander
Recommendations
@adam_englander
Disclaimers• Although every app is different, commonalities
exist across most applications
• I am only recommending what I know and have vetted directly or indirectly via my work experience
• If you think you are different, ask yourself if the advantages outweigh the risks
@adam_englander
Types• Use RSA asymmetric key cryptography when
transferring data
• Mix with AES and random keys/IVs per transfer
• Use CSPRNG extension/package for keys, salts and initialization vectors
• Use password extension/package for passwords
@adam_englander
Strength
• Use the strongest cryptography you can afford
• AES: aes-256-cbc / sha256 minimum
• RSA: 2048+ PKCS1_OAEP / RSA-SHA256
• Hash until it hurts!
@adam_englander
Packages/Libraries
• Use OpenSSL for encryption and digital signatures
• For extreme compatibility, use phpseclib/phpseclib
• Use CSPRNG extension/package for keys, salts and initialization vectors
• Use password extension/package for passwords
@adam_englander
Resources• https://secure.php.net/manual/en/book.openssl.php
• https://secure.php.net/manual/en/book.csprng.php
• https://secure.php.net/manual/en/book.password.php
• https://packagist.org/packages/phpseclib/phpseclib
• https://en.wikipedia.org/wiki/Cryptography
@adam_englander
More From Me• https://www.iovation.com/blog/author/aenglander
• https://www.linkedin.com/in/adamenglander
• https://twitter.com/adam_englander
• https://github.com/aenglander
• adam.englander@iovation.com