@adam_englander

Tales From the CryptoA Cryptography Primer

@adam_englander

Who Am I?

@adam_englander

We are going to talk about the common methods and terms used for

cryptography in application development

@adam_englander

What is Cryptography?

@adam_englander

Cryptography…is the practice and study of techniques for secure communication in the presence of third parties called adversaries.

Wikipedia

@adam_englander

Cryptography obscures data in such a way that it is costly to

duplicate or difficult to reverse.

@adam_englander

Good cryptography makes it extremely difficult to identify patterns

in the obscured data.

@adam_englander

Type of Cryptography We Will Cover

• Encryption/Decryption

• Digital Signatures

• Hashing

@adam_englander

Encryption

@adam_englander

Encrypting data ensures only certain parties can read it.

@adam_englander

Encrypted data can be decrypted.

@adam_englander

Encryption uses mathematical algorithms called ciphers.

@adam_englander

The ciphers use secrets called cipher keys.

@adam_englander

Cipher keys can be symmetric (shared secrets) or asymmetric

(public key cryptography).

@adam_englander

Symmetric Key Encryption

@adam_englander

Symmetric key encryption applies ciphers against data producing a

cipher text.

@adam_englander

There are two types of symmetric key ciphers:

stream and block.

@adam_englander

Stream ciphers use a cipher key with a cryptographically secure

pseudorandom cipher digit stream called a keystream to

product the cipher text.

@adam_englander

Cryptographically secure pseudorandom values are

issued to be random enough not to generate distinguishable

patterns.

@adam_englander

Block ciphers execute against a fixed length group of bits.

@adam_englander

Cipher Block Execution Modes

@adam_englander

Electronic Cookbook (ECB)

@adam_englander

DO NOT USE ECB!

@adam_englander

Electronic cookbook encrypts each block separately.

@adam_englander

@adam_englander

It is not secure as patterns are created from the same data resulting

in the same cipher text.

@adam_englander

If you manage to decrypt one block of the cipher text, you can now

decrypt all of the others.

@adam_englander

Plain ECB CBC

Mode Comparison

Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP.

@adam_englander

DO NOT USE ECB!

@adam_englander

Block Chain and Feedback Modes: CBC, CFB, and OFB

@adam_englander

All use an initialization vector (IV) to provide the chain/feedback on the

first block.

@adam_englander

All base the cipher value of the current block on some portion of

the previous block.

@adam_englander

@adam_englander

@adam_englander

@adam_englander

Unless you have a specific use case, use CBC.

@adam_englander

Use PKCS7 padding as it is secure and has the widest compatibility.

@adam_englander

Asymmetric Key Encryption: Public Key Cryptography

@adam_englander

Public Key Cryptography use key pairs, public/private.

@adam_englander

Public keys can be disseminated to anyone.

@adam_englander

Public keys can encrypt data but cannot decrypt the data it

encrypts.

@adam_englander

Private keys are secret.

@adam_englander

Public keys can encrypt and decrypt data.

@adam_englander

Public Key Cryptography Implementations

@adam_englander

RSA is the only form available in PHP.

@adam_englander

RSA encryption is computationally expensive

using very large prime integers and exponential computation.

@adam_englander

RSA encryption is limited to the amount of data it can encrypt

based on the size of the private key.

@adam_englander

RSA encryption is often used to exchange secret keys for symmetric key encryption.

@adam_englander

The Diffie/Hellmen key exchange in SSL/TLS is a great example.

@adam_englander

Diffie-Hellman Key Exchange

The “Common Paint” is a random number generated on the client and

encrypted with the public key from the server. It is transmitted to the server and decrypted using the private key. They

negotiate a shared secret and then utilize symmetric key encryption with that secret to communicate further.

@adam_englander

Always use PKCS1 OAEP Padding. PKCS#1 v1.5 is the PHP default but

must not be used.

@adam_englander

Hashing

@adam_englander

Hashes can not be reversed. They can only be recreated and verified.

@adam_englander

Hashing data is used to verify the integrity of data or store the

data obscured.

@adam_englander

Electronic Signatures

@adam_englander

Hashes are used in conjunction with secrets to create electronic

signatures.

@adam_englander

Symmetric Key Signatures

@adam_englander

Symmetric key signatures are known as a Hash-based Message

Authentication Code or HMAC

@adam_englander

HMACs use a hashing algorithm in combination with a shared secret to

generate a verifiable hash.

@adam_englander

The minimum hashing algorithm for an HMAC is SHA-1. SHA-256 or

better is preferred.

@adam_englander

Key size determines the cryptographic strength of the

signature.

@adam_englander

Asymmetric Key Signatures

@adam_englander

The private key is used to sign the data.

@adam_englander

The public key is used to verify the signature.

@adam_englander

RSA is the only asymmetric key signature available in PHP.

@adam_englander

The amount of data RSA can sign is based on the size of the private key.

@adam_englander

RSA uses hashing algorithms for data larger than the key allows.

@adam_englander

SHA1 is the “suggested” minimum hashing algorithm for RSA.

@adam_englander

Password Hashing

@adam_englander

Hashes are used for passwords or any value that will be

presented for verification.

@adam_englander

Proper password hashing is done via a Key Derivation Function (KDF).

@adam_englander

Never use a standard hashing algorithm for passwords EVER!

@adam_englander

Key derivation functions use a “salt” to create differentiation for the same

password.

@adam_englander

Key derivation functions apply the salted hash for a defined iteration

count.

@adam_englander

Hashes must be cryptographically pseudorandom and large.

@adam_englander

Iteration counts must be as large as can be tolerated.

@adam_englander

HASH UNTIL IT HURTS!

@adam_englander

PHP provides PBKDF2 and BCRYPT for password hashing.

@adam_englander

It also provides convenience functions: http://php.net/manual/en/

ref.password.php

@adam_englander

Suggestions

@adam_englander

Encrypt all data that is secret or private.

@adam_englander

Sign all significant data in transit.

@adam_englander

Use the strongest encryption you can support.

@adam_englander

Do NOT use rand() or mt_rand() to generate keys or IVs. Use

Use random_bytes().

paragonie/random_compat is a PHP 5.x polyfill.

@adam_englander

Use the OpenSSL extension for everything but password hashing

@adam_englander

If you are writing a library, you can use phpseclib/phpseclib as

an abstraction layer to OpenSSL, MCrypt, or no crypto

extensions installed.

@adam_englander

Use OPENSSL_PKCS1_OAEP_PADDING

for RSA encryption and OPENSSL_ALGO_SHA256/384/512 for

signatures

@adam_englander

Use aes-256-cbc for symmetric key encryption and

aes-256-cbc-hmac-sha256 for symmetric key signatures

@adam_englander

Use built in password hashing functions to do it right.

@adam_englander

Use a large number of iterations. Shoot for at least 500ms of hashing.

@adam_englander

Further Reading

• http://php.net/manual/en/book.openssl.php

• http://php.net/manual/en/function.password-hash.php

• http://php.net/manual/en/book.csprng.php

• https://github.com/phpseclib/phpseclib

• Wikipedia

@adam_englander

Please Rate This Talk

https://joind.in/talk/6ef69

@adam_englander

20162016