Tales From the CryptA Cryptography Primer

Adam Englander, iovation@adam_englander

@adam_englander

I am a Virtual Crime Fighter

@adam_englander

I am a lover of PHP

@adam_englander

I Am Not…

• … a security researcher

• … a cryptographer

• … a mathematician

@adam_englander

What To Expect• Gain a working understanding of common

terms used in cryptography.

• Understand the key drivers for choosing cryptography methodologies, algorithms and strengths.

• Know which PHP modules to use.

@adam_englander

What Is Cryptography?

Cryptography…isthepracticeandstudyoftechniquesforsecurecommunicationinthepresenceofthirdpartiescalledadversaries.

Wikipedia

@adam_englander

My Definition of Cryptography

Cryptographyobscuresdatainsuchawaythatitisdifficultandthereforecostlyforanadversarytoduplicateorreverse.

@adam_englander

Who Are Your Adversaries?• Lone Gunmen - The 400 lb. hacker on their bed.

• Hactivist Groups - Anonymous is most known.

• Competitors - Industrial espionage.

• Organized Crime - Identity theft, fraud, extortion.

• Nation State - Data farming, credential theft.

@adam_englander

What Contributes to Cost?

Secrets

Computation

Entropy

@adam_englander

How Secret is Secret?• Asymmetric Encryption is more secret than

Symmetric Encryption. No shared secrets.

• How predictable is your secret?

• Who has access to your secrets?

• Secrets encrypted at rest? Those secrets?

• Are your secrets encrypted in transit?

@adam_englander

Computational Cost

• Complexity of algorithm increases cost.

• Key length increases cost.

• Some algorithms specifically target memory and thread utilization to increase cost.

• Feedback loops increase cost.

@adam_englander

Thedegreeofdisorderoruncertaintyinasystem

What is Entropy?

Merriam-Webster

@adam_englander

Good Cryptographic Entropy

@adam_englander

Poor Cryptographic Entropy

@adam_englander

Achieving Maximum Entropy• Use Cryptographically Secure Pseudo-Random Number

Generators (CSPRNG).

• Salts add global randomness to hashing.

• Feedback loops add local randomness to block ciphers.

• Initialization Vectors add global randomness to block ciphers.

• Some ciphers introduce randomness with padding.

@adam_englander

Local vs Global Entropy

Local entropy is entropy with a singular pice of data within a larger system.

Global entropy is entropy of the same or similar data across the entirety of a larger system.

@adam_englander

How Random Is Random?• It turns out it can be quite random as long as you

use the correct tools.

• Since PHP7, CSPRNG extension provides platform independent cryptographically secure pseudo-random data.

• Until you move to PHP7, paragonie/random_compat package will give you the same functionality.

@adam_englander

Cryptography Systems

• Symmetric Key Cryptography uses shared secrets

• Asymmetric Key Cryptography uses private/public key pairs

@adam_englander

Cryptography Applications

• Encryption

• Digital Signatures

• Key Derivation

@adam_englander

Encryption

• Protecting data that needs to be recalled

• Can be reversed via decryption

@adam_englander

Digital Signature

• Used to verify integrity of data

• Used mostly for data transfer

• Can be used for verifying data at rest

• Can not be reversed but can be reproduced for verification

@adam_englander

Key Derivation

• A.K.A. password hashing

• Cannot be reversed

• Computationally expensive by design

@adam_englander

Symmetric Key Cryptography

@adam_englander

Symmetric Key Cryptography• Shared secrets

• Lower computation costs than most asymmetric algorithms for same key size

• Uses algorithms against blocks or streams of data

• Most implementations will use block as stream ciphers use less resources making them less secure

@adam_englander

Stream vs. Block CiphersStream ciphers very quickly encrypt streams of data as they pass. One portion of the stream does not affect the other. They are not terribly secure.

Block ciphers deal with the data one block at a time. Block ciphers are very secure. They allow for feedback loops that create greater entropy of the entire package.

@adam_englander

Block Algorithms

• Use AES

• Camellia can be used if it is required. It has restricted use due to a patent. Make sure you are not infringing on the patent.

• DES should not be used

Block Cipher ModesDO NOT USE Electronic Cookbook (ECB)!!!

@adam_englander

Blockciphermodesdeterminehowtheblocksofcleartextaretranslatedintociphertext.

What are Block Cipher Modes?

@adam_englander

Cipher Block Chaining (CBC)

• Entire message is required for decryption

• Full cipher text block is used as the seed for the next block

@adam_englander

Cipher Block Chaining (CBC)

@adam_englander

Galois Counter Mode (GCM)• Counter based cipher stream

• Entire message is required for decryption

• Encrypts plain text and generates an authentication code similar to an HMAC simultaneously that is returned with the IV in the cipher text

@adam_englander

Galois Counter Mode (GCM)

@adam_englander

Cipher Feedback (CFB)

• Self-synchronizing cipher stream

• If one segment of the message is lost, you can pick up again with the remaining data

@adam_englander

Cipher Feedback (CFB)

@adam_englander

Output Feedback (OFB)

• Synchronous stream cipher

• Key stream blocks are merged with plain text

• Key stream blocks can be pre-generated on both sides reducing real time processing required.

@adam_englander

Output Feedback

@adam_englander

Digital Signatures (HMAC)

• Hash-based Message Authentication Code (HMAC)

• Hashing combined with key

• SHA-256 or better is preferred to ensure uniqueness

@adam_englander

Asymmetric Key Cryptography

@adam_englander

Asymmetric Key Cryptography

• RSA and DSA are available in PHP. Use RSA.

• Uses very large prime integers

• Very computationally expensive

• Uses key pairs to protect secret

@adam_englander

Super Duper Secret

• Private key can do encrypt, decrypt, sign, and verify signature

• Public key does not have enough data to decrypt or sign. Can only encrypt and verify signature

@adam_englander

Key Size and Hash Algorithm

• Current minimum recommend key size is 2048

• SHA1 is considered safe but SHA-256 is better

@adam_englander

Data Limitations

• RSA can only encrypt or sign data up to the length of the key size

• Signatures use hashing

• Crypto often mixed with symmetric key cryptography

@adam_englander

Padding• Padding is how RSA creates additional

entropy

• Use Optimal Asymmetric Encryption Padding (OAEP)

• Do not use PKCS1-V1_5 as it is no longer considered cryptographically secure

Key Derivation Functionsa.k.a Password Hashing

@adam_englander

Password Hashing

• Always use Key Derivation Functions like bcrypt and PBKDF2.

• If you are currently using MD5 or SHA for hashing, use a random salted with your hash now and a key derivation function soon.

@adam_englander

Key Derivation

• Uses salt for entropy

• Iterates to increase cost

• Can create cost via threads and memory

• Bigger is better!

@adam_englander

Which KDF Should I Use?

• argon2i is the new hotness

• scrypt is preferred

• bcrypt is acceptable

• PBKDF2 can be used in a pinch

@adam_englander

How Can I Use KDFs?• PHP has the best package for managing that

PERIOD! Use the password extension. Just use it!

• For *cough* pre-5.5.0, you can use ircmaxell/password-compat

• Provides tools for hash upgrades. AWESOME!

@adam_englander

Recommendations

@adam_englander

Disclaimers• Although every app is different, commonalities

exist across most applications

• I am only recommending what I know and have vetted directly or indirectly via my work experience

• If you think you are different, ask yourself if the advantages outweigh the risks

@adam_englander

Types• Use RSA asymmetric key cryptography when

transferring data

• Mix with AES and random keys/IVs per transfer

• Use CSPRNG extension/package for keys, salts and initialization vectors

• Use password extension/package for passwords

@adam_englander

Strength

• Use the strongest cryptography you can afford

• AES: aes-256-cbc / sha256 minimum

• RSA: 2048+ PKCS1_OAEP / RSA-SHA256

• Hash until it hurts!

@adam_englander

Packages/Libraries

• Use OpenSSL for encryption and digital signatures

• For extreme compatibility, use phpseclib/phpseclib

• Use CSPRNG extension/package for keys, salts and initialization vectors

• Use password extension/package for passwords

@adam_englander

Resources• https://secure.php.net/manual/en/book.openssl.php

• https://secure.php.net/manual/en/book.csprng.php

• https://secure.php.net/manual/en/book.password.php

• https://packagist.org/packages/phpseclib/phpseclib

• https://en.wikipedia.org/wiki/Cryptography

@adam_englander

More From Me• https://www.iovation.com/blog/author/aenglander

• https://www.linkedin.com/in/adamenglander

• https://twitter.com/adam_englander

• https://github.com/aenglander

• adam.englander@iovation.com