Post on 16-Nov-2014
description
cryptography for the mere mortals
rosetta stone
julius caesar : caesar cipher
key = 3
julius caesar : caesar cipher
key = 3
hasin = kdvlq
rise of the machines
cryptography in bangla way
!@#$%^&*
The science of writing in secret code
daily cryptography
SSL
Session/Cookie Encryption
Storing Sensitive Information
Secure Message Transportation
Signing Documents
terms
Plaintext
Key
Cipher
Encryption
Ciphertext
Decryption
techniques
Symmetric Cryptography = shared secret key
Asymmetric Cryptography = public key + private key
Hash Cryptography = One way
cryptography in PHP
cracklib
hash
mCrypt
openSSL
mHash
one way journey
md5
sha1
Sha2
Sha 256
Sha 512
problems of MD5/SHA1 Collision Attack
hash(data1) = hash(data2)
why salt?
password!
Use a salt value in hash functions or bcrypt
hash( $salt . $password );
hash_hmac( ‘sha512’, $salt . $password );
crypt($password , $salt );
symmetric encryption
One single key
Shared between parties
Popular
sample encryption - AES…
$ivlength = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv(
$ivlength,
MCRYPT_RAND);
sample encryption - AES
$encryptedText = mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,
$key,
$data,
MCRYPT_MODE_CBC,
$iv);
sample decryption – AES
$decryptedText = mcrypt_decrypt(
MCRYPT_RIJNDAEL_256,
$key,
$encryptedText,
MCRYPT_MODE_CBC,
$iv);
asymmetric encryption
public / private key
semi-shared
meet with bob and alice
bob and alice’s storyBob Asks Alice For her public key
Bob signs msg with the public key of Alice
Alice gets encrypted msg
Alice decrypts msg with her secret private key
Alice reads It
public/private key encryption
RSA
openSSL
RSA key-pair
ssh-keygen –t RSA –b <bit>
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/pk_rsa
Your public key has been saved in /tmp/pk_rsa.pub
RSA key to PEM format
openssl rsa -in pk_rsa -outform pem > pk_rsa.pem
generate RSA key in PEM format
openssl genrsa -des3
-out pk_rsa.pem 2048
public key out of PEM file
openssl rsa -pubout
-in pk_rsa.pem
-out pk_pub.pem
encrypt with public key$pub_key=openssl_get_publickey(
file_get_contents("/tmp/pk_pub.pem"));
$enc= openssl_public_encrypt(
$source,
$crypttext,
$pub_key);
decrypt using private key…$passphrase = “<secret passphrase>";
$key = openssl_get_privatekey(
file_get_contents("/tmp/pk.pem"),
$passphrase);
decrypt using private key
$dec=openssl_private_decrypt(
$decoded_source,
$newsource,
$res);
there are always some bad guys…
best practices
PCI DSS Compliance
best practices
AES (RIJNDAEL)
BLOWFISH
TWOFISH
SHA-256, 384, 512
RSA
random!
rand()
mt_rand()
openssl_random_pseudo_bytes()
key space
Secret key space >= 128 bit
Public key space >= 2048 bit
thanks
M A Hossain Tonu
Sr. Software Engineer, somewherein…
http://mahtonu.wordpress.com
Hasin Hayder
Founder, Leevio
http://hasin.wordpress.com