Airbitz crypto
-
Upload
swansontec -
Category
Documents
-
view
43 -
download
1
Transcript of Airbitz crypto
Building Blocks● Cryptographic hashes
– Data in → number out● Symmetric encryption
– Key & data in → box out– Key & box in → data out
Cryptographic Hash● Output number is big
– 256 bits is common (77 digits)– The universe has ~1080 atoms
● Changing even one input bit changes the whole output
● There is no way to guess the input● There is no way to fake the input
Cryptographic Hash● Hashes are great for verifying files$ sha256sum < cat.jpg9818c3a0a106bbefbbede8da7969c74203fe1f3ea290023a3f2bd415f41f8c24
● If the hash matches, the file hasn't been changed
Example Hash● echo -n "Satoshi" | sha256sum
002688cc350a5333a87fa622eacec626c3d1c0ebf9f3793de3885fa254d7e393
● echo -n "satoshi" | sha256sum
da2876b3eb31edb4436fa4650673fc6f01f90de2f1793c4ec332b2387b09726f
Passwords are Special● Passwords are easy to guess
– Just try every possible combination– If the hash matches, you guessed the
password– Faster hash = more guesses per second
Password Hashing● Password hashes should be slow &
eat lots of RAM– GPU's and FPGA's can try 1000's of
combinations at once– RAM makes this harder
Scrypt● Password hashing function
– Adjustable time– Adjustable memory– AirBitz targets about ½ second– Needs a salt
Why Salt?● Hash once, try many accounts
– Pre-compute a big table of common passwords
– Now just scan the database for matches
– Odds are, something will match– Mainly a problem on hacked servers
Salt● A salt makes every hash different
– sha256(“bad-password” + “salt1”)– sha256(“bad-password” + “salt2”)– An attacker needs to try each row
individually now– The salt needs to be saved somewhere
Getting the Salt● Brand-new phone
– Doesn't know the salt– Can't hash the key without the salt– Can't decrypt without the key
Getting the Salt● Hash the username & send to the server
– AirBitz doesn't know the username– Uses a fixed salt compiled into the code
● Server returns the salts for this account– passwordAuthSnrp– passwordKeySnrp
● “Snrp” = Salt + Scrypt difficulty
Getting the Box● Hash the password & send to server
– Uses passwordAuthSnrp● Server returns encrypted box
– The server won't give the encrypted box to just anybody
– We can limit guesses per second
Opening the Box● Hash the password to make a key
– Uses passwordKeySnrp– Different hash from what we send to
the server– AirBitz can't decrypt the data
● The key unlocks the Box
Master Key● What's in the box?
– Another key!– This is the “master key”– Grants full access to the account– Generated randomly– Stays the same, even if the password
changes
Getting the Data● The master key tells us where to find
the user data– The data is on a different server from
the login stuff– AirBitz doesn't know which data goes
with which account– The data servers are actually Git
servers
Password Recovery
PasswordRecoveryAnswers
Hash Hash
Master Key
Multiple boxes,each with amaster keycopy inside
PIN Login● Similar idea
– Server returns a box with the PIN inside– PIN's are too weak to use for crypto– The key to unlock the box is just saved
on the phone– Need an already logged-in phone
PIN Authentication● The PIN is weak, so how can the
server verify who we are?– Use hash(pinKey + PIN)– pinKey is on the phone, and impossible
to guess– Even stronger than password hashing!
Bitcoin Keys● What are we trying to protect?
– Bitcoins are secured using keys– Anyone who controls the keys controls
the Bitcoins
Secret & Safe● If somebody learns the keys, they
can steal the funds● If you lose the keys, you lose the
funds
Public-Key Crypto● Two keys, one public, on private● The private key controls everything
– Keep it secret, keep it safe● The public key can be shared with
anybody
Public Key● Like an open padlock● Anybody can encrypt● The private key is needed to decrypt● “Public key” is a stupid name
– Should be called “lock” or something
Bitcoins & Public Keys● A Bitcoin address is a public key
– … well, a hashed public key● Anybody can send funds to a bitcoin
address● Only the private key can spend
Signatures● To spend bitcoins, two things are
needed:– The public key– A signature
● Only a private key can make a signature
● A public key can check a signature