Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
-
Upload
hasin-hayder -
Category
Technology
-
view
799 -
download
1
Transcript of Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
![Page 1: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/1.jpg)
cryptography for the mere mortals
![Page 2: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/2.jpg)
rosetta stone
![Page 3: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/3.jpg)
![Page 4: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/4.jpg)
![Page 5: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/5.jpg)
![Page 6: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/6.jpg)
![Page 7: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/7.jpg)
![Page 8: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/8.jpg)
julius caesar : caesar cipher
key = 3
![Page 9: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/9.jpg)
julius caesar : caesar cipher
key = 3
hasin = kdvlq
![Page 10: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/10.jpg)
rise of the machines
![Page 11: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/11.jpg)
cryptography in bangla way
![Page 12: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/12.jpg)
!@#$%^&*
The science of writing in secret code
![Page 13: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/13.jpg)
daily cryptography
SSL
Session/Cookie Encryption
Storing Sensitive Information
Secure Message Transportation
Signing Documents
![Page 14: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/14.jpg)
terms
Plaintext
Key
Cipher
Encryption
Ciphertext
Decryption
![Page 15: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/15.jpg)
techniques
Symmetric Cryptography = shared secret key
Asymmetric Cryptography = public key + private key
Hash Cryptography = One way
![Page 16: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/16.jpg)
cryptography in PHP
cracklib
hash
mCrypt
openSSL
mHash
![Page 17: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/17.jpg)
one way journey
md5
sha1
Sha2
Sha 256
Sha 512
![Page 18: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/18.jpg)
problems of MD5/SHA1 Collision Attack
hash(data1) = hash(data2)
![Page 19: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/19.jpg)
why salt?
![Page 20: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/20.jpg)
password!
Use a salt value in hash functions or bcrypt
hash( $salt . $password );
hash_hmac( ‘sha512’, $salt . $password );
crypt($password , $salt );
![Page 21: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/21.jpg)
symmetric encryption
One single key
Shared between parties
Popular
![Page 22: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/22.jpg)
sample encryption - AES…
$ivlength = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv(
$ivlength,
MCRYPT_RAND);
![Page 23: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/23.jpg)
sample encryption - AES
$encryptedText = mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,
$key,
$data,
MCRYPT_MODE_CBC,
$iv);
![Page 24: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/24.jpg)
sample decryption – AES
$decryptedText = mcrypt_decrypt(
MCRYPT_RIJNDAEL_256,
$key,
$encryptedText,
MCRYPT_MODE_CBC,
$iv);
![Page 25: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/25.jpg)
asymmetric encryption
public / private key
semi-shared
![Page 26: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/26.jpg)
meet with bob and alice
![Page 27: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/27.jpg)
bob and alice’s storyBob Asks Alice For her public key
Bob signs msg with the public key of Alice
Alice gets encrypted msg
Alice decrypts msg with her secret private key
Alice reads It
![Page 28: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/28.jpg)
public/private key encryption
RSA
openSSL
![Page 29: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/29.jpg)
RSA key-pair
ssh-keygen –t RSA –b <bit>
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): /tmp/pk_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/pk_rsa
Your public key has been saved in /tmp/pk_rsa.pub
![Page 30: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/30.jpg)
RSA key to PEM format
openssl rsa -in pk_rsa -outform pem > pk_rsa.pem
![Page 31: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/31.jpg)
generate RSA key in PEM format
openssl genrsa -des3
-out pk_rsa.pem 2048
![Page 32: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/32.jpg)
public key out of PEM file
openssl rsa -pubout
-in pk_rsa.pem
-out pk_pub.pem
![Page 33: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/33.jpg)
encrypt with public key$pub_key=openssl_get_publickey(
file_get_contents("/tmp/pk_pub.pem"));
openssl_public_encrypt(
$source,
$crypttext,
$pub_key);
![Page 34: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/34.jpg)
decrypt using private key…$passphrase = “<secret passphrase>";
$key = openssl_get_privatekey(
file_get_contents("/tmp/pk.pem"),
$passphrase);
![Page 35: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/35.jpg)
decrypt using private key
openssl_private_decrypt(
$crypttext,
$plaintext,
$res);
![Page 36: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/36.jpg)
there are always some bad guys…
![Page 37: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/37.jpg)
best practices
PCI DSS Compliance
![Page 38: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/38.jpg)
best practices
AES (RIJNDAEL)
BLOWFISH
TWOFISH
SHA-256, 384, 512
RSA
![Page 39: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/39.jpg)
random!
openssl_random_pseudo_bytes()
![Page 40: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/40.jpg)
key space
Secret key space >= 128 bit
Public key space >= 2048 bit
![Page 41: Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu](https://reader035.fdocuments.in/reader035/viewer/2022062513/5577c7f0d8b42ae0418b46d8/html5/thumbnails/41.jpg)
thanks
M A Hossain Tonu
Sr. Software Engineer, somewherein…
http://mahtonu.wordpress.com
Hasin Hayder
Founder, Leevio
http://hasin.wordpress.com