Introduction to Cryptography & PGP
Download as PPTX, PDF1 like1,838 views
This document provides an introduction to cryptography, focusing on hashing, encryption, and PGP (Pretty Good Privacy). It explains the differences between hashing and encryption, and discusses password security, symmetric and asymmetric encryption, and the use of keys in secure communication. The document also delves into practical aspects of PGP for secure email communication, signing messages, and the importance of public key infrastructure.
Introduction to Cryptography & PGP
- 1. Introduction to Cryptography & PGP Rayed Alrashed 20 Feb 2019
- 2. Contents • Hashing • Encryption • PGP • Q & A
- 3. Hashing • Same input always give same output • Tiny modification change everything • Can get input from output ca6b17144b1291d0cfd06a2e36f3d266pa$$w0rd pa$$w0rd pas$w0rd ca6b17144b1291d0cfd06a2e36f3d266 aa60e7d94eac169ccff57ec1f56adec1 ?????? aa60e7d94eac169ccff57ec1f56adec1 HashFunction
- 4. Hashing • Input any size • Output always fixed size (md5=16, sha1=20, sha256=64) • hash value, fingerprint, digest, checksum ca6b17144b1291d0cfd06a2e36f3d266password (10 B) Document (10 KB) Audi (10 MB) Video (100 MB) DVD (1GB) e5f71ea3e05d0007f20ee321f1551e70 aa60e7d94eac169ccff57ec1f56adec1 94ec7185d65dcb09b4c6369819d9ba73 55641e78d24ba54619ec021eba782413 HashFunction *****
- 5. Hashing: Hash Function • Hash Function (FAST) • Hash Tables • Randomization • Load Balancing • Cryptographic Hash Function (Slow by design) • Data integrity: did my data change? • Password verification • Signatures: more on that later
- 6. Hashing: Passwords 1 • Clear text password, stored as is • Admin can see them • If data is leaked, passwords is exposed ahmed my_password ibrahim $ecure93123 saleh my_password
- 7. Hashing: Passwords 2 • Don’t store password, store the hash of a password • Admin can NOT see the original password • If data is leaked, passwords not exposed, but it can be cracked ahmed 55641e78d24ba54619ec021eba782413 ibrahim 94ec7185d65dcb09b4c6369819d9ba73 saleh 55641e78d24ba54619ec021eba782413 • But wait … “ahmed” & “saleh” use the same password • Rainbow table … hackers can reverse the hash!!!!
- 8. Hashing: Passwords 3 • Salt • Random data (salt) is added before hash • hashed = sha256( salt + clear password) • Same password = different hash • Rainbow Table can’t be used • Repeat • Repeat hashing 1000 time! • Make it much harder to brute force username password salt (random) stored ibrahim my_password 9321312 93213123c4a23ffe8b236814f6f4 910bc097e25 saleh my_password 3432455 3432455d2b64e5b352200855682c 906faed3fbb Not Stored!
- 9. Encryption
- 10. Encryption: … vs Encoding • Convert data from form to form • Doesn’t protect data • e.g. Base 64 $ echo "I love Riyadh" | base64 SSBsb3ZlIFJpeWFkaAo= $ echo "SSBsb3ZlIFJpeWFkaAo=" | base64 -D I love Riyadh • e.g. Compression $ echo "I love Riyadh" | gzip > riyadh.gz $ gunzip < riyadh.gz I love Riyadh • Why? Binary can’t be used … email! • Why? Smaller data size • Why? Other systems used different encoding? Mac vs Windows (before Unicode)
- 12. Encryption: Symmetric • Secure • Fast • Many algorithms: AES, DES, Blowfish • But … how to share a key!
- 14. Encryption: Asymmetric • Public Key Encryption • Generate a pair of keys: • Private: Kept securely • Public: can be shared with others • Used: HTTPS, PGP, SSH • E-Commerce isn’t possible without it • Many algorithms: RSA, ElGamal د.طاهرالجمل
- 15. Encryption: Asymmetric • Problem? • Hacker replace Bob public key with his own! • Solution: • Public Key Infrastructure PKI (HTTPS) • Web of Trust (PGP) • Manual checking (SSH) • more on that later …
- 16. Encryption: Signing • Alice Signing: • Hash = sha256(Data) • Signature = Encrypt(Hash, Alice Private Key) • Send: Data + Signature • Bob Verifying: • Hash1 = sha256(Data) • Hash2 = Decrypt(Signature, Alice Public Key) • Signature is Valid if Hash1 == Hash2
- 17. Encryption: Fingerprint -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFxrqqABCADc0RjmaEh4OIWyd92HVJxVZZB7MCCF95hx7ORrnGc4RnHKKUR3 zSBL3LchjKvwyUZ2wNhPXy/zc/ocbAwgGqkhCJGozP5af+VSzAxBBcDa6aJW3zgU P9oOq4UWE90jXrPlVJ1rbgX98DgeWl1h9IcJAq7vUj0XORbRIFTYWkUpEN3JSIAE IqvDyYa7NG0FvuUPlMJ+OUHP8ub4ZPel5l54aHs585bhIRTzHTeG6zbzVinnOQ+Y ZVOsZYZ+r/MXYTu0HPndIaTCVPQ9DQJvVey0LNBSMu2QMJw8Kr8HD5ZPS/h4jrRC 7uraUxrFUr+LYfedGHNkDM92YMvkN513nMahABEBAAG0IFJheWVkIEFscmFzaGVk IDxyYXllZEByYXllZC5jb20+iQFUBBMBCAA+FiEEQz48QnngwBgg5LGwaTbe5KZu wk4FAlxrqqACGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQaTbe 5KZuwk7gvQf+Nh2qmP3H7WDZhzMsaUwt4C9Tdj5IzTrZhEzr+W4KJNXVYErTZfGP IrlJD/zbB9NGz2cwsSk18kWtuHKCwjM8nl5jGeQsPbCc1qFeQeYXYeU+sgape9A4 6KHGB1UNd9A8JwUHUn/50/CLNEA8dWUXSQoLzTF5TZFSGvE1YxP8Lc/kYZOXQhNo 9w3mFgzl+O6Pk+2P9N70jJE3cymqtiBsfFFPGqMGr0S8LBRwxtib/75kqGmXhBrq f+v8qpypeKBTnywOGsQ1QNy5ddyIE6P2rgZHunGeixuRt6swfD7DwmHOCP5DCqAb thRlIquQiQfBqdpBskr7nG1cktfQzKj1F7kBDQRca6qgAQgAurfBxwjFxm5A7pE6 rMkILqOJeMxQuZsFYs8rm5BM1L/zARUVxcQIPtLXx/Afvx+XGPAey9Ojaj1n4o3y W8wkNlJG41EduR4Q9I5NLiPKyR8B2dDClXn7wpzInnwxu5+0od6FQqa8MvS9RYwK KANT4Q6cS5bVjYuDFBFfOXLmZw/BQCMESrJ5d28umGBTODdsb3GqNkbjfB36LC2W eDiyiOek2b07EK2BXx+CsffFVrk+0jF0OD9PG48Yy1qFeJwGQIJNfHT2Xp1HGXYV MHBp9454cI0MHX7+mQhHSB/keLyUIYqtmrxqdROGe0083GPgV0a/b7Z+y6+HruVV ceQrWQARAQABiQE8BBgBCAAmFiEEQz48QnngwBgg5LGwaTbe5KZuwk4FAlxrqqAC GwwFCQPCZwAACgkQaTbe5KZuwk4MSgf7BLi6HrisPcGHNIbWV7QdpfAnly1MHdYc DK5qLzx0DX9T+NzBiR2z833BXhNT2BxSr3sKpaN4EopXYwgBu9y+drnL4QSl/p8P mk02IsQiXdUdhGAzlELBz8nrB9W45KjyqOkFScYbfeEZKO65z6+Jd8mfFF9i/QZh Q1S9rDnAvb2moLOAXfhYO5dBEsSzA+Q1DtcQ4tvyjxjcdUBOH08+daguRvA7EgrY 6GqgXWR2IQftQ6iEk1g7o3taKpT3gkzbA/ssaY045bcQxhvTL4yIuDGKYXt56R1e b0owb9YS/iVD2DhbZfToKJplSlxlcFFy1o5a05Kwf2oESJmWMStFOA== =F2UD -----END PGP PUBLIC KEY BLOCK----- Fingerprint 433E 3C42 79E0 C018 20E4 B1B0 6936 DEE4 A66E C24E • Public Key is very long • Hard to compare keys • Fingerprint short, good for management • Hash of the Key!
- 18. PGP
- 19. PGP: Why? • Communicate securely • Use a shared password? But how to exchange it! • Public-key cryptography • Designed for email • GPG or PGP?
- 20. PGP: Keys • User Alice: gpg --gen-key gpg --list-keys gpg --export alice@example.com > alice gpg --export —armor alice@example.com > alice.pub.asc • User Bob: gpg --import alice.pub.asc
- 21. PGP: Encryption & Decryption • Bob … Encrypting: gpg --encrypt -r alice@example.com my_file # -r = recipient # You can have many recipients # You can’t decrypt the file … unless! • Alice Decrypt: gpg my_file.gpg
- 22. PGP: Signing Emails • Alice: gpg --clearsign my_vote.txt • Bob … verify: gpg --verify my_vote.txt.asc I vote for blue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I vote for blue -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEQz48QnngwBgg5LGwaTbe5KZuwk4FAlxrsQwACgkQaTbe5KZu wk5Ljgf/aHXQmXiX1wl+BmL6fJfOzntPawCaF7MN/cP/60IlXsL7IWHnEjVH6RQV vZN7iRXeTnyCVzG0pehTuV2Zew6KS8E8QlgA3yFVM7jYrJ2yvIq7WabE3Hg8ZJky UOG5dyUs31rbMDT4Ti0YEG9CaEghM7PGngq3ezWQlscWGUfrQBUWX7T7YEVXGI0A bsFNMmIYSV69wlWuz8/vNypMp9Hvk8MHcvkKNAhE6HhEOV/wOVRPL5NKYQY6lUNw 9D1I3DZx1rm2Ni6uQZzrdrON88IkNXm2AcpPlEH3cSfecCIXAgSOlNSmSq928R7w O/q/kqKME5T5srqGZKbijDwFuzrDEQ== =QSh2 -----END PGP SIGNATURE----- gpg: Good signature gpg: BAD signature
- 23. PGP: Signing Files • Sign a file without changing it • Good for binary file (e.g. Executable, Image, Audio, etc …) • You must send 2 files: Original & Signature • Binary Signature gpg --detach-sign invoice.jpg gpg --verify invoice.jpg.sig • Text Signature gpg --detach-sign --armor invoice.jpg gpg --verify invoice.jpg.asc
- 24. PGP: Encryption with a Password • Alice: gpg --symmetric my_secret # It will ask for passphrase (password) • Bob: gpg my_secret.gpg # It will ask for same passphrase! • How to send passphrase from user 1 to user 2 securely?
- 25. PGP: … vs PKI • PGP • Web of Trust • User sign each other keys • Public Key Infrastructure • Certificate authorities (CA) • You trust what CA sign • Public key + user info + CA signature = Certificate • OS ship (and update) a list of trusted CAs
- 26. More Info • https://en.wikipedia.org/wiki/Cryptographic_hash_function • https://en.wikipedia.org/wiki/Salt_(cryptography) • https://en.wikipedia.org/wiki/Rainbow_table • GPG Tutorial: https://futureboy.us/pgp.html
- 27. Thank You