![PHP – MAC
hash_hmac()
hash_hmac ($algo, $data, $key [$raw_output = false])
hash_hmac(’sha256’,’phpbelfast rocks', ’MySecret');
php.net/hash_hmac](https://image.slidesharecdn.com/introductiontoencryption-140207030438-phpapp01/85/Introduction-to-encryption-39-320.jpg)
![PHP password_hash()
v5.5+
password_hash( $password, $algo [, $options] )
password_verify( $password, $hash )
php.net/password_hash
j.mp/1err98n](https://image.slidesharecdn.com/introductiontoencryption-140207030438-phpapp01/85/Introduction-to-encryption-43-320.jpg)
Introduction to encryption
- 2. Who am I? PHP Developer @faffyman @phpbelfast
- 3. What’s this talk about? Mostly the Why and the What And just a little bit of the How
- 4. What this talk is not about Probability Theory behind encryption encryption model definitions
- 5. Why Encrypt? Secure communications - TLS Email - SSL web Payment Gateways -Credit Cards -Bitcoins Filesystems -DVD -Memory Cards Cable TV Signals Online Voting DRM WEP Skype Calls
- 6. What is Encryption? Είναι όλα ελληνικά για μένα It’s all Greek to me
- 7. *Encryption is… “An algorithm that can encode a message such that it is only readable by authorized persons” *Generally speaking.
- 8. *Encryption is… a Cipher.. “A pair of algorithms such that the output ciphertext of the encoding algorithm can be efficiently transformed back to the original text by the decoding algorithm” *not always true
- 10. The Caesar Cipher Also known as the shift cipher Or substitution cipher
- 11. Shift 3 chars left Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD Plaintext: the quick brown fox jumps over the lazy dog
- 12. The Vigener Cipher 16th Century Rome Is a Modulo shift cipher
- 13. Create a repeating key the same length as the message Plain : PHP BELFAST ENCRYTION TALK Key : BLI NKSTUDI OSBLINKST UDIO Cipher: RTY PPEZVWC TEEDHHTHH OEUZ P = 16 + B=2 = 18 = R H = 8 + L=12 = 20 = T L = 12 + S=19 = 31 % 26 = 5 = E
- 14. Playfair Mr Kennedy Famous WWII message involving JFK PHBEL FASTC DGIKM NOQRU VWXYZ http://j.mp/pFAIR IN TR OD UC TI ON TO EN CR YP TI ON DQ KY NG ZM SK QO AR PR TU VE SK QO
- 15. The One Time Pad 1917, Vernam Symantically secure, practically useless Very fast encode / decode Stream Cipher
- 16. The One Time Pad Uses A Random Key of equal length to the message AJDPWNCGS82NCPS03NCBS72HGTWX1EZMBLHPY04YDVS2D
- 17. Rotor Machines Lorenz Cipher (a.k.a. Tunny) Enigma “Nothing to report”
- 18. Encryption is just XOR? There is a lot if it - yes M: 0 1 1 0 1 1 1 Ke: 1 0 1 1 0 0 1 C: 1 1 0 1 1 1 0 Kd: 1 0 1 1 0 0 1 M: 0 1 1 0 1 1 1
- 19. Symmetric Ciphers D ( K, E(k, m) ) = M Decryption of Encrypted Message = Original Message
- 20. Symmetric Ciphers 2 Identical Inputs = 2 different outputs
- 21. Making It Practical Stream Ciphers And Block Ciphers In danger of getting complex now…
- 22. Pseudo Randomness Pseudo Random Key PRF – Pseudo Rand Function PRG – Pseudo Rand Generator PRP – Pseudo Rand Permutation
- 23. Pseudo Random Keys Short Input => Long Output
- 24. Data Encryption Standard DES 1970 – 1976 - IBMs Lucifer cipher approved as Fed. Standard 1997 - DES is broken by exhaustive search Internet search – took 3 months 1998 – Deep Crack does it in 3 days (cost $250K) 1999 – combined search 22 hours 2000 – New Fed Standard adopted. Rijndael or AES
- 25. Feistel Network Common Block Cipher Construction DES is a 16 round Fiestel construction http://j.mp/feistDES
- 26. Advanced Encryption Standard AES Uses block cipher – But NOT a Fiestel Construction 1997: DES Broken NIST requests proposal for new std 1999: 5 shortlisted options 2000: Rijndael chosen to be new AES
- 27. AES
- 28. Side Channel Attacks • • • • j.mp/1c9v9Vi Timing Attacks Power Attacks Sound Attacks Replay Attacks
- 29. ECB Electronic Code Book Encrypted with ECB j.mp/1kONKMk Encrypted in other modes show pseudo randomness
- 31. CTR Counter Mode
- 32. MICs and MACs Message Integrity or Authentication Code Basically - Hash Functions MD5 - weak SHA-1 - weak SHA-256 - better Anti-Tamper codes
- 33. Authenticated Encryption Encrypt then MAC - always provides A.E. MAC then Encrypt is open to CCA attacks - it’s ok IF you use rand-CBC or rand-CTR mode - still open to padding attacks
- 34. Key Exchange
- 35. Public/Private Keys Public key used to encrypt Private key used to decrypt Uses large primes (600+ digits) and modulus of the powers of factors of that prime
- 36. Public/Private Keys ALICE Generate array of public & private keys Alice decrypts with Secret key To obtain Bobs random number BOB Bob chooses one public key Chooses a random secret {0,1}128 encrypts it using Public Key They now have a shared secret or key (Bobs number) with which to encrypt future messages
- 37. PHP – password storage • • • • • • • Raw / Plaintext – do people really do this? Roll your own encryption mechanism MySQL Encrypt() MD5() – no collision too common SHA and store salt bcrypt – No salt storage required phpass – no salt storage required j.mp/1nPFttR
- 38. Golden Rule: Libraries, libraries, libraries Always use a tried & tested library *NEVER* Roll your own
- 39. PHP – MAC hash_hmac() hash_hmac ($algo, $data, $key [$raw_output = false]) hash_hmac(’sha256’,’phpbelfast rocks', ’MySecret'); php.net/hash_hmac
- 41. PHP – openssl library openssl_get_cipher_methods() openssl_cipher_iv_length() openssl_encrypt() openssl_decrypt() j.mp/1dp8OTq
- 42. PHPass – for php v 5.4- j.mp/phpass
- 43. PHP password_hash() v5.5+ password_hash( $password, $algo [, $options] ) password_verify( $password, $hash ) php.net/password_hash j.mp/1err98n
- 44. Credits Cover image -Enigma Machine by Skittledog http://flic.kr/p/9VjJz5 Creative Commons http://creativecommons.org/licenses/by-nc-sa/2.0/ Fiestel Network Diagram Dan Boneh, Stanford Unversity (Coursera – Cryptography I course) Link Bundle j.mp/1iq3xA5
- 45. Final Thought “Only amateurs attack machines, professionals attack humans” - Bruce Schneier
Editor's Notes
- #7: Because it’s basically about encoding the data into a format your enemy cannot understand.
- #9: Symmettric and Asymmetric encryption is different.
- #11: Using a 26 letter alphabet there are 26! Combinations = 2^88 or 88bits
- #15: The PT Boat incident.Kennedy’s message gave away the position of the boat and their pick up times.Wheatston & palmerston
- #16: Very fast encoding and decoding – but the length of the key makes it impractical. It’s as difficult to transmit the key as the plaintext message.WEP 802.11b is bad crypto – it’s keyspace is exhausted so it’s effectively 2 time pad.IV is 24bit so it recycles after 16million data packetsWorse still it resets to zero each time the router reboots.
- #17: Key is very longSharing the Key s difficultSharing the key is as insecure as sharing the messageMessages should never repeatMessages with known portions are prone to being tampered with“nothing to report”
- #18: A German in the desert consistently sent the message Nothing to reportKnown plain text + intercepted cipher text meant they could figure out the machine settings for the day
- #19: XOR makes hardware encoding really fast and simplegenerally convert plain text messages to HEX pairs and XOR those pairs (perhaps via binary)The XOR rule above is WHY we cannot have a two time PADXOR +XOR = original text
- #20: Hopefully one of the only formula’s you’ll encounter tonightBasically Decrypt(encrypted message) = message
- #22: The One Time pad is a stream cipherStream ciphers use a small key but PAD it out to the required length with Pseudo randomnessStream ciphers are fast and commonly used by hardware systems – e.g. DVD encryption, GSM phones, Bluetooth all use stream ciphersRC4 (1987) is a common stream cipher encrypts 1 byte per roundDVD Encryption uses CSS (Code scrambling system)Salsa 20 is a modern stream cipher – process 5 x faster than RC4Block ciphers are the workhorse of modern encryptionExamples includes 3DES (64bit blocks) and key is 168 bitAES (128 bit blocks) key is 128,192 or 256 bitKey is expanded into one key per blockEncryption of block one is fed into block two and so on….Block ciphers are much slower than stream ciphers SLOWER is BETTERI’ll do a few definitions only.
- #23: Pseudo random keys are generated by PRGsA PRG uses a PRF A PRP is an invertible PRFAll PRPs are PRFsNOT all PRFs are PRPs some are non invertiblePRG – Stream CipherPRP = Block CipherA PRP is used by Block ciphers – not stream ciphers - think AES, 3DES etc
- #24: Small keys are EXPANDED by the PRG to form a ONE TIME PAD key of the required length.
- #25: DES used for cheque clearing and many other legacy banking systems.AES is Advanced Encryption Standard.Developed by Horst Fiestel in 1970s3DES tripled the workload time2DES is useless as it is prone to a meet in the middle attack
- #26: Used by DES, 3DES and Blowfish among othersTakes a *secure* PRF (non invertible) and makes it Efficiently invertble after 3 rounds.DES uses 16 rounds.TODO Small PHP script to demonstrate – add to gist - ? TODO
- #28: Substituion permutation layersKey XOR inputByte substitutionShift rowMix columnXOR with next key loop
- #29: Timing AttacksPower AttacksSound AttacksReplay attacks – resend a scrambled signal – could result in a duplicate web order
- #30: Electronic Code book sometimes falls foul of two time padSematic security says that cipher text tells you NOTHING about plain textBut in ECB if block n == block m then those two cipher texts are identicalEach block is encoded separately and independently of the others.
- #31: CBC gets over the short comings of ECB by feeding the results of one block into the intiialisation of the next block
- #32: Turns a Block Cipher into Stream CipherThe initalisation vector in this instance is eth Nonce + The CounterEach block differs from previous one due to eth counter – but not dependant on the previous blockYou can decrypt block independently of each other, or simultaneously is you know the number of blocksHence stream cipher
- #33: Most of the time when talking about encryption – we really mean hashingBecause most of the time we don’t need to decrypt only to confirm.Checking and rejecting an encrypted message based on MAC can leave you open to timing attacksIf decrypt fails or (login guessing) always add a random time interval before returning an error code.MAC also used to authenticate a message but do not provide confidentiality (Authenticated Encryption)
- #34: CCA – Chosen Cipher text attackCPA – Chosen Plaintext AttackAlways use hmac() in your own code.hash_hmac() provides keyed hashing not JUST hashing.Authenticated Encryption is relatively new – circa 2000
- #35: Physical world representation of secure communicationMathematical handshakes basically carry out the above scenario.The mathematical equivalent Public Key crypto was thought up by GCHQ employeeCliff Cocks 1973 – only declassified in 1997He worked it out in his head in 3 hours and had to remember it!!!!Source The Infinite Monkey Cage – 3rd Dec 2012 - Secret ScienceSimon Singh, Dr. Sue Back
- #36: Diffie / Hellmann is the modern approved Public Key system (RSA)It’s all about prime numbers & factorsPick a large primePick a number less than the primeRaise a fixed number to the power of that number less than the prime128bit encryption has modulus size of 3072 bits256bit AES has modulus size of 15,360bits – that’s why it’s a good protocol.
- #37: This is basically Diffie Hellman.
- #38: Many older systems still have plain text passowrds stored
- #40: Use a really long random key – Generate a random key with e.g. openssl_random_pseudo_bytes(64)Don’t reuse the same key over and over againUse a random 64bit minimum saltStore the salt along side the hashYou can store an encrypted version of the Salt with a re-usable key from your site configvars
- #42: Use OPEN SSL if decryption is required.Use openssl for Public private key encryption/decryptionOpenssl_public_[en|de]cryptOpenssl_private_[en|de]crypt
- #43: For versions of PHP less than 5.5 this is a good solid easy to use option
- #44: Php 5.5 password_hash is a wrapper for crypt()Hashes created by crypt can be used with password_hash()By default uses bcrypt CRYPT_BLOWFISHThe $hash returned by password_hash contains the algorith, workload and salt.Retrievable with password_get_info()