Great Wide Open, profile picture
Uploaded byGreat Wide Open
PPTX, PDF524 views

Using Cryptography Properly in Applications

Andy Watson, an employee of Ionic Security, gave a presentation on properly using cryptography in applications. The presentation covered topics such as random number generation, hashing, salting passwords, key derivation functions, symmetric encryption algorithms and common mistakes made with cryptography. The goal was to help people avoid vulnerabilities like unsalted hashes, hardcoded keys, weak random number generation and improper encryption modes.

Downloaded 18 times
Using Cryptography Properly in Applications Andy Watson Ionic Security #GWOCryptoParty Great Wide Open 2016
About: Name: Andy Watson Occupation: Byte Mangler Employer: Ionic Security http://ionic.com/
Why am I here? I’ve seen too many people not using cryptography or using it incorrectly. This information may help you not be one of them.
Agenda: ● Random ● Salt ● Hash ● Key Derivation ● Symmetric Encryption ● Famous Mistakes
Random
Random Number Generators RNG: A computational or physical device designed to generate a sequence of numbers that lack any pattern True random number generators depend on an entropy source like radioactive decay or radio frequency noise For cryptographic functions, higher levels of entropy are required to work properly https://www.random.org/randomness/
Pseudo Computational RNG are known as Pseudo RNG PRNG are “seeded” with a value to generate a series of numbers
Hashes
HASH!
Hashing Function (n.) A Function that represents data of arbitrary size as data of a fixed size. $ echo "Great Wide Open 2016" | md5 e2be8adfadee4bfe635041c4c37dadac $ echo "All Things Open 2015 " | md5 402854038fbffe281a518b53cdbd5594
When to Hash Use hashing functions when saving the original data would be a liability you have no business dealing with For Example: Linux Passwords $6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2Dwu S4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4.I5x5NtqidhBTG obQLOqxBAFe1
Don’t Store The Clear Credentials should be hashed when stored During login, hash the password entered and check it against the hash you saved
When Hashes Collide These two blocks have the same md5 hash of 79054025255fb1a26e4bc422aef54eb4 d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70 d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
You. Must. Hash. Securely. Cryptographically Secure Hash Function (n.) A hash function which is infeasible to reverse back to the original message and not subject to collisions $ echo "Great Wide Open 2016" | shasum -a 51240094ad14fec6107ccabbc430e00cb9ef34f75a45420ca055eb294ccbcc8f 2084da4ec10f852c4e6cc372d2f3f7ab34fbfc113661b2735243621509ef9b3d 3dd
Taste the Rainbow Table A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Password MD5 Hash 123456 e10adc3949ba59abbe56e057f20f883e password 5f4dcc3b5aa765d61d8327deb882cf99
It’s not just for your fries SALT
What is a Salt? Random data added to your input to create better output from one way functions Useful for defending against dictionary and rainbow table attacks. $ echo "secret" | md5 Dd02c7c2232759874e1c205587017bed $ openssl rand -hex 16 72f72e199d1292317ee60cbe3c50b5ba $ echo "72f72e199d1292317ee60cbe3c50b5ba secret" | md5 7cb940bf5166c52834a9e831a6299091
Key Derivation
Key Derivation Functions KDF create new secret keys from a secret value and a known value - like a password Key Derivation Functions can be used in a “key stretching” routing to enhance hashing functions to provide much more protection from rainbow tables and brute force attacks
Original KDF: crypt ● Invented in 1978 to protect UNIX passwords ● Used only a 12 bit salt ● Limited passwords to 8 characters
Modern KDFs PDKDF2 ● 64 bit random salt ● 5000 iterations of SHA1 (hashing function) SCRYPT ● Consumes large amounts of memory on purpose
PBKDF2 In A Nutshell™ Password SALT + Password Prepend SALT Intermediate Hash SHA1 REPEAT 5000 TIMES Final Hash
Save the Salt Store the salt, the resulting hash and the number of iterations in your data store You’ll have to calculate the derived key of the credential again to verify it is correct https://crackstation.net/hashing-security.htm
Vulnerabilities • ASICs exists that can run PBKDF2 processes very quickly • bcrypt requires the use of more memory so it makes it harder to implement in silicon • scrypt is more modern and can be tuned to use even more memory
Symmetric Encryption
Symmetric Encryption Used when your application needs to protect data at rest (on disk etc) but will need to use those values later The most common algorithm for symmetric encryption is AES (Advanced Encryption Standard) It can operate in multiple modes like ECB, CBC, CTR and GCM - each suited to different uses
ECB Mode Electronic Code Book Simplest mode: Operates on blocks of plaintext
Comparing ECB to other modes http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Galois Counter Mode (GCM) Encrypts and Authenticates Messages Reduces the opportunity for interference with messages to go undetected Functions at a high rate of speed Became NIST standard in 2007
Simple! https://en.wikipedia.org/wiki/Galois/Counter_Mode
Uses of GCM • TLS 1.2 • SSH • IPsec
Let’s talk about it. Mistakes Were Made
The Stupid. It Hurts.
Le Sigh. My password is stored in their database in plaintext. It was not hashed or they could not have emailed it to me! Obviously, the password I use with them is a special snowflake.
Which is bad because... A lot of people use the same password everywhere and use their email address as their login!
So... An attacker that gets this password list can try to log in to all kinds of things as you! 1. email 2. banks 3. credit reporting 4. even NetFlix!
Adobe Hack Millions of “encrypted” passwords stolen Hashed with MD5 Large numbers of them found in rainbow tables Most Common Password: 123456 http://stricture-group.com/files/adobe-top100.txt
Beware The Default Settings Default settings for Android Bouncy Castle starting in 2.1 were horribly unsafe Defaulted to ECB mode!
Empirical Study of Android Apps 11,748 applications analyzed 5,656 used ECB mode by default 3,644 used a constant symmetric key 2,000 used ECB mode ON PURPOSE! 1,932 used a constant IV 1,629 seeded PRNG with static value
Seeding the PRNG In 2006 a bug in Debian and Ubuntu caused the PID to be used as the output of the PRNG - only 32,768 possible values! (hint: that’s not enough!)
UnSalted Hashes In 2012, LinkedIn password hashes were stolen. They were not salted. 60% of them were cracked.
Crisis Averted at Slack User profile data stolen in February 2015 Passwords hashed with bcrypt and random salts
Unlocking Your Prius System uses rotating codes in a small range Some built in (pre-shared) keys for repair use No protection from replaying codes Brute force attacks possible
Scared yet?
@andrewwatson http://about.me/andrewwatson Thank You

More Related Content

PPTX
GreyNoise - Lowering Signal To Noise
byAndrew Morris
 
PDF
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
byPOSSCON
 
PPTX
My Bro The ELK
byTripwire
 
PPTX
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
byNahidul Kibria
 
PPTX
Crypto failures every developer should avoid
byFilip Šebesta
 
PPTX
A Brief History of Cryptographic Failures
byNothing Nowhere
 
PDF
Network Security and Cryptography.pdf
byAdityaKumar1548
 
PDF
Adaptive Defense - Understanding Cyber Attacks
byJermund Ottermo
 
GreyNoise - Lowering Signal To Noise
byAndrew Morris
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
byPOSSCON
 
My Bro The ELK
byTripwire
 
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
byNahidul Kibria
 
Crypto failures every developer should avoid
byFilip Šebesta
 
A Brief History of Cryptographic Failures
byNothing Nowhere
 
Network Security and Cryptography.pdf
byAdityaKumar1548
 
Adaptive Defense - Understanding Cyber Attacks
byJermund Ottermo
 

What's hot

PDF
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
PDF
DNS как линия защиты/DNS as a Defense Vector
byPositive Hack Days
 
PDF
Web Security.pdf
byAdityaKumar1548
 
PDF
"A rootkits writer’s guide to defense" - Michal Purzynski
byPROIDEA
 
PDF
Password Security
byCSCJournals
 
PDF
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
PPTX
Breaking the cyber kill chain!
byNahidul Kibria
 
PPT
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
bychrissanders88
 
PDF
Stateless Microservice Security via JWT and MicroProfile - ES
byOtavio Santana
 
PDF
Stateless Microservice Security via JWT and MicroProfile - Guatemala
byOtávio Santana
 
PDF
Stateless Microservice Security via JWT and MicroProfile - Mexico
byOtávio Santana
 
PDF
[OPD 2019] Attacking JWT tokens
byOWASP
 
PPT
Network Security fundamentals
byTariq kanher
 
PDF
Beyond Mirai: The new age of MDDoS attacks
byAPNIC
 
PDF
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
byJohn Bambenek
 
PPTX
WannaCry ransomware outbreak - what you need to know
bySymantec Security Response
 
PPTX
e-Extortion Trends and Defense
byErik Iker
 
PDF
Hunting Layered Malware by Raul Alvarez
byEC-Council
 
PPTX
Practical Cryptography and Security Concepts for Developers
byGökhan Şengün
 
ODP
All Your Password Are Belong To Us
byCharles Southerland
 
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
DNS как линия защиты/DNS as a Defense Vector
byPositive Hack Days
 
Web Security.pdf
byAdityaKumar1548
 
"A rootkits writer’s guide to defense" - Michal Purzynski
byPROIDEA
 
Password Security
byCSCJournals
 
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
Breaking the cyber kill chain!
byNahidul Kibria
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
bychrissanders88
 
Stateless Microservice Security via JWT and MicroProfile - ES
byOtavio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
byOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
byOtávio Santana
 
[OPD 2019] Attacking JWT tokens
byOWASP
 
Network Security fundamentals
byTariq kanher
 
Beyond Mirai: The new age of MDDoS attacks
byAPNIC
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
byJohn Bambenek
 
WannaCry ransomware outbreak - what you need to know
bySymantec Security Response
 
e-Extortion Trends and Defense
byErik Iker
 
Hunting Layered Malware by Raul Alvarez
byEC-Council
 
Practical Cryptography and Security Concepts for Developers
byGökhan Şengün
 
All Your Password Are Belong To Us
byCharles Southerland
 

Viewers also liked

PPTX
CSO Security Standard Conference NYC 2012
byUlf Mattsson
 
PDF
Choosing the Right Data Security Solution
byProtegrity
 
PDF
Secure Storage Encryption Implications_Fornetix
byBob Guimarin
 
PPTX
PCI DSS Conference in London UK 2011
byUlf Mattsson
 
PDF
Securing TodoMVC Using the Web Cryptography API
byKevin Hakanson
 
PDF
Developer's Guide to JavaScript and Web Cryptography
byKevin Hakanson
 
CSO Security Standard Conference NYC 2012
byUlf Mattsson
 
Choosing the Right Data Security Solution
byProtegrity
 
Secure Storage Encryption Implications_Fornetix
byBob Guimarin
 
PCI DSS Conference in London UK 2011
byUlf Mattsson
 
Securing TodoMVC Using the Web Cryptography API
byKevin Hakanson
 
Developer's Guide to JavaScript and Web Cryptography
byKevin Hakanson
 

Similar to Using Cryptography Properly in Applications

PPTX
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
PDF
Cryptography
byYnon Perek
 
PDF
Passwords good badugly181212-2
byIftach Ian Amit
 
PDF
Cryptography For The Average Developer
byAnthony Ferrara
 
PDF
Password (in)security
byEnrico Zimuel
 
PDF
SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
byAdam Englander
 
PPTX
TM112 Meeting12-Cryptography.pptx
byMohammedYusuf609377
 
PDF
The slower the stronger a story of password hash migration
byOWASP
 
PPTX
Securing Passwords
byMandeep Singh
 
PPTX
501 ch 10 cryptography
byToyeeb Onimole
 
PDF
Password Storage and Attacking in PHP
byAnthony Ferrara
 
PDF
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
PPTX
10 application security fundamentals - part 2 - security mechanisms - encry...
byappsec
 
PDF
Encryption Recap: A Refresher on Key Concepts
bythomashtkim
 
PDF
DEFCON 23 - Eijah - crypto for hackers
byFelipe Prado
 
PPTX
All details of cryptography and all the topics of cryptography was explained
bykhitishKumarSahoo1
 
PDF
Data Storage and Security Strategies of Network Identity
byAntiy Labs
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
byPaul Ionescu
 
PPTX
Password Storage Sucks!
bynerdybeardo
 
PPTX
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
Cryptography
byYnon Perek
 
Passwords good badugly181212-2
byIftach Ian Amit
 
Cryptography For The Average Developer
byAnthony Ferrara
 
Password (in)security
byEnrico Zimuel
 
SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
byAdam Englander
 
TM112 Meeting12-Cryptography.pptx
byMohammedYusuf609377
 
The slower the stronger a story of password hash migration
byOWASP
 
Securing Passwords
byMandeep Singh
 
501 ch 10 cryptography
byToyeeb Onimole
 
Password Storage and Attacking in PHP
byAnthony Ferrara
 
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
10 application security fundamentals - part 2 - security mechanisms - encry...
byappsec
 
Encryption Recap: A Refresher on Key Concepts
bythomashtkim
 
DEFCON 23 - Eijah - crypto for hackers
byFelipe Prado
 
All details of cryptography and all the topics of cryptography was explained
bykhitishKumarSahoo1
 
Data Storage and Security Strategies of Network Identity
byAntiy Labs
 
Secure Coding 101 - OWASP University of Ottawa Workshop
byPaul Ionescu
 
Password Storage Sucks!
bynerdybeardo
 
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 

More from Great Wide Open

PDF
The Little Meetup That Could
byGreat Wide Open
 
PDF
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
byGreat Wide Open
 
PDF
Breaking Free from Proprietary Gravitational Pull
byGreat Wide Open
 
PDF
Dealing with Unstructured Data: Scaling to Infinity
byGreat Wide Open
 
PDF
You Don't Know Node: Quick Intro to 6 Core Features
byGreat Wide Open
 
PDF
Hidden Features in HTTP
byGreat Wide Open
 
PDF
Lightning Talk - Getting Students Involved In Open Source
byGreat Wide Open
 
PPTX
You have Selenium... Now what?
byGreat Wide Open
 
PDF
How Constraints Cultivate Growth
byGreat Wide Open
 
PDF
Inner Source 101
byGreat Wide Open
 
PDF
Running MySQL on Linux
byGreat Wide Open
 
PDF
Search is the new UI
byGreat Wide Open
 
PDF
Troubleshooting Hadoop: Distributed Debugging
byGreat Wide Open
 
PPTX
The Current Messaging Landscape
byGreat Wide Open
 
PDF
Apache httpd v2.4
byGreat Wide Open
 
PDF
Understanding Open Source Class 101
byGreat Wide Open
 
PDF
Thinking in Git
byGreat Wide Open
 
PDF
Antifragile Design
byGreat Wide Open
 
PDF
Elasticsearch for SQL Users
byGreat Wide Open
 
PPTX
Open Source Security Tools for Big Data
byGreat Wide Open
 
The Little Meetup That Could
byGreat Wide Open
 
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
byGreat Wide Open
 
Breaking Free from Proprietary Gravitational Pull
byGreat Wide Open
 
Dealing with Unstructured Data: Scaling to Infinity
byGreat Wide Open
 
You Don't Know Node: Quick Intro to 6 Core Features
byGreat Wide Open
 
Hidden Features in HTTP
byGreat Wide Open
 
Lightning Talk - Getting Students Involved In Open Source
byGreat Wide Open
 
You have Selenium... Now what?
byGreat Wide Open
 
How Constraints Cultivate Growth
byGreat Wide Open
 
Inner Source 101
byGreat Wide Open
 
Running MySQL on Linux
byGreat Wide Open
 
Search is the new UI
byGreat Wide Open
 
Troubleshooting Hadoop: Distributed Debugging
byGreat Wide Open
 
The Current Messaging Landscape
byGreat Wide Open
 
Apache httpd v2.4
byGreat Wide Open
 
Understanding Open Source Class 101
byGreat Wide Open
 
Thinking in Git
byGreat Wide Open
 
Antifragile Design
byGreat Wide Open
 
Elasticsearch for SQL Users
byGreat Wide Open
 
Open Source Security Tools for Big Data
byGreat Wide Open
 

Recently uploaded

PDF
Designing an Energy-efficient Architecture for Geo Databases by Yichen Wei
byScyllaDB
 
PDF
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
PDF
Data Structure - 9 Recursion
byAndiNurkholis1
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PPTX
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
PPTX
Mosaic: The Agentic AI Video Editing Platform
byDaniel Gimness
 
PDF
From Gatekeeper to Kyverno : Kubernetes Policy Management with Performance by...
byScyllaDB
 
PPTX
Session 6 Specialized AI Associate Series: The GenAI Experience in UiPath Doc...
byDianaGray10
 
PDF
Airtable Building Semantic Search with Milvus
byZilliz
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PPTX
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
PDF
Using Copilot with Microsoft Office Apps
byDeb Walther
 
PDF
Turbocharging MCP: Speed, Smarts, and Scale by Viraj Sharma
byScyllaDB
 
PDF
Session 3 - UiPath Coded Agents & MCP Server in Action
byDianaGray10
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
PDF
"Building Interactive Async UI with React 19 and Ariakit", Aurora Scharff
byFwdays
 
PDF
APDCA Energy sustainability white paper.pdf
byflintglobalapac
 
Designing an Energy-efficient Architecture for Geo Databases by Yichen Wei
byScyllaDB
 
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
Data Structure - 9 Recursion
byAndiNurkholis1
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
Mosaic: The Agentic AI Video Editing Platform
byDaniel Gimness
 
From Gatekeeper to Kyverno : Kubernetes Policy Management with Performance by...
byScyllaDB
 
Session 6 Specialized AI Associate Series: The GenAI Experience in UiPath Doc...
byDianaGray10
 
Airtable Building Semantic Search with Milvus
byZilliz
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
Using Copilot with Microsoft Office Apps
byDeb Walther
 
Turbocharging MCP: Speed, Smarts, and Scale by Viraj Sharma
byScyllaDB
 
Session 3 - UiPath Coded Agents & MCP Server in Action
byDianaGray10
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
"Building Interactive Async UI with React 19 and Ariakit", Aurora Scharff
byFwdays
 
APDCA Energy sustainability white paper.pdf
byflintglobalapac
 

Using Cryptography Properly in Applications

  • 1.
    Using Cryptography Properly inApplications Andy Watson Ionic Security #GWOCryptoParty Great Wide Open 2016
  • 2.
    About: Name: Andy Watson Occupation:Byte Mangler Employer: Ionic Security http://ionic.com/
  • 3.
    Why am Ihere? I’ve seen too many people not using cryptography or using it incorrectly. This information may help you not be one of them.
  • 4.
    Agenda: ● Random ● Salt ●Hash ● Key Derivation ● Symmetric Encryption ● Famous Mistakes
  • 5.
  • 6.
    Random Number Generators RNG:A computational or physical device designed to generate a sequence of numbers that lack any pattern True random number generators depend on an entropy source like radioactive decay or radio frequency noise For cryptographic functions, higher levels of entropy are required to work properly https://www.random.org/randomness/
  • 7.
    Pseudo Computational RNG areknown as Pseudo RNG PRNG are “seeded” with a value to generate a series of numbers
  • 8.
  • 9.
  • 10.
    Hashing Function (n.) AFunction that represents data of arbitrary size as data of a fixed size. $ echo "Great Wide Open 2016" | md5 e2be8adfadee4bfe635041c4c37dadac $ echo "All Things Open 2015 " | md5 402854038fbffe281a518b53cdbd5594
  • 11.
    When to Hash Usehashing functions when saving the original data would be a liability you have no business dealing with For Example: Linux Passwords $6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2Dwu S4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4.I5x5NtqidhBTG obQLOqxBAFe1
  • 12.
    Don’t Store TheClear Credentials should be hashed when stored During login, hash the password entered and check it against the hash you saved
  • 13.
    When Hashes Collide Thesetwo blocks have the same md5 hash of 79054025255fb1a26e4bc422aef54eb4 d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70 d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
  • 14.
    You. Must. Hash.Securely. Cryptographically Secure Hash Function (n.) A hash function which is infeasible to reverse back to the original message and not subject to collisions $ echo "Great Wide Open 2016" | shasum -a 51240094ad14fec6107ccabbc430e00cb9ef34f75a45420ca055eb294ccbcc8f 2084da4ec10f852c4e6cc372d2f3f7ab34fbfc113661b2735243621509ef9b3d 3dd
  • 15.
    Taste the RainbowTable A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Password MD5 Hash 123456 e10adc3949ba59abbe56e057f20f883e password 5f4dcc3b5aa765d61d8327deb882cf99
  • 16.
    It’s not justfor your fries SALT
  • 17.
    What is aSalt? Random data added to your input to create better output from one way functions Useful for defending against dictionary and rainbow table attacks. $ echo "secret" | md5 Dd02c7c2232759874e1c205587017bed $ openssl rand -hex 16 72f72e199d1292317ee60cbe3c50b5ba $ echo "72f72e199d1292317ee60cbe3c50b5ba secret" | md5 7cb940bf5166c52834a9e831a6299091
  • 18.
  • 19.
    Key Derivation Functions KDFcreate new secret keys from a secret value and a known value - like a password Key Derivation Functions can be used in a “key stretching” routing to enhance hashing functions to provide much more protection from rainbow tables and brute force attacks
  • 20.
    Original KDF: crypt ●Invented in 1978 to protect UNIX passwords ● Used only a 12 bit salt ● Limited passwords to 8 characters
  • 21.
    Modern KDFs PDKDF2 ● 64bit random salt ● 5000 iterations of SHA1 (hashing function) SCRYPT ● Consumes large amounts of memory on purpose
  • 22.
    PBKDF2 In ANutshell™ Password SALT + Password Prepend SALT Intermediate Hash SHA1 REPEAT 5000 TIMES Final Hash
  • 23.
    Save the Salt Storethe salt, the resulting hash and the number of iterations in your data store You’ll have to calculate the derived key of the credential again to verify it is correct https://crackstation.net/hashing-security.htm
  • 24.
    Vulnerabilities • ASICs existsthat can run PBKDF2 processes very quickly • bcrypt requires the use of more memory so it makes it harder to implement in silicon • scrypt is more modern and can be tuned to use even more memory
  • 25.
  • 26.
    Symmetric Encryption Used whenyour application needs to protect data at rest (on disk etc) but will need to use those values later The most common algorithm for symmetric encryption is AES (Advanced Encryption Standard) It can operate in multiple modes like ECB, CBC, CTR and GCM - each suited to different uses
  • 27.
    ECB Mode Electronic CodeBook Simplest mode: Operates on blocks of plaintext
  • 28.
    Comparing ECB toother modes http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
  • 29.
    Galois Counter Mode(GCM) Encrypts and Authenticates Messages Reduces the opportunity for interference with messages to go undetected Functions at a high rate of speed Became NIST standard in 2007
  • 30.
  • 31.
    Uses of GCM •TLS 1.2 • SSH • IPsec
  • 32.
    Let’s talk aboutit. Mistakes Were Made
  • 33.
  • 34.
    Le Sigh. My passwordis stored in their database in plaintext. It was not hashed or they could not have emailed it to me! Obviously, the password I use with them is a special snowflake.
  • 35.
    Which is badbecause... A lot of people use the same password everywhere and use their email address as their login!
  • 36.
    So... An attacker thatgets this password list can try to log in to all kinds of things as you! 1. email 2. banks 3. credit reporting 4. even NetFlix!
  • 37.
    Adobe Hack Millions of“encrypted” passwords stolen Hashed with MD5 Large numbers of them found in rainbow tables Most Common Password: 123456 http://stricture-group.com/files/adobe-top100.txt
  • 39.
    Beware The DefaultSettings Default settings for Android Bouncy Castle starting in 2.1 were horribly unsafe Defaulted to ECB mode!
  • 40.
    Empirical Study ofAndroid Apps 11,748 applications analyzed 5,656 used ECB mode by default 3,644 used a constant symmetric key 2,000 used ECB mode ON PURPOSE! 1,932 used a constant IV 1,629 seeded PRNG with static value
  • 41.
    Seeding the PRNG In2006 a bug in Debian and Ubuntu caused the PID to be used as the output of the PRNG - only 32,768 possible values! (hint: that’s not enough!)
  • 42.
    UnSalted Hashes In 2012,LinkedIn password hashes were stolen. They were not salted. 60% of them were cracked.
  • 43.
    Crisis Averted atSlack User profile data stolen in February 2015 Passwords hashed with bcrypt and random salts
  • 44.
    Unlocking Your Prius Systemuses rotating codes in a small range Some built in (pre-shared) keys for repair use No protection from replaying codes Brute force attacks possible
  • 45.
  • 46.

Editor's Notes

  • #2 Hello everyone, thank you for coming. I’m Andy Watson and I’m here to talk to you about ways to use cryptography correctly in your applications
  • #3 I’m currently a senior engineer at Ionic Security which is a data protection security company based out of Atlanta, GA I’ve been a software developer professionally since 1996 when I got my first job developing large scale, distributed systems for processing streams of data collected out of particle accelerators with some Physics professors at FSU. This was “cloud” computing before it had a name. Since then I’ve built mobile, desktop and web applications for companies like The Walt Disney World Resort, Maersk Sealand, Cox Communications, CoffeeCup Software and many many others.
  • #4 So why am I up here today? Simply put, a lot of people do cryptography terribly - if they even attempt it. This means that when the people using those applications enter data into them it’s vulnerable to theft and loss. I’ll show some terrible examples of this later.
  • #10 fuck, that looks delicious.
  • #11 Back in the old days, a lot of applications would simply md5() your password and store that in their database. Some still do this. Some don’t do anything! More on that later… So what
  • #14 Collisions like this are rare but they can happen. This means that MD5 is not suitable for any cryptographic operations, especially things like verifying the authenticity of TLS certificates.
  • #20 To protect sensitive information like passwords, you should use a derivation function that repeats a hashing process thousands of times to produce unique and irreversible hashes
  • #21 the first key derivation function was created almost 40 years ago but it had significant weaknesses.
  • #22 More modern derivation functions are much better at protecting information because they use better hashes and perform them thousands of times. Another variation of PBKDF2 would be to use 1000 iterations of SHA-256 instead of SHA-1
  • #27 So what if you need to protect something that you have to get back in its original form? That’s where symmetric encryption is used.