Upload
anthony-ferrara
View
8.844
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Slides for a talk I gave on 2/9/13 at Sunshine PHP in Miami.
Citation preview
CryptographyIn PHP
For The Average Developer
Cryptography● Keeping Data Secure
○ Safe From Viewing○ Safe From Tampering○ Safe From Forgery
● Not A Silver Bullet○ XSS○ SQLI○ Social Engineering
● Very Hard To Do○ Any bug will cause problems
The First Ruleof Cryptography
Don't Do It!
Leave ItFor
Experts
Random!The Foundation of Cryptography
● Classified Under Three Types:○ Weak
■ For non-cryptographic usages○ Strong
■ For cryptographic usages where security does not depend on the strength of randomness
○ Cryptographically Secure■ For cryptographic usage when security does
depend on the strength of randomness
Vulnerabilities of Randomness
● Bias○ Certain values tend to occur more often making it
easier to predict future numbers● Predictability
○ Knowing past numbers helps predict future numbers
● Poisoning○ Ability to alter future random number generation
Weak Random in PHPNot to be used for cryptographic usages!!!
● rand()● mt_rand()● uniqid()● lcg_value()
Strong Random in PHP
● mcrypt_create_iv()○ MCRYPT_DEV_URANDOM
● openssl_random_pseudo_bytes()
● /dev/urandom○ For *nix systems only
Cryptographically Secure
● mcrypt_create_iv()○ MCRYPT_DEV_RANDOM
● openssl_random_pseudo_bytes()○ Maybe
● /dev/random○ For *nix systems only
NEVERUse Weak
For Security
NEVERUse CS
When Not Needed
If In DoubtUse Strong
Randomness
Encryption vs Hashing
● Encryption○ Encoding○ 2 Way / Reversible○ Putting a lock on a box
Encryption vs Hashing
● Encryption○ Encoding○ 2 Way / Reversible○ Putting a lock on a box
● Hashing○ Signing○ 1 Way / Non-Reversible○ Taking a person's finger-print
Encryption
Seriously,Don't Do It!
Terms
● Key○ Secure string of data
● Plain-Text○ The text you want to keep secret
● Cipher-Text○ The encrypted output
Two Basic Types
● Symmetric Encryption○ Like a Pad-Lock with a shared key○ The only secret is the key○ Both sides must have the same key
Two Basic Types
● Symmetric Encryption○ Like a Pad-Lock with a shared key○ The only secret is the key○ Both sides must have the same key
● Asymmetric Encryption○ Like a pair of Pad-Locks
■ The "lock" is the public key○ The only secret is the private key○ Both sides have their own key
Symmetric Encryption 101
● Number:01
Scratch That
● Numbers:01 04 01 54 95 42 64 12
Symmetric Encryption 101Let's Add A "Secret" Number!
01 04 01 54 95 42 64 12
+10
11 14 11 64 05 52 74 22
Secret Numbers
● We just invented the Caesar Cipher○ Commonly known as "ROT13"
● But There Are Problems:○ Vulnerable To Statistical Attacks○ Vulnerable To Brute Forcing
■ Only 100 possible secret numbers!
Symmetric Encryption 101I Know: Let's Add A Different Number!
01 04 01 54 95 42 64 12
+10 43 21 95 42 67 31 83
11 47 22 49 37 09 95 95
How It WorksWe can generate the pads in two ways● Randomly
○ If we only use once, perfect security■ Known as a one-time-pad
○ If we use multiple times, same as caesar cipher
● With A Function○ Give one or two inputs
■ A key, and an "input"○ Generates a "stream" of pseudo random
numbers
Ciphers● Take 2 inputs
○ A secret key○ An "input"
● Produces Pseudo-Random Output○ Looks random (statistically)○ Is deterministic
■ Reproducible given same inputs
Modes● Multiple ways to use the keystream
● Each way is known as a "Mode"
● Some are secure○ Others are not
ECBElectronic Code Book
● Uses plain-text as "input"
● Uses output as cipher-text
● VERY BROKEN!!!
ECB
CBCCipher Block Chaining● Uses an "Initialization Vector"
○ Helps "randomize" the plain-text○ Ensures no non-unique blocks○ Does NOT need to be secret
● Chains each block together○ Propagating the generated "randomness"
● Plain-Text Must Be Padded○ To a multiple of block-size
● Secure!
CBC
CFBCipher FeedBack● Uses an "Initialization Vector"
● Plain-Text never enters cipher○ Does not need to be padded
● "Decrypt" Is Never Used
● Secure!
CFB
Ciphers● AES 128 & 256
○ Standard■ NIST Approved
○ Also Known As RIJNDAEL-128■ 128 here refers to "block size"
○ Very Strong○ Note, the number after AES is *key size*
● Blowfish● TwoFish● Serpent
AuthenticationHow do you know it wasn't tampered with / came from your friend?● HMAC
○ Hash-based Message Authentication Code● USE A SEPARATE KEY!● Encrypt-Then-MAC
○ Always MAC after encryption
All Together Now!
Encrypt$key = 'xxxxxxxxxxxxxxxx';
$authKey = 'XXXXXXXXXXXXXX';
$plain = 'This is plain text that I am going to encrypt';
$size = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_128,
MCRYPT_MODE_CFB
);
$iv = mcrypt_create_iv(
$size,
MCRYPT_DEV_URANDOM
);
$cipherText = mcrypt_encrypt( MCRYPT_RIJNDAEL_128,
$key,
$plain,
MCRYPT_MODE_CFB,
$iv
);
$auth = hash_hmac('sha512', $cipherText, $authKey, true);
$encrypted = base64_encode($iv . $cipherText . $auth);
Decrypt$key = 'xxxxxxxxxxxxxxxx';
$authKey = 'XXXXXXXXXXXXXX';
$size = mcrypt_get_iv_size(
MCRYPT_RIJNDAEL_128,
MCRYPT_MODE_CFB
);
$encrypted = base64_decode($encrypted);
$iv = substr($encrypted, 0, $size);
$auth = substr($encrypted, -64);
$cipherText = substr($encrypted, $size, -64);
if ($auth != hash_hmac('sha512', $cipherText, $authKey, true)) {
// Auth Failed!!!
return false;
}
$plainText = mcrypt_decrypt( MCRYPT_RIJNDAEL_128,
$key,
$cipherText,
MCRYPT_MODE_CFB,
$iv
);
Please Don't Do It!● Notice How Much Code It Took○ Without error checking
● Notice How Complex It Is○ Without flexibility
● Notice How Easy To Screw Up○ Without Key Storage
● Notice How Many Decisions To Make
If you MUST,Use a Library
Common Encryption Needs
● Between Client / Server○ Use SSL○ Really, just use SSL○ I'm not kidding, just use SSL
● Storage○ Use disk encryption○ Use database encryption
Really,Don't Do It!
Encryption Resources● Zend Framework Encryption○ Very good and complete lib○ ZF2■ Zend\Crypt\BlockCipher
● PHP Sec Lib○ phpseclib.sourceforge.net○ Pure PHP
● Not Many Others○ Beware of online tutorials!!!
Learn More
● Coursera <-- FREE!!!○ Cryptography 1○ Cryptography 2
PasswordStorage
PasswordsShould BeHASHED!
Not Encrypted!
Password Hashes● Use A Salt○ Defeats Rainbow Tables○ Makes Each Hash a "Proof Of Work"○ Should be random!■ Strong Randomness
● Should Be SLOW!○ Salt is not enough
Brute Forcing25 GPU Cluster- md5: 180 Billion per second- < $50,000
6 char passwords: 4 seconds7 char passwords: 6 minutes8 char passwords: 10 hoursEntire English Language: microseconds"LEET" Permutations: 0.7 seconds
Good Algorithms
crypt($password, $salt);pbkdf2($password, $salt, $i);password_hash( $password, PASSWORD_BCRYPT);$passLib->hash($password);$phpass->hashPassword($pass);
Cost Parameter● Target: 0.25 - 0.5 Seconds○ As slow as you can afford
● Depends on hardware○ Test it!
● Good Defaults:○ BCrypt: 10○ PBKDF2: 10,000
SimplifiedPasswordHashing
New API for 5.5● string password_hash($pass, $algo, array $options =
array())
○ Generates Salt, hashes password
● bool password_verify($pass, $hash)○ Verifies Hash with Password
● bool password_needs_rehash($hash, $algo, array $options = array())
○ Determines if the hash is the same as specified by algo and options
● array password_get_info($hash)○ Returns information about the hash
Examplefunction register($user, $password) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash);}
function login($user, $password) { $hash = $this->fetchHash($user); if (password_verify($password, $hash)) { if (password_needs_rehahs($hash, PASSWORD_BCRYPT)) { $hash = password_hash($password, PASSWORD_BCRYPT); $this->store($user, $hash); } $this->startSession(); return true; } return false;}
Hashing Resources● PHP 5.5 API
○ wiki.php.net/rfc/password_hash○ php.net/password
● Password Compat○ PHP 5.5 Compatibility○ github/ircmaxell/password_compat
● PasswordLib○ 5.3+, Multiple Algorithms, Portable○ github/ircmaxell/PHP-PasswordLib
● PHPASS○ PHP 4+○ openwall.com/phpass
Seriously,Hire an Expert!
You Have BeenWarned
Anthony Ferrarajoind.in/8027@ircmaxell
[email protected]/ircmaxell