Robert Boedigheimer @boedie Cryptography 101
RobertBoedigheimer@boedie
Cryptography101
• Webdevelopersince1995• PluralsightAuthor• 3rd DegreeBlackBelt,TaeKwonDo• MicrosoftMVP• ProgressDeveloperExpert- Fiddler
• [email protected]• @boedie• weblogs.asp.net/boedie
AboutMe
• Cryptographyisthescienceofkeepingmessagessecure• WhyCryptography?▫ Confidentiality – protectdatafrombeingread▫ Integrity– verifythatdatawasnotmodified▫ Authentication– identifyandvalidateauser▫ Non-repudiation– sendercannotdenylaterthathesentamessage
• System.Security.Cryptography
Background
• Whatisyourgoal?(Confidentiality,etc.)• Howmuchisdataworth?• Howlongdoesitneedtobesecured?• Whataretheprimarythreats?▫ Intransit▫ Accessconfigurationfiles▫ Dumpofmemory▫ Modifypages▫ Reverseengineerassemblies▫ …• Companysecuritypolicies?• Regulatorycompliance?• Layereddefenses,howmanyareenough?
• Don’twriteown!!
Considerations
• …Cng▫ WrapperaroundCryptographyNextGeneration(CNG)
� Activedevelopment,newerOSrequired• …CryptoServiceProvider▫ WrapperaroundWindowsCryptographyAPI(CAPI)
� NolongerdevelopingbutavailableonolderOS• …Managed▫ Writtenentirelyinmanagedcode▫ Need.NETframework▫ NotFIPScompliant
• https://tinyurl.com/o2zgbjk
.NETClassSuffixes
HashFunctions• One-wayfunction– easytocomputebutsignificantlyhardertoreverse• Hashfunction– convertsavariablelengthinputtoafixedlength▫ Createsa“datafingerprint”(digest)▫ Oktosee,don’tletitbetamperedwith▫ Becarefulwhenlimitedvaluerange!
• AbstractbaseHashAlgorithm▫ MD5(128bithash)▫ SHA(SecureHashAlgorithm)
� SHA-1(160bithash)� SHA-2
� SHA256� SHA384� SHA512
▫ KeyedHashAlgorithm� HMACSHA1(upto512)� MACTripleDES
(subsetofderivedclassesshown)
HashAlgorithms
• Goalistoprotectintegrity ofquerystring• UseaHash-basedMessageAuthenticationCode(HMAC)▫ Computethehashofaquerystring whenconstructed▫ Validatequerystring wasnotmodifiedbycomputinghashwithquerystringandcomparingtooriginalhash▫ Usesakeytoensurethatattackercouldnotcreateownvalidhash
TamperproofQuerystrings
• Consideredbestpracticeforpasswordssincetheycannotberetrieved• Usedforauthentication
• Commonattackagainsthashedpasswordsis“dictionaryattack”▫ Pre-computethehashvaluesofanentiredictionary,comparehashedvaluestohashedpasswordtolookformatches
HashedPasswords
• Addsomeuniquerandomdatatoeachpassword• Greatlyincreasesworkrequiredtomountadictionaryattackagainstallpasswords,needtopre-computedictionaryhashvaluesforallsaltvalues
• NOTE:Thisdoesnothingtoincreasesecurityforanindividualpasswordifsaltiseasilyfound!(Add“randomdata”todothis…)
SaltedPasswords
• Computepowerconstantlyincreasing,sobruteforceattacksagainsthashfunctionsarepossible• Adda“workfactor”tothecalculationbasedonanumberofiterations▫ Setiterationstogetacceptabletimeforlogin
• Rfc2898DeriveBytes
PBKDF2(Password-BasedKeyDerivationFunction2)
• Plaintext– originaldata• Encryption– processofobscuringdata• Ciphertext – encrypteddata• Decryption– processtorecoveroriginaldata
• Cipher– algorithmforperformingencryptionanddecryption
Terminology
SymmetricAlgorithms• Encryptionanddecryptionusethesame(secret)key• Primaryattackis“bruteforce”keysearch,tryallpossiblekeys• Keydistributionisdifficult
• AbstractclassSymmetricAlgorithm▫ Rijndael (AES)▫ DES▫ TripleDES
• .NETsymmetricalgorithmsare“blockciphers”• Padding– dataaddedtofilltoblocksize▫ Zeros▫ PKC27▫ ISO10126
• Mode▫ ECB▫ CBC (recommend)
• IV(InitializationVector)▫ Randomdatausedtoseedfirstblock▫ Doesnotneedtobesecret▫ Neverreuse,alwaysuniqueforeachsetofdata!
SymmetricAlgorithms(cont.)
• Utilizestwocomplimentarykeys(publickeyandprivatekey)• Generally1,000timesslowerthansymmetricalgorithms• Oftenuseasymmetrictoencrypta“session”symmetrickey
• AbstractclassAsymmetricAlgorithm▫ RSA▫ DSA(digitalsignaturesonly)▫ ECDiffieHellman
AsymmetricAlgorithms
• GenerateanRSAkeypair▫ Storeonlythepublickeyonwebservers▫ Storetheprivatekeyonaninternalsecuredsystemthatneedsthedata• Meantforsmallamountsofdata
WebsiteEncryptingSafely
• Providesintegrityandnon-repudiation• Hashthecontentsofamessage,signit(encrypt)withsendersprivatekey
• Bydefault,doesnotprovideconfidentiality,canencryptwithreceiverspublickeybeforesigning
DigitalSignatures
• Certificate(reliesonasymmetricencryption)▫ Server’spublic keyisdigitallysignedbyaCertificateAuthority(CA)• Browserknows“well-known”CA’sandwilltrustcertificatessignedbythem
• TLShandshake▫ Browsergetsservercertificate▫ Browserchoosessymmetrickeytoencrypttraffic,encryptswithserver’spublickey
HTTPS
• Keysizes▫ Tradeoffperformanceandsecurity▫ SymmetricAESuse256bits▫ AsymmetricRSAuse2048or4096• Keystorage▫ Hardcodedstringsarevisibleifuseadisassembler(likeILDASM)▫ Encrypted<appSetting>sectionofweb.config▫ Splitkeyincode,registry,andconfig files
KeySizesandStorage
• Don’twriteown!
• Usetrustedalgorithmsandimplementations▫ https://tinyurl.com/o2zgbjk• Usehashingtovalidatetheintegrityofdataortoprovebothknowthesamesecret• Usesymmetricalgorithmsunlesshavespecialneedsforasymmetric(digitalsignatures,keyexchange,etc)• Knowthreats,choosethepropercountermeasures
Summary
• Pluralsight– IntroductiontoCryptography▫ https://tinyurl.com/kkn3coq
• AppliedCryptography- BruceSchneier• CryptographyEngineering– Ferguson,Schneier,Kohno• UnderstandingCryptography– Paar,Pelzl
• TheCodeBook– SimonSingh• TheCode-Breakers– Kahn
Resources
• [email protected]• @boedie• weblogs.asp.net/boedie
• Codeandslides- https://tinyurl.com/ybygpvdz
Questions