SlideShare ist ein Scribd-Unternehmen logo

Cryptography for Smalltalkers

E
ESUG

Cryptography for Smalltalkers, Martin Kobetic. (ESUG 2004, Koethen)

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Cryptography for Smalltalkers Martin Kobetic Cincom Smalltalk Development ESUG 2004
To get the VW presentation  in the open repository in a bundle called Presentations-MK, class ESUG04Crypto. To load it and open it up in a recent version of VW just run this:  | profile |profile := Store.ConnectionProfile newname: 'open repository';driverClassName: 'PostgreSQLEXDIConnection'; environment: 'store.cincomsmalltalk.com:5432_store_public'; userName: 'guest'; password:'guest';yourself.  Store.RepositoryManager addRepository: profile;Store.DbRegistry connectTo: profile.Store.Bundle newestVersionWithName: 'Presentations-MK') loadSrc.ESUG04Crypto open
Cryptographic Objectives  confidentiality – encryption  integrity – message authentication codes (MAC)  authentication – signatures
Encryption  E(P)= C & D(C) = P  symmetric (secret) key ciphers – EK(P) = C & DK(C) = P  asymmetric (public) key ciphers – EK1(P) = C & DK2(C) = P  one-time pad
Secret Key Ciphers  bulk data encryption  built from simple, fast operations (xor, shift, x + y mod n, ...)  two fundamental classes – stream ciphers (RC4) – block ciphers (DES/AES)
Secret Key Ciphers key := ‘secret key’ asByteArray. alice := ARC4 key: key. msg := ‘Hello’ asByteArrayEncoding: #utf_8. msg := alice encrypt: ‘Hello’ msg asString. bob := ARC4 key: key. bob decryptInPlace: msg from: 1 to: 4. msg asStringEncoding: #utf_8.
Stream Ciphers  time-varying transformation on individual plain- text digits key-stream generator: k1, k2, k3, .... State S, NextState(S), Output(S) E: ci = pi xor ki D: pi = ci xor ki  Pike, A5, RC4, SEAL  key reuse is catastrophic! (a xor k) xor (b xor k) = a xor b
RC4 (1992)  leakedtrade secret of RSA Security (1994)  256 byte S-Box; 2 counters i=j=0 S-Box initialization: next key-stream byte: S = 0, ..., 255 i = (i + 1) mod 256 K = 256B of replicated key j = (j+Si) mod 256 for i=0 to 255: swap Si and Sj j = (j + Si + Ki) mod 256 t = (Si + Sj) mod 256 swap Si and Sj K = St
RC4 alice := ARC4 key: key. msg := alice encrypt: 'Hello' asByteArray. msg asHexString. bob := ARC4 key: key. (bob decrypt: msg) asString
Block Ciphers  fixed transformation on blocks of plaintext (e.g 64, 128 bits)  basic transformation applied in rounds  DES, IDEA, CAST, Blowfish, RC2, RC5
DES (1977)  csrc.nist.gov: FIPS PUB 46 (1977)  FIPS PUB 46-3 (1999) – triple DES still approved – single DES legacy systems only  64 bit block size  56 bit key (64 bits with parity)  16 rounds using 48 bit subkeys
Block Ciphers - Padding key := ‘secret8B’ asByteArray. alice := DES key: key. alice encrypt: ‘Hello World!’ asByteArray. alice := BlockPadding on: DES new. alice setKey: key. (alice encrypt: ‘Hello World!’ asByteArray) asString.
Block Ciphers - Padding  must be reversible  pad with bits “100…0”  pad with padding size (1-8) – aka PKCS#5 padding  ciphertext stealing – different for different modes (ECB, CBC)  some modes don’t need padding
Block Ciphers - ECB  electronic codebook mode  Ci = Ek(Pi)  Pi = Dk(Ci)  don’t use !
Block Ciphers - CBC  cipher block chaining mode  Ci = Ek(Pi xor Ci-1)  Pi = Ci-1 xor Dk(Ci)  initialization vector (IV) – isn’t secret but unique, random – timestamp, nonce, random nr
Block Ciphers - CBC alice := CipherBlockChaining on: DES new iv: ‘nonce 8B’ asByteArray. alice setKey: ‘secret8B’ asByteArray. msg := ‘a block a block ’ asByteArray. msg := alice encrypt: msg. msg asString
Block Ciphers - CBC alice := DES newBP_CBC. alice setKey: 'secret8B' asByteArray. alice setIV: 'nonce 8B' asByteArray. msg := 'Hello World!' asByteArray. msg := alice encrypt: msg. msg asString.
Block Ciphers - OFB  output feedback mode  Si = Ek(Si-1)  Ci = Pi xor Si  Pi = Ci xor Si  like synchronous stream cipher (OutputFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
Block Ciphers - CTR  counter mode  Si := Ek(Nonce || i)  Ci = Pi xor Si  Pi = Ci xor Si  OFB variant
Block Ciphers - CFB  cipher feedback mode  Ci = Pi xor Ek(Ci-1)  Pi = Ci xor Ek(Ci-1)  like self-synchronizing stream cipher (CipherFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
Block Ciphers - Mixing  interleaving – parallelizing “chained” modes  multiple encryption with single cipher – double encryption – no good – 3EDE (inner/outer CBC)  cascading different ciphers
Block Ciphers - Mixing des3 := TrippleEDEOuterCBC first: DES new second: DES new third: DES new. des3 := DES new3EDE_CBC. des3 setKey: ’24bytes for 3 keys’ asByteArray. des3 setIV: ‘nonce 8B’ asByteArray.
AES (2001)  NIST FIPS PUB 197 (2001) - Rijndael  15 submissions (1998)  5 finalists: MARS, Serpent, Twofish, RC6  modes: ECB, CBC, CFB, OFB, CTR  block size 128 bits  key sizes 128, 192, 256 bits  10, 12, 14 rounds
Blowfish (1993)  http://www.counterpane.com/blowfish.html  block size 64-bits  variable key size 32-448 bits  not patented, royalty-free  2 parts: key expansion & data encryption  16 rounds, key dependent S-Boxes
Books  Anderson: Security Engineering  Ferguson, Schneier: Practical Cryptography  Kahn: The Codebreakers, …  Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography  Schneier, B: Applied Cryptography

Empfohlen

Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Martin Kobetic
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Tuga IT 2017 - Redis
Tuga IT 2017 - RedisTuga IT 2017 - Redis
Tuga IT 2017 - RedisNuno Caneco
 
Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Gene Leybzon
 
Codable routing
Codable routingCodable routing
Codable routingPushkar Kulkarni
 
Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Martin Kobetic
 
LLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, JapanLLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, Japanujihisa
 
Raspberry Pi for IPRUG
Raspberry Pi for IPRUGRaspberry Pi for IPRUG
Raspberry Pi for IPRUGFrank Carver
 

Empfohlen

Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Cryptography for Smalltalkers - ESUG 2004
Cryptography for Smalltalkers - ESUG 2004Martin Kobetic
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Tuga IT 2017 - Redis
Tuga IT 2017 - RedisTuga IT 2017 - Redis
Tuga IT 2017 - RedisNuno Caneco
 
Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Hands on with Smart Contracts session #3
Hands on with Smart Contracts session #3Gene Leybzon
 
Codable routing
Codable routingCodable routing
Codable routingPushkar Kulkarni
 
Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Opentalk at Large - StS 2005
Opentalk at Large - StS 2005Martin Kobetic
 
LLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, JapanLLVM Workshop Osaka Umeda, Japan
LLVM Workshop Osaka Umeda, Japanujihisa
 
Raspberry Pi for IPRUG
Raspberry Pi for IPRUGRaspberry Pi for IPRUG
Raspberry Pi for IPRUGFrank Carver
 
Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++corehard_by
 
Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopyayaria
 
Coffee script
Coffee scriptCoffee script
Coffee scriptJordan Dichev
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeYung-Yu Chen
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Arduino Aficionado
 
Introduction to Grails
Introduction to Grails Introduction to Grails
Introduction to Grails Avi Perez
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshopaeronbuchanan
 
An (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixAn (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixEleanor McHugh
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2Bahul Neel Upadhyaya
 
Rust言語紹介
Rust言語紹介Rust言語紹介
Rust言語紹介Paweł Rusin
 
Introduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System LanguageIntroduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System Language安齊 劉
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
GoでKVSを書けるのか
GoでKVSを書けるのかGoでKVSを書けるのか
GoでKVSを書けるのかMoriyoshi Koizumi
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedBryan Hughes
 
Rust-lang
Rust-langRust-lang
Rust-langAnthony Broad-Crawford
 
part2
part2part2
part2Cameron White
 
Arp
ArpArp
ArpEbsil Sherly
 
Native or External?
Native or External?Native or External?
Native or External?ESUG
 
Rust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneRust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneC4Media
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopyayaria
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeYung-Yu Chen
 
Introduction to Grails
Introduction to Grails Introduction to Grails
Introduction to Grails Avi Perez
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshopaeronbuchanan
 
An (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixAn (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixEleanor McHugh
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2Bahul Neel Upadhyaya
 
Introduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System LanguageIntroduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System Language安齊 劉
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedBryan Hughes
 
Native or External?
Native or External?Native or External?
Native or External?ESUG
 
Rust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneRust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneC4Media
 

Was ist angesagt? (20)

Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++
 
Chatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptopChatting dengan beberapa pc laptop
Chatting dengan beberapa pc laptop
 
Coffee script
Coffee scriptCoffee script
Coffee script
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New Rope
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
 
Introduction to Grails
Introduction to Grails Introduction to Grails
Introduction to Grails
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
 
An (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nixAn (abridged) Ruby Plumber's Guide to *nix
An (abridged) Ruby Plumber's Guide to *nix
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your application
 
To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2To Infinity & Beyond: Protocols & sequences in Node - Part 2
To Infinity & Beyond: Protocols & sequences in Node - Part 2
 
Rust言語紹介
Rust言語紹介Rust言語紹介
Rust言語紹介
 
Introduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System LanguageIntroduce to Rust-A Powerful System Language
Introduce to Rust-A Powerful System Language
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
GoでKVSを書けるのか
GoでKVSを書けるのかGoでKVSを書けるのか
GoでKVSを書けるのか
 
The Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single ThreadedThe Node.js Event Loop: Not So Single Threaded
The Node.js Event Loop: Not So Single Threaded
 
Rust-lang
Rust-langRust-lang
Rust-lang
 
part2
part2part2
part2
 
Arp
ArpArp
Arp
 
Native or External?
Native or External?Native or External?
Native or External?
 
Rust: Systems Programming for Everyone
Rust: Systems Programming for EveryoneRust: Systems Programming for Everyone
Rust: Systems Programming for Everyone
 

Ähnlich wie Cryptography for Smalltalkers

12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)NYversity
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2ESUG
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptographyRAMPRAKASHT1
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Tom Paulus
 

Ähnlich wie Cryptography for Smalltalkers (20)

12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptx
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
 
13528 l8
13528 l813528 l8
13528 l8
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptography
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1
 

Mehr von ESUG

Workshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programmingWorkshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programmingESUG
 
Technical documentation support in Pharo
Technical documentation support in PharoTechnical documentation support in Pharo
Technical documentation support in PharoESUG
 
The Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and RoadmapThe Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and RoadmapESUG
 
Sequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in PharoSequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in PharoESUG
 
Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...ESUG
 
Analyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early resultsAnalyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early resultsESUG
 
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6ESUG
 
A Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test GenerationA Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test GenerationESUG
 
Creating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic ProgrammingCreating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic ProgrammingESUG
 
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesThreaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesESUG
 
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience ReportExploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience ReportESUG
 
Pharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIsPharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIsESUG
 
Garbage Collector Tuning
Garbage Collector TuningGarbage Collector Tuning
Garbage Collector TuningESUG
 
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseImproving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseESUG
 
Pharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and FuturePharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and FutureESUG
 
thisContext in the Debugger
thisContext in the DebuggerthisContext in the Debugger
thisContext in the DebuggerESUG
 
Websockets for Fencing Score
Websockets for Fencing ScoreWebsockets for Fencing Score
Websockets for Fencing ScoreESUG
 
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScriptShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScriptESUG
 
Advanced Object- Oriented Design Mooc
Advanced Object- Oriented Design MoocAdvanced Object- Oriented Design Mooc
Advanced Object- Oriented Design MoocESUG
 
A New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and TransformationsA New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and TransformationsESUG
 

Mehr von ESUG (20)

Workshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programmingWorkshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programming
 
Technical documentation support in Pharo
Technical documentation support in PharoTechnical documentation support in Pharo
Technical documentation support in Pharo
 
The Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and RoadmapThe Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and Roadmap
 
Sequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in PharoSequence: Pipeline modelling in Pharo
Sequence: Pipeline modelling in Pharo
 
Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...
 
Analyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early resultsAnalyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early results
 
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
 
A Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test GenerationA Unit Test Metamodel for Test Generation
A Unit Test Metamodel for Test Generation
 
Creating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic ProgrammingCreating Unit Tests Using Genetic Programming
Creating Unit Tests Using Genetic Programming
 
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesThreaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
 
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience ReportExploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience Report
 
Pharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIsPharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIs
 
Garbage Collector Tuning
Garbage Collector TuningGarbage Collector Tuning
Garbage Collector Tuning
 
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseImproving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
 
Pharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and FuturePharo DataFrame: Past, Present, and Future
Pharo DataFrame: Past, Present, and Future
 
thisContext in the Debugger
thisContext in the DebuggerthisContext in the Debugger
thisContext in the Debugger
 
Websockets for Fencing Score
Websockets for Fencing ScoreWebsockets for Fencing Score
Websockets for Fencing Score
 
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScriptShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
 
Advanced Object- Oriented Design Mooc
Advanced Object- Oriented Design MoocAdvanced Object- Oriented Design Mooc
Advanced Object- Oriented Design Mooc
 
A New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and TransformationsA New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and Transformations
 

Kürzlich hochgeladen

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Kürzlich hochgeladen (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Cryptography for Smalltalkers

  • 1. Cryptography for Smalltalkers Martin Kobetic Cincom Smalltalk Development ESUG 2004
  • 2. To get the VW presentation  in the open repository in a bundle called Presentations-MK, class ESUG04Crypto. To load it and open it up in a recent version of VW just run this:  | profile |profile := Store.ConnectionProfile newname: 'open repository';driverClassName: 'PostgreSQLEXDIConnection'; environment: 'store.cincomsmalltalk.com:5432_store_public'; userName: 'guest'; password:'guest';yourself.  Store.RepositoryManager addRepository: profile;Store.DbRegistry connectTo: profile.Store.Bundle newestVersionWithName: 'Presentations-MK') loadSrc.ESUG04Crypto open
  • 3. Cryptographic Objectives  confidentiality – encryption  integrity – message authentication codes (MAC)  authentication – signatures
  • 4. Encryption  E(P)= C & D(C) = P  symmetric (secret) key ciphers – EK(P) = C & DK(C) = P  asymmetric (public) key ciphers – EK1(P) = C & DK2(C) = P  one-time pad
  • 5. Secret Key Ciphers  bulk data encryption  built from simple, fast operations (xor, shift, x + y mod n, ...)  two fundamental classes – stream ciphers (RC4) – block ciphers (DES/AES)
  • 6. Secret Key Ciphers key := ‘secret key’ asByteArray. alice := ARC4 key: key. msg := ‘Hello’ asByteArrayEncoding: #utf_8. msg := alice encrypt: ‘Hello’ msg asString. bob := ARC4 key: key. bob decryptInPlace: msg from: 1 to: 4. msg asStringEncoding: #utf_8.
  • 7. Stream Ciphers  time-varying transformation on individual plain- text digits key-stream generator: k1, k2, k3, .... State S, NextState(S), Output(S) E: ci = pi xor ki D: pi = ci xor ki  Pike, A5, RC4, SEAL  key reuse is catastrophic! (a xor k) xor (b xor k) = a xor b
  • 8. RC4 (1992)  leakedtrade secret of RSA Security (1994)  256 byte S-Box; 2 counters i=j=0 S-Box initialization: next key-stream byte: S = 0, ..., 255 i = (i + 1) mod 256 K = 256B of replicated key j = (j+Si) mod 256 for i=0 to 255: swap Si and Sj j = (j + Si + Ki) mod 256 t = (Si + Sj) mod 256 swap Si and Sj K = St
  • 9. RC4 alice := ARC4 key: key. msg := alice encrypt: 'Hello' asByteArray. msg asHexString. bob := ARC4 key: key. (bob decrypt: msg) asString
  • 10. Block Ciphers  fixed transformation on blocks of plaintext (e.g 64, 128 bits)  basic transformation applied in rounds  DES, IDEA, CAST, Blowfish, RC2, RC5
  • 11. DES (1977)  csrc.nist.gov: FIPS PUB 46 (1977)  FIPS PUB 46-3 (1999) – triple DES still approved – single DES legacy systems only  64 bit block size  56 bit key (64 bits with parity)  16 rounds using 48 bit subkeys
  • 12. Block Ciphers - Padding key := ‘secret8B’ asByteArray. alice := DES key: key. alice encrypt: ‘Hello World!’ asByteArray. alice := BlockPadding on: DES new. alice setKey: key. (alice encrypt: ‘Hello World!’ asByteArray) asString.
  • 13. Block Ciphers - Padding  must be reversible  pad with bits “100…0”  pad with padding size (1-8) – aka PKCS#5 padding  ciphertext stealing – different for different modes (ECB, CBC)  some modes don’t need padding
  • 14. Block Ciphers - ECB  electronic codebook mode  Ci = Ek(Pi)  Pi = Dk(Ci)  don’t use !
  • 15. Block Ciphers - CBC  cipher block chaining mode  Ci = Ek(Pi xor Ci-1)  Pi = Ci-1 xor Dk(Ci)  initialization vector (IV) – isn’t secret but unique, random – timestamp, nonce, random nr
  • 16. Block Ciphers - CBC alice := CipherBlockChaining on: DES new iv: ‘nonce 8B’ asByteArray. alice setKey: ‘secret8B’ asByteArray. msg := ‘a block a block ’ asByteArray. msg := alice encrypt: msg. msg asString
  • 17. Block Ciphers - CBC alice := DES newBP_CBC. alice setKey: 'secret8B' asByteArray. alice setIV: 'nonce 8B' asByteArray. msg := 'Hello World!' asByteArray. msg := alice encrypt: msg. msg asString.
  • 18. Block Ciphers - OFB  output feedback mode  Si = Ek(Si-1)  Ci = Pi xor Si  Pi = Ci xor Si  like synchronous stream cipher (OutputFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
  • 19. Block Ciphers - CTR  counter mode  Si := Ek(Nonce || i)  Ci = Pi xor Si  Pi = Ci xor Si  OFB variant
  • 20. Block Ciphers - CFB  cipher feedback mode  Ci = Pi xor Ek(Ci-1)  Pi = Ci xor Ek(Ci-1)  like self-synchronizing stream cipher (CipherFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray
  • 21. Block Ciphers - Mixing  interleaving – parallelizing “chained” modes  multiple encryption with single cipher – double encryption – no good – 3EDE (inner/outer CBC)  cascading different ciphers
  • 22. Block Ciphers - Mixing des3 := TrippleEDEOuterCBC first: DES new second: DES new third: DES new. des3 := DES new3EDE_CBC. des3 setKey: ’24bytes for 3 keys’ asByteArray. des3 setIV: ‘nonce 8B’ asByteArray.
  • 23. AES (2001)  NIST FIPS PUB 197 (2001) - Rijndael  15 submissions (1998)  5 finalists: MARS, Serpent, Twofish, RC6  modes: ECB, CBC, CFB, OFB, CTR  block size 128 bits  key sizes 128, 192, 256 bits  10, 12, 14 rounds
  • 24. Blowfish (1993)  http://www.counterpane.com/blowfish.html  block size 64-bits  variable key size 32-448 bits  not patented, royalty-free  2 parts: key expansion & data encryption  16 rounds, key dependent S-Boxes
  • 25. Books  Anderson: Security Engineering  Ferguson, Schneier: Practical Cryptography  Kahn: The Codebreakers, …  Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography  Schneier, B: Applied Cryptography