SlideShare ist ein Scribd-Unternehmen logo

Crypto workshop 4 - Hashing, Tokens, Randomness

H
hannob

Slides from a workshop I held on cryptography for web developers. Part 4 is about common misconceptions around random number generators, token generation and hashing. https://blog.hboeck.de/archives/849-Slides-from-cryptography-workshop-for-web-developers.html

InternetTechnologieBildung
1 von 13
Downloaden Sie, um offline zu lesen
Random numbers Hashes Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B¨ock 2014-05-28 1 / 13
Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness In security (not just crypto) we often need random numbers Examples: CSRF-tokens, one-time-action tokens, password salts, key generation, ... There’s even crypto out there that needs good random numbers to run or it’ll completely break: DSA, ECDSA (but better avoid that). Good randomness is hard 2 / 13
Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness OS or programming language default random functions often not secure random numbers. Rounding problems, conversion problems can reduce space of possible random numbers vastly. 2008 Debian OpenSSL bug. PRNGs need a seed or they don’t work. NSA managed to make a backdoored RNG an official standard and payed RSA Inc. 10 Million $ to make it the default in BSAFE No way to test random numbers reliably. 3 / 13
Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness An RSA public key consists of an exponent e and a modulus N which is the product of two primes If you know the primes you can get the private key What happens if we have two RSA keys with a shared prime, e. g. N1 = p ∗ q1, N2 = p ∗ q2? You can break this key with the greatest common divisor algorithm. Some people tried this with lots of SSH and TLS keys and found over 50 embedded devices that created such factorable keys. [url] Linux seed sources: HD timings, keyboard strokes, mouse movements. Embedded devices often have no HD, no keyboard, no mouse. 4 / 13
Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness PHP good: openssl random pseudo bytes(), PHP bad: mt rand(), rand(), uniqid() JavaScript good: window.crypto.getRandomValues(), bad: Math.random() (only latest browser support window.crypto.getRandomValues()) /dev/urandom is good if it is properly seeded. For embedded devices: Better create the keys on a desktop PC. 5 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources So many people have wrong ideas about hashes... Completely typical situation: I write about cryptographic hashes, people in the comments discuss about password hashes and salting Hashes used in many contexts: error detection (CRC32), signatures (SHA256, SHA516), passwords (bcrypt, scrypt) If you use a hash function you need to know what it should do 6 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources CRC32: Very fast, no security at all Reliably detects errors, but trivial to construct another input for an existing hash Usable only for errors and if no attacker is involved (e. g. error detection on hard disks or file comparison over otherwise secure network connections). 7 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Cryptographic hashes need to be collision resistant and preimage resistant Collision: It should be practically impossible to create two different inputs with same hash Preimage: It should be practically impossible to create an input for a given hash value. Used in many places, e. g. signatures Some crypto protocols need hashes and don’t have collision resistance requirement (e. g. HMAC), but that’s usually not something that should bother you 8 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources In 2004/2005 big breakthroughs on hash attacks, mostly the work of a Chinese team led by Wang Xiaoyun. Most important results: practical collision attacks on MD5, almost practical attacks on SHA1 2008: MD5 attack on RapidSSL leads to fake CA, 2012: Flame worm uses MD5 attack to create rogue code signing cert SHA-2 functions (SHA256, SHA512) considered safe today, SHA-3 will come soon. 9 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Idea: We don’t save passwords, we just save hashes so if our database gets stolen the attacker has no direct access to the passwords Attackers can brute force Salting makes it harder Security requirements for password hashes completely different from cryptographic hash functions Collision resistance doesn’t matter, they should ideally not be fast 10 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources glibc uses several iterations of cryptographic hashes (default SHA512) and a salt. bcrypt and scrypt are functions designed to be password hashes. bcrypt is designed to be slow, scrypt is designed to be slow and use lots of memory. There’s a Password Hashing Competition (PHC), results expected in 2015. 11 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources The importance of secure password hashing is IMHO vastly overstated. glibc-type SHA512, bcrypt, scrypt are all ”good enough”, just make sure you have a salt. Password hashing only gives you a tiny little bit of extra protection if your database gets stolen. But if that happens you’re screwed anyway. Make sure nobody steals your database. That’s much more important. 12 / 13
Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Factorable RSA keys https://factorable.net/ http://media.ccc.de/browse/congress/2012/ 29c3-5275-en-facthacks_h264.html Password Hashing Competition https://password-hashing.net/ 13 / 13

Empfohlen

Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Symantec SMB File Sharing Flash Poll
Symantec SMB File Sharing Flash PollSymantec SMB File Sharing Flash Poll
Symantec SMB File Sharing Flash PollSymantec
 
Some tales about TLS
Some tales about TLSSome tales about TLS
Some tales about TLShannob
 
rdp remotefx spice arm-linux thin client
rdp remotefx spice arm-linux thin clientrdp remotefx spice arm-linux thin client
rdp remotefx spice arm-linux thin clientliwu.dong
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDPSecurity BSides London
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
 
The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3hannob
 

Empfohlen

Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Symantec SMB File Sharing Flash Poll
Symantec SMB File Sharing Flash PollSymantec SMB File Sharing Flash Poll
Symantec SMB File Sharing Flash PollSymantec
 
Some tales about TLS
Some tales about TLSSome tales about TLS
Some tales about TLShannob
 
rdp remotefx spice arm-linux thin client
rdp remotefx spice arm-linux thin clientrdp remotefx spice arm-linux thin client
rdp remotefx spice arm-linux thin clientliwu.dong
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDPSecurity BSides London
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
 
The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3hannob
 
Crypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfCrypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfhannob
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Cryptohannob
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?hannob
 
Papierlos
PapierlosPapierlos
Papierloshannob
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malwarehannob
 
SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverhannob
 
Stromsparen
StromsparenStromsparen
Stromsparenhannob
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oilhannob
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistKHM Anwar
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 

Weitere ähnliche Inhalte

Mehr von hannob

Crypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfCrypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfhannob
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Cryptohannob
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?hannob
 
Papierlos
PapierlosPapierlos
Papierloshannob
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malwarehannob
 
SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverhannob
 
Stromsparen
StromsparenStromsparen
Stromsparenhannob
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oilhannob
 

Mehr von hannob (8)

Crypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfCrypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourself
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?
 
Papierlos
PapierlosPapierlos
Papierlos
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malware
 
SSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS serverSSL, X.509, HTTPS - How to configure your HTTPS server
SSL, X.509, HTTPS - How to configure your HTTPS server
 
Stromsparen
StromsparenStromsparen
Stromsparen
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oil
 

Kürzlich hochgeladen

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistKHM Anwar
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 

Kürzlich hochgeladen (20)

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization Specialist
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 

Crypto workshop 4 - Hashing, Tokens, Randomness

  • 1. Random numbers Hashes Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B¨ock 2014-05-28 1 / 13
  • 2. Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness In security (not just crypto) we often need random numbers Examples: CSRF-tokens, one-time-action tokens, password salts, key generation, ... There’s even crypto out there that needs good random numbers to run or it’ll completely break: DSA, ECDSA (but better avoid that). Good randomness is hard 2 / 13
  • 3. Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness OS or programming language default random functions often not secure random numbers. Rounding problems, conversion problems can reduce space of possible random numbers vastly. 2008 Debian OpenSSL bug. PRNGs need a seed or they don’t work. NSA managed to make a backdoored RNG an official standard and payed RSA Inc. 10 Million $ to make it the default in BSAFE No way to test random numbers reliably. 3 / 13
  • 4. Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness An RSA public key consists of an exponent e and a modulus N which is the product of two primes If you know the primes you can get the private key What happens if we have two RSA keys with a shared prime, e. g. N1 = p ∗ q1, N2 = p ∗ q2? You can break this key with the greatest common divisor algorithm. Some people tried this with lots of SSH and TLS keys and found over 50 embedded devices that created such factorable keys. [url] Linux seed sources: HD timings, keyboard strokes, mouse movements. Embedded devices often have no HD, no keyboard, no mouse. 4 / 13
  • 5. Random numbers Hashes Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness PHP good: openssl random pseudo bytes(), PHP bad: mt rand(), rand(), uniqid() JavaScript good: window.crypto.getRandomValues(), bad: Math.random() (only latest browser support window.crypto.getRandomValues()) /dev/urandom is good if it is properly seeded. For embedded devices: Better create the keys on a desktop PC. 5 / 13
  • 6. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources So many people have wrong ideas about hashes... Completely typical situation: I write about cryptographic hashes, people in the comments discuss about password hashes and salting Hashes used in many contexts: error detection (CRC32), signatures (SHA256, SHA516), passwords (bcrypt, scrypt) If you use a hash function you need to know what it should do 6 / 13
  • 7. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources CRC32: Very fast, no security at all Reliably detects errors, but trivial to construct another input for an existing hash Usable only for errors and if no attacker is involved (e. g. error detection on hard disks or file comparison over otherwise secure network connections). 7 / 13
  • 8. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Cryptographic hashes need to be collision resistant and preimage resistant Collision: It should be practically impossible to create two different inputs with same hash Preimage: It should be practically impossible to create an input for a given hash value. Used in many places, e. g. signatures Some crypto protocols need hashes and don’t have collision resistance requirement (e. g. HMAC), but that’s usually not something that should bother you 8 / 13
  • 9. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources In 2004/2005 big breakthroughs on hash attacks, mostly the work of a Chinese team led by Wang Xiaoyun. Most important results: practical collision attacks on MD5, almost practical attacks on SHA1 2008: MD5 attack on RapidSSL leads to fake CA, 2012: Flame worm uses MD5 attack to create rogue code signing cert SHA-2 functions (SHA256, SHA512) considered safe today, SHA-3 will come soon. 9 / 13
  • 10. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Idea: We don’t save passwords, we just save hashes so if our database gets stolen the attacker has no direct access to the passwords Attackers can brute force Salting makes it harder Security requirements for password hashes completely different from cryptographic hash functions Collision resistance doesn’t matter, they should ideally not be fast 10 / 13
  • 11. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources glibc uses several iterations of cryptographic hashes (default SHA512) and a salt. bcrypt and scrypt are functions designed to be password hashes. bcrypt is designed to be slow, scrypt is designed to be slow and use lots of memory. There’s a Password Hashing Competition (PHC), results expected in 2015. 11 / 13
  • 12. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources The importance of secure password hashing is IMHO vastly overstated. glibc-type SHA512, bcrypt, scrypt are all ”good enough”, just make sure you have a salt. Password hashing only gives you a tiny little bit of extra protection if your database gets stolen. But if that happens you’re screwed anyway. Make sure nobody steals your database. That’s much more important. 12 / 13
  • 13. Random numbers Hashes Simple hashes Cryptographic hashes Problems with MD5, SHA1 Passwords Password hash functions A note on password hashes Sources Factorable RSA keys https://factorable.net/ http://media.ccc.de/browse/congress/2012/ 29c3-5275-en-facthacks_h264.html Password Hashing Competition https://password-hashing.net/ 13 / 13