Andy Watson, an employee of Ionic Security, gave a presentation on properly using cryptography in applications. The presentation covered topics such as random number generation, hashing, salting passwords, key derivation functions, symmetric encryption algorithms and common mistakes made with cryptography. The goal was to help people avoid vulnerabilities like unsalted hashes, hardcoded keys, weak random number generation and improper encryption modes.

1. Using Cryptography
Properly in Applications
Andy Watson
Ionic Security
#GWOCryptoParty
Great Wide Open
2016

2. About:
Name: Andy Watson
Occupation: Byte Mangler
Employer: Ionic Security
http://ionic.com/

3. Why am I here?
I’ve seen too many people not using
cryptography or using it incorrectly.
This information may help you not be one of
them.

4. Agenda:
● Random
● Salt
● Hash
● Key Derivation
● Symmetric Encryption
● Famous Mistakes

5. Random

6. Random Number Generators
RNG: A computational or physical device designed to
generate a sequence of numbers that lack any pattern
True random number generators depend on an entropy
source like radioactive decay or radio frequency noise
For cryptographic functions, higher levels of entropy
are required to work properly
https://www.random.org/randomness/

7. Pseudo
Computational RNG are known as Pseudo
RNG
PRNG are “seeded” with a value to generate a
series of numbers

8. Hashes

9. HASH!

10. Hashing Function (n.)
A Function that represents data of arbitrary
size as data of a fixed size.
$ echo "Great Wide Open 2016" | md5
e2be8adfadee4bfe635041c4c37dadac
$ echo "All Things Open 2015 " | md5
402854038fbffe281a518b53cdbd5594

11. When to Hash
Use hashing functions when saving the original data would
be a liability you have no business dealing with
For Example: Linux Passwords
$6$pWVzxN/iFRstrZ/.$TNBvzXhc8b9SBkl1q36YNvF2Dwu
S4/7LsICepYgaWCKzM1MS.OBK5TvxrUQ4.I5x5NtqidhBTG
obQLOqxBAFe1

12. Don’t Store The Clear
Credentials should be hashed when
stored
During login, hash the password
entered and check it against the hash
you saved

13. When Hashes Collide
These two blocks have the same md5 hash of
79054025255fb1a26e4bc422aef54eb4
d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89
55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b
d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70
d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89
55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b
d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70

14. You. Must. Hash. Securely.
Cryptographically Secure Hash Function (n.)
A hash function which is infeasible to reverse back to the
original message and not subject to collisions
$ echo "Great Wide Open 2016" | shasum -a
51240094ad14fec6107ccabbc430e00cb9ef34f75a45420ca055eb294ccbcc8f
2084da4ec10f852c4e6cc372d2f3f7ab34fbfc113661b2735243621509ef9b3d
3dd

15. Taste the Rainbow Table
A rainbow table is a precomputed table for reversing
cryptographic hash functions, usually for cracking
password hashes.
Password MD5 Hash
123456 e10adc3949ba59abbe56e057f20f883e
password 5f4dcc3b5aa765d61d8327deb882cf99

16. It’s not just for your fries
SALT

17. What is a Salt?
Random data added to your input to create
better output from one way functions
Useful for defending against dictionary and rainbow table attacks.
$ echo "secret" | md5
Dd02c7c2232759874e1c205587017bed
$ openssl rand -hex 16
72f72e199d1292317ee60cbe3c50b5ba
$ echo "72f72e199d1292317ee60cbe3c50b5ba secret" | md5
7cb940bf5166c52834a9e831a6299091

18. Key Derivation

19. Key Derivation Functions
KDF create new secret keys from a secret
value and a known value - like a password
Key Derivation Functions can be used in a “key stretching”
routing to enhance hashing functions to provide much more
protection from rainbow tables and brute force attacks

20. Original KDF: crypt
● Invented in 1978 to protect UNIX passwords
● Used only a 12 bit salt
● Limited passwords to 8 characters

21. Modern KDFs
PDKDF2
● 64 bit random salt
● 5000 iterations of SHA1 (hashing function)
SCRYPT
● Consumes large amounts of memory on
purpose

22. PBKDF2 In A Nutshell™
Password
SALT +
Password
Prepend SALT
Intermediate
Hash
SHA1
REPEAT 5000
TIMES
Final Hash

23. Save the Salt
Store the salt, the resulting hash and the
number of iterations in your data store
You’ll have to calculate the derived key of the
credential again to verify it is correct
https://crackstation.net/hashing-security.htm

24. Vulnerabilities
• ASICs exists that can run PBKDF2
processes very quickly
• bcrypt requires the use of more memory so it
makes it harder to implement in silicon
• scrypt is more modern and can be tuned to
use even more memory

25. Symmetric Encryption

26. Symmetric Encryption
Used when your application needs to protect data at rest
(on disk etc) but will need to use those values later
The most common algorithm for symmetric encryption is
AES (Advanced Encryption Standard)
It can operate in multiple modes like ECB, CBC, CTR and
GCM - each suited to different uses

27. ECB Mode
Electronic Code Book
Simplest mode: Operates on blocks of plaintext

28. Comparing ECB to other modes
http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

29. Galois Counter Mode (GCM)
Encrypts and Authenticates Messages
Reduces the opportunity for interference with
messages to go undetected
Functions at a high rate of speed
Became NIST standard in 2007

30. Simple!
https://en.wikipedia.org/wiki/Galois/Counter_Mode

31. Uses of GCM
• TLS 1.2
• SSH
• IPsec

32. Let’s talk about it.
Mistakes Were Made

33. The Stupid. It Hurts.

34. Le Sigh.
My password is stored in their
database in plaintext.
It was not hashed or they could
not have emailed it to me!
Obviously, the password I use
with them is a special
snowflake.

35. Which is bad because...
A lot of people use the same password
everywhere and use their email address as
their login!

36. So...
An attacker that gets this password list can try
to log in to all kinds of things as you!
1. email
2. banks
3. credit reporting
4. even NetFlix!

37. Adobe Hack
Millions of “encrypted” passwords stolen
Hashed with MD5
Large numbers of them found in rainbow tables
Most Common Password: 123456
http://stricture-group.com/files/adobe-top100.txt

39. Beware The Default Settings
Default settings for Android Bouncy Castle
starting in 2.1 were horribly unsafe
Defaulted to ECB mode!

40. Empirical Study of Android Apps
11,748 applications analyzed
5,656 used ECB mode by default
3,644 used a constant symmetric key
2,000 used ECB mode ON PURPOSE!
1,932 used a constant IV
1,629 seeded PRNG with static value

41. Seeding the PRNG
In 2006 a bug in Debian and Ubuntu caused
the PID to be used as the output of the PRNG -
only 32,768 possible values!
(hint: that’s not enough!)

42. UnSalted Hashes
In 2012, LinkedIn password hashes were
stolen.
They were not salted.
60% of them were cracked.

43. Crisis Averted at Slack
User profile data stolen in February 2015
Passwords hashed with bcrypt and random
salts

44. Unlocking Your Prius
System uses rotating codes in a small range
Some built in (pre-shared) keys for repair use
No protection from replaying codes
Brute force attacks possible

45. Scared yet?

46. @andrewwatson
http://about.me/andrewwatson
Thank You