SlideShare ist ein Scribd-Unternehmen logo

Practical Crypto Attacks Against Web Applications

Security BSides London
Security BSides London

The document discusses weaknesses in web application security related to encryption and random number generation. It describes how Electronic Code Book (ECB) mode and padding-based attacks can compromise confidentiality. It also explains how the use of deterministic random number generators and lack of integrity checks on encrypted data can enable side-channel attacks like the padding oracle attack. The document emphasizes the importance of using cryptographically secure random number generators and combining encryption with signatures to protect both confidentiality and integrity.

Technologie
1 von 46
Against Web Applications Justin Clarke
!  IANAC !  Usage != security !  Pentesting? 2
!  Confidentiality – Prevent the disclosure of information to unauthorized individuals or systems !  Integrity – Ensure that data cannot be modified undetectably !  Authenticity - Validate that a party is who they claim they are 3
!  Symmetric Crypto Attacks !  ECB Mode Usage !  Padding-Based Attacks !  Secure Random Number Generation 4
!  Most block ciphers support multiple modes of operation !  The most common modes are : !  ECB – Electronic Code Book !  CBC – Cipher Block Chaining !  CFB - Cipher Feedback !  OFB - Output Feedback !  None provide integrity if used in isolation 5
6
!  Reason #1 ECB CONFIDENTIALITY 7
!  Reason #2 UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 8
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 9
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 10
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 11
!  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 12
ECB Mode Attack
14
CBC CONFIDENTIALITY 15
!  Original Ciphertext BLOCK 1 BLOCK 2 BLOCK 3 16
!  Block Swapping will result in data corruption BLOCK 1 BLOCK 3 BLOCK 2 17
!  “Padding Oracle” Attack !  Leverages byte flipping of ciphertext to generate invalid padding exceptions !  Data can be decrypted (and encrypted too) without knowledge of the secret key 18
19
!  Assuming this scheme, then there are only 8 possible valid padding sequences: !  0x01 !  0x02, 0x02 !  0x03, 0x03, 0x03, !  0x04, 0x04, 0x04, 0x04 !  0x05, 0x05, 0x05, 0x05, 0x05, !  0x06, 0x06, 0x06, 0x06, 0x06, 0x06 !  0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07 !  0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 20
21
!  Is the key the correct size? !  Invalid Key Exception !  Is the value (bytes) an even block multiple? !  Invalid Length Exception !  Is the decrypted block properly padded? !  Invalid Padding Exception CRITICAL !  Return the value 22
23
Call this “Byte X” Call this “Byte Y” Basic Premise: •  A change of Byte X (ciphertext) will change Byte Y (plaintext) •  There is a one-to-one correlation between Byte X values and Byte Y values •  Exception is thrown if plain-text does not end with a valid padding sequence 24
Byte X == 0x00 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 25
Byte X == 0x01 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 26
Byte X == 0x02 Byte Y == ??? Exception? YES •  Byte Y IS valid padding (must be 0x01) 27
!  What does that tell us? !  The altered byte value produced valid padding when XOR’ed with the intermediate value IF A ^ B = C THEN A ^ C = B AND C ^ B = A 28
!  What does that tell us? !  If the padding byte was 0x01: !  Our Byte (0x02) ^ Intermediate Byte (??) == 0x01 !  Intermediate Byte == Our Byte (0x02) ^ 0x01 !  The plain-text value is the intermediate value XOR’ed with the prior ciphertext byte 29
Padding Oracle Attack
!  As we’ve seen, encrypted data (while kept private) is still susceptible to tampering Message Encryption !  We need to ensure PRIVACY and INTEGRITY 31
!  Encrypt + Sign the Ciphertext Message SIGNATURE Encryption !  HMAC: Combines a cryptographic hash function with a secret key !  Cannot be re-computed without the key !  Verifies the integrity and authenticity of a message 32
!  Why not HMAC within the ciphertext? !  Does not prevent against side channel attacks during decryption !  Padding Oracle Attack in .NET Framework !  Discovered September 2010 !  Viewstate and Forms Authentication Cookies were affected even though an HMAC was included within the ciphertext !  Tampering was only be detected after decryption 33
!  When do you need a random number? !  Password Generator, Encryption Keys, Session Identifiers, etc… !  How random is “random”? Pseudo Random Number Generator vs. Cryptographically Secure Random Number Generator 34
!  Two common attacks against RNG’s !  Non-random Seed Values !  Formula used to produce random numbers 35
!  What do you think this code will produce? // Generate First Series byte[] bytes1 = new byte[100]; Random rnd1 = new Random(); rnd1.NextBytes(bytes1); Console.WriteLine("First Series:"); for (int ctr = bytes1.GetLowerBound(0); ctr <= bytes1.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes1[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } // Generate Second Series byte[] bytes2 = new byte[100]; Random rnd2 = new Random(); rnd2.NextBytes(bytes2); Console.WriteLine("Second Series:"); for (int ctr = bytes2.GetLowerBound(0); ctr <= bytes2.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes2[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } 36
!  Output from the previous code First Series: 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 Both series Second Series: are identical 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 37
!  If you don’t seed the random number generator, it will automatically be seeded !  With what? “By default, the parameterless constructor of the Random class uses the system clock to generate its seed value” http://msdn.microsoft.com/en-us/library/system.random.aspx 38
!  What if this code was in ResetPassword.aspx? StringBuilder password = new StringBuilder(); // Define all upper and lower chars with special chars char[] lCase = new char[] { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h, 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x, 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_' }; int lCaseIndex = 0; Random rand = new Random(); // Randomly select 12 characters from the values above for (int cnt = 0; cnt < 12; cnt++) { lCaseIndex = rand.Next(0, lCase.Length - 1); password.Append(lCase[lCaseIndex]); } string newPassword = password.ToString(); 39
!  Seed Race Condition Attack (Seed Racing) !  Based on a research experiment conducted in 2008 !  67,000 HTTP requests to a server with a random password generator similar to the one shown !  Results: 208 unique passwords !  322 duplicated in one or more accounts 40
!  Is Java.Random any better? !  Uses a Linear Congruential Formula for generating random data (LCG) One Dimensional LCG Plot 41
42
!"#$%&'(()*& +$,-(.&%(& ./01& 43
44
!2#((3*4&5& 6(7$&6(8& 9:/001& 45
!  Crypto is hard to get right !  Lots of ways to make mistakes !  When in doubt, ask an expert 46

Empfohlen

Securing data
Securing dataSecuring data
Securing dataDaniel Le
 
Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Anas Rock
 
End of Moore's Law?
End of Moore's Law? End of Moore's Law?
End of Moore's Law? Jeffrey Funk
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Ccent notes part 3
Ccent notes part 3Ccent notes part 3
Ccent notes part 3shreelaxmi4545
 
BERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackBERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackAlex Matrosov
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
notes.pdf
notes.pdfnotes.pdf
notes.pdftest643768
 

Empfohlen

Securing data
Securing dataSecuring data
Securing dataDaniel Le
 
Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Information Security Cryptography ( L01- introduction )
Information Security Cryptography ( L01- introduction )Anas Rock
 
End of Moore's Law?
End of Moore's Law? End of Moore's Law?
End of Moore's Law? Jeffrey Funk
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Ccent notes part 3
Ccent notes part 3Ccent notes part 3
Ccent notes part 3shreelaxmi4545
 
BERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackBERserk: New RSA Signature Forgery Attack
BERserk: New RSA Signature Forgery AttackAlex Matrosov
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
notes.pdf
notes.pdfnotes.pdf
notes.pdftest643768
 
Bitcoin Internals
Bitcoin InternalsBitcoin Internals
Bitcoin InternalsJames Turner
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfSayusAli
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Qais Ammari
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Cloudera, Inc.
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Julien Le Dem
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfAdithyaAR5
 
Blockchain101
Blockchain101Blockchain101
Blockchain101Chang-Wu Chen
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdfKrishnaKumar2309
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014Stefano Frontori
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applicationsSasin SEC
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)HYUNJEONG KIM
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)SoumyaBhattacharyya14
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineeringslicklash
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easyManjit Singh
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02Dmitry Vostokov
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfShifat Ahmed
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...CODE BLUE
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbookJorge Arroyo
 
Security YMCA
Security YMCASecurity YMCA
Security YMCASecurity BSides London
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must dieSecurity BSides London
 

Weitere ähnliche Inhalte

Ähnlich wie Practical Crypto Attacks Against Web Applications

IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfSayusAli
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Qais Ammari
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Cloudera, Inc.
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Julien Le Dem
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfAdithyaAR5
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdfKrishnaKumar2309
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014Stefano Frontori
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applicationsSasin SEC
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)HYUNJEONG KIM
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)SoumyaBhattacharyya14
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineeringslicklash
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easyManjit Singh
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfShifat Ahmed
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...CODE BLUE
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbookJorge Arroyo
 

Ähnlich wie Practical Crypto Attacks Against Web Applications (20)

Bitcoin Internals
Bitcoin InternalsBitcoin Internals
Bitcoin Internals
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdf
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
 
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdfBarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
BarcodeSCAN V120 To scann Bills for Oil vending Machine.pdf
 
Blockchain101
Blockchain101Blockchain101
Blockchain101
 
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
19BCS2605_Krishna_Kumar_Computer_Graphics_exp_3.1.pdf
 
sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014sfrontori-bitcoin-technical intro-meetup2014
sfrontori-bitcoin-technical intro-meetup2014
 
Blockchain models and their practical applications
Blockchain models and their practical applicationsBlockchain models and their practical applications
Blockchain models and their practical applications
 
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)알고리즘 연합캠프 세미나 1-B (Bitwise DP)
알고리즘 연합캠프 세미나 1-B (Bitwise DP)
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)Cryptography Symmetric Key Algorithm (CSE)
Cryptography Symmetric Key Algorithm (CSE)
 
Cryptography (under)engineering
Cryptography (under)engineeringCryptography (under)engineering
Cryptography (under)engineering
 
ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy ip addressing_&_subnetting_made_easy
ip addressing_&_subnetting_made_easy
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02
 
Computer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdfComputer fandamental bangla by soikot pdf
Computer fandamental bangla by soikot pdf
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...
 
Student subnetworkbook
Student subnetworkbookStudent subnetworkbook
Student subnetworkbook
 

Mehr von Security BSides London

Your money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialYour money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialSecurity BSides London
 
You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...Security BSides London
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programsSecurity BSides London
 

Mehr von Security BSides London (12)

Security YMCA
Security YMCASecurity YMCA
Security YMCA
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
Your money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorialYour money, your media a DRMtastic (reverse|re) eng. tutorial
Your money, your media a DRMtastic (reverse|re) eng. tutorial
 
You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...You built a security castle and forgot the bridge…now users are climbing your...
You built a security castle and forgot the bridge…now users are climbing your...
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information Security
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
Breaking, Entering and Pentesting
Breaking, Entering and Pentesting Breaking, Entering and Pentesting
Breaking, Entering and Pentesting
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programs
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Cloud computing due diligence WTF?
Cloud computing due diligence WTF?Cloud computing due diligence WTF?
Cloud computing due diligence WTF?
 

Kürzlich hochgeladen

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Practical Crypto Attacks Against Web Applications

  • 1. Against Web Applications Justin Clarke
  • 2. !  IANAC !  Usage != security !  Pentesting? 2
  • 3. !  Confidentiality – Prevent the disclosure of information to unauthorized individuals or systems !  Integrity – Ensure that data cannot be modified undetectably !  Authenticity - Validate that a party is who they claim they are 3
  • 4. !  Symmetric Crypto Attacks !  ECB Mode Usage !  Padding-Based Attacks !  Secure Random Number Generation 4
  • 5. !  Most block ciphers support multiple modes of operation !  The most common modes are : !  ECB – Electronic Code Book !  CBC – Cipher Block Chaining !  CFB - Cipher Feedback !  OFB - Output Feedback !  None provide integrity if used in isolation 5
  • 6. 6
  • 7. !  Reason #1 ECB CONFIDENTIALITY 7
  • 8. !  Reason #2 UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 8
  • 9. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 9
  • 10. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 10
  • 11. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 11
  • 12. !  Reason #2 Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 UID:2390 9,Email: john@doe .com,Nic kName:Jo hnDoe230 1,Role:3 CIPHERTEX 9648dab1 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 69e75f87 T d7f285ac db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 cf74ab6d UID:23909,Email:john@doe.com,NickName:JohnDoe2301,Role:3 Block 1 Block 7 Block 2 Block 3 Block 4 Block 5 Block 6 CIPHERTEX 9648dab1 69e75f87 22a1eaee 0f5a7a2a 86adfcf6 6adb7872 96bdc238 T d7f285ac cf74ab6d db7aabbb 1f8de75f 17abcbcf 7ab9dd8e 5fa70ba2 UID:2390 1,Role:3 9,Email: john@doe .com,Nic kName:Jo hnDoe230 UID:23901,Role:39,Email:john@doe.com,NickName:JohnDoe230 12
  • 14. 14
  • 15. CBC CONFIDENTIALITY 15
  • 16. !  Original Ciphertext BLOCK 1 BLOCK 2 BLOCK 3 16
  • 17. !  Block Swapping will result in data corruption BLOCK 1 BLOCK 3 BLOCK 2 17
  • 18. !  “Padding Oracle” Attack !  Leverages byte flipping of ciphertext to generate invalid padding exceptions !  Data can be decrypted (and encrypted too) without knowledge of the secret key 18
  • 19. 19
  • 20. !  Assuming this scheme, then there are only 8 possible valid padding sequences: !  0x01 !  0x02, 0x02 !  0x03, 0x03, 0x03, !  0x04, 0x04, 0x04, 0x04 !  0x05, 0x05, 0x05, 0x05, 0x05, !  0x06, 0x06, 0x06, 0x06, 0x06, 0x06 !  0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07 !  0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 20
  • 21. 21
  • 22. !  Is the key the correct size? !  Invalid Key Exception !  Is the value (bytes) an even block multiple? !  Invalid Length Exception !  Is the decrypted block properly padded? !  Invalid Padding Exception CRITICAL !  Return the value 22
  • 23. 23
  • 24. Call this “Byte X” Call this “Byte Y” Basic Premise: •  A change of Byte X (ciphertext) will change Byte Y (plaintext) •  There is a one-to-one correlation between Byte X values and Byte Y values •  Exception is thrown if plain-text does not end with a valid padding sequence 24
  • 25. Byte X == 0x00 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 25
  • 26. Byte X == 0x01 Byte Y == ??? Exception? YES •  Byte Y is not valid padding 26
  • 27. Byte X == 0x02 Byte Y == ??? Exception? YES •  Byte Y IS valid padding (must be 0x01) 27
  • 28. !  What does that tell us? !  The altered byte value produced valid padding when XOR’ed with the intermediate value IF A ^ B = C THEN A ^ C = B AND C ^ B = A 28
  • 29. !  What does that tell us? !  If the padding byte was 0x01: !  Our Byte (0x02) ^ Intermediate Byte (??) == 0x01 !  Intermediate Byte == Our Byte (0x02) ^ 0x01 !  The plain-text value is the intermediate value XOR’ed with the prior ciphertext byte 29
  • 31. !  As we’ve seen, encrypted data (while kept private) is still susceptible to tampering Message Encryption !  We need to ensure PRIVACY and INTEGRITY 31
  • 32. !  Encrypt + Sign the Ciphertext Message SIGNATURE Encryption !  HMAC: Combines a cryptographic hash function with a secret key !  Cannot be re-computed without the key !  Verifies the integrity and authenticity of a message 32
  • 33. !  Why not HMAC within the ciphertext? !  Does not prevent against side channel attacks during decryption !  Padding Oracle Attack in .NET Framework !  Discovered September 2010 !  Viewstate and Forms Authentication Cookies were affected even though an HMAC was included within the ciphertext !  Tampering was only be detected after decryption 33
  • 34. !  When do you need a random number? !  Password Generator, Encryption Keys, Session Identifiers, etc… !  How random is “random”? Pseudo Random Number Generator vs. Cryptographically Secure Random Number Generator 34
  • 35. !  Two common attacks against RNG’s !  Non-random Seed Values !  Formula used to produce random numbers 35
  • 36. !  What do you think this code will produce? // Generate First Series byte[] bytes1 = new byte[100]; Random rnd1 = new Random(); rnd1.NextBytes(bytes1); Console.WriteLine("First Series:"); for (int ctr = bytes1.GetLowerBound(0); ctr <= bytes1.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes1[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } // Generate Second Series byte[] bytes2 = new byte[100]; Random rnd2 = new Random(); rnd2.NextBytes(bytes2); Console.WriteLine("Second Series:"); for (int ctr = bytes2.GetLowerBound(0); ctr <= bytes2.GetUpperBound(0); ctr++) { Console.Write("{0, 5}", bytes2[ctr]); if ((ctr + 1) % 10 == 0) Console.WriteLine(); } 36
  • 37. !  Output from the previous code First Series: 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 Both series Second Series: are identical 97 129 149 54 22 208 120 105 68 177 113 214 30 172 74 218 116 230 89 18 12 112 130 105 116 180 190 200 187 120 7 198 233 158 58 51 50 170 98 23 21 1 113 74 146 245 34 255 96 24 232 255 23 9 167 240 255 44 194 98 18 175 173 204 169 171 236 127 114 23 167 202 132 65 253 11 254 56 214 127 145 191 104 163 143 7 174 224 247 73 52 6 231 255 5 101 83 165 160 231 37
  • 38. !  If you don’t seed the random number generator, it will automatically be seeded !  With what? “By default, the parameterless constructor of the Random class uses the system clock to generate its seed value” http://msdn.microsoft.com/en-us/library/system.random.aspx 38
  • 39. !  What if this code was in ResetPassword.aspx? StringBuilder password = new StringBuilder(); // Define all upper and lower chars with special chars char[] lCase = new char[] { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h, 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x, 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_' }; int lCaseIndex = 0; Random rand = new Random(); // Randomly select 12 characters from the values above for (int cnt = 0; cnt < 12; cnt++) { lCaseIndex = rand.Next(0, lCase.Length - 1); password.Append(lCase[lCaseIndex]); } string newPassword = password.ToString(); 39
  • 40. !  Seed Race Condition Attack (Seed Racing) !  Based on a research experiment conducted in 2008 !  67,000 HTTP requests to a server with a random password generator similar to the one shown !  Results: 208 unique passwords !  322 duplicated in one or more accounts 40
  • 41. !  Is Java.Random any better? !  Uses a Linear Congruential Formula for generating random data (LCG) One Dimensional LCG Plot 41
  • 42. 42
  • 43. !"#$%&'(()*& +$,-(.&%(& ./01& 43
  • 44. 44
  • 45. !2#((3*4&5& 6(7$&6(8& 9:/001& 45
  • 46. !  Crypto is hard to get right !  Lots of ways to make mistakes !  When in doubt, ask an expert 46