5. JOHN CONGDON
•PHP Developer Since 2003
•SDPHP User Group Organizer
•Sr PHP Developer for Networx Online
2Thursday, May 16, 13
6. JOHN CONGDON
•PHP Developer Since 2003
•SDPHP User Group Organizer
•Sr PHP Developer for Networx Online
•PhoneBurner.com
2Thursday, May 16, 13
7. JOHN CONGDON
•PHP Developer Since 2003
•SDPHP User Group Organizer
•Sr PHP Developer for Networx Online
•PhoneBurner.com
•MeetingBurner.com
2Thursday, May 16, 13
8. JOHN CONGDON
•PHP Developer Since 2003
•SDPHP User Group Organizer
•Sr PHP Developer for Networx Online
•PhoneBurner.com
•MeetingBurner.com
•FaxBurner.com
2Thursday, May 16, 13
9. JOHN CONGDON
•PHP Developer Since 2003
•SDPHP User Group Organizer
•Sr PHP Developer for Networx Online
•PhoneBurner.com
•MeetingBurner.com
•FaxBurner.com
•I Am Not A Cryptographer
2Thursday, May 16, 13
14. Cryptographic Hashing
Wikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and
returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very
high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called
the message digest or simply digest.
6Thursday, May 16, 13
15. Cryptographic Hashing
Wikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and
returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very
high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called
the message digest or simply digest.
H
A
S
H
“message” “digest”
6Thursday, May 16, 13
16. Cryptographic Hashing
Wikipedia Definition: A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and
returns a fixed-size bitstring, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very
high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called
the message digest or simply digest.
H
A
S
H
“message” “digest”
“unicorn” “1abcb33beeb811dca15f0ac3e47b88d9”
6Thursday, May 16, 13
27. Salting Cryptographic Hashes
Wikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function that
hashes a password or passphrase.
A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and
processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt
in a database.
13Thursday, May 16, 13
28. Salting Cryptographic Hashes
Wikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function that
hashes a password or passphrase.
A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and
processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt
in a database.
$hash = md5(‘RAND_SALT’ . $_POST[‘password’]);
13Thursday, May 16, 13
29. Salting Cryptographic Hashes
Wikipedia Definition: In cryptography, a salt is random data that are used as an additional input to a one-way function that
hashes a password or passphrase.
A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and
processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt
in a database.
$hash = md5(‘RAND_SALT’ . $_POST[‘password’]);
RAND_SALT must come from a cryptographically secure source.
Not From (rand, mt_rand, or uniqid)
Use (/dev/urandom, mcrypt, openssl)
13Thursday, May 16, 13
32. Today’s Best Practice: BCrypt
•Slower by design
•Configurable to help withstand the test of time (cost param)
14Thursday, May 16, 13
33. Today’s Best Practice: BCrypt
•Slower by design
•Configurable to help withstand the test of time (cost param)
•Should be configured to take 0.25 to 0.50 a second
14Thursday, May 16, 13
34. Today’s Best Practice: BCrypt
•Slower by design
•Configurable to help withstand the test of time (cost param)
•Should be configured to take 0.25 to 0.50 a second
•Start with a cost of 10, use higher if possible
14Thursday, May 16, 13
35. PHP 5.5 Password Hashing API
http://www.php.net/manual/en/ref.password.php
15Thursday, May 16, 13
36. PHP 5.5 Password Hashing API
http://www.php.net/manual/en/ref.password.php
16Thursday, May 16, 13
37. PHP 5.5 Password Hashing API
http://www.php.net/manual/en/ref.password.php
array password_get_info(string $hash)
Returns 3 elements
algorithm: Constant value
algoName: bcrypt
options: the options provided to password_hash
Array
(
[algo] => 1
[algoName] => bcrypt
[options] => Array
(
[cost] => 11
)
)
17Thursday, May 16, 13
38. PHP 5.5 Password Hashing API
http://www.php.net/manual/en/ref.password.php
boolean password_needs_rehash ( string $hash , string $algo [, string $options ] )
Assuming password_verify was successful above:
if (password_needs_rehash($hash,
PASSWORD_DEFAULT,
$options)) {
$user->password = password_hash($password....);
$user->update();
}
18Thursday, May 16, 13
39. I Lied: PHP >= 5.3.7 Password Hashing API
https://github.com/ircmaxell/password_compat
A forward compatible password API implementation that will work
until you are ready to upgrade to 5.5. This will work for all versions
of PHP that has the $2y fix.
Upgrading to 5.5 will not break your current code if you use this
library.
19Thursday, May 16, 13
40. Example: Creating a user
<?php
require 'password.php';
$hash = password_hash($_POST[‘password’],
PASSWORD_DEFAULT);
if ($hash === false) {
//handle this error case somehow...
}
$user = Model_User::createNewUser($_POST[‘username’]);
$user->setPassword($hash);
$user->update(); 20Thursday, May 16, 13
41. Example: Logging a user in
<?php
require 'password.php';
$user = Model_User::getUserByUserName($_POST[‘username’]);
if (password_verify($_POST[‘password’], $user->password)) {
return true;
} else {
die(“Invalid credentials”);
}
21Thursday, May 16, 13
42. Example: Logging a user in and checking for rehash
...
$user = Model_User::getUserByUserName($_POST[‘username’]);
if (password_verify($_POST[‘password’], $user->password)) {
if (password_needs_rehash($user->password,
$algo, $options)) {
$hash = password_hash($_POST[‘password’],
PASSWORD_DEFAULT, $options);
$user->setPassword($hash);
$user->update();
}
...
22Thursday, May 16, 13
46. More Than Just Passwords
We may store more sensitive data than just passwords.
25Thursday, May 16, 13
47. More Than Just Passwords
We may store more sensitive data than just passwords.
Passwords are easy, we don’t care about the original value.
25Thursday, May 16, 13
48. More Than Just Passwords
We may store more sensitive data than just passwords.
Passwords are easy, we don’t care about the original value.
Decryption makes original value usable by us.
25Thursday, May 16, 13
49. More Than Just Passwords
We may store more sensitive data than just passwords.
Passwords are easy, we don’t care about the original value.
Decryption makes original value usable by us.
•Credit Card Info
•Social Security Numbers
•Date of Birth
•Personally Identifiable Information
25Thursday, May 16, 13
51. AVOID ENCRYPTION AT ALL COSTS!
Clarification:Avoid keeping any data that you need to encrypt.
26Thursday, May 16, 13
52. AVOID ENCRYPTION AT ALL COSTS!
Clarification:Avoid keeping any data that you need to encrypt.
Before deciding to keep any of this information, ask yourself why you need it.
26Thursday, May 16, 13
53. AVOID ENCRYPTION AT ALL COSTS!
Clarification:Avoid keeping any data that you need to encrypt.
Before deciding to keep any of this information, ask yourself why you need it.
Is the risk of potentially leaking this information worth the reward?
26Thursday, May 16, 13
54. AVOID ENCRYPTION AT ALL COSTS!
Clarification:Avoid keeping any data that you need to encrypt.
Before deciding to keep any of this information, ask yourself why you need it.
Is the risk of potentially leaking this information worth the reward?
Are there alternative solutions?
26Thursday, May 16, 13
55. AVOID ENCRYPTION AT ALL COSTS!
Clarification:Avoid keeping any data that you need to encrypt.
Before deciding to keep any of this information, ask yourself why you need it.
Is the risk of potentially leaking this information worth the reward?
Are there alternative solutions?
Example: Credit card companies usually offer a token solution.
26Thursday, May 16, 13
58. Symmetric vs Asymmetric
Symmetric
Only one shared key
Same key encrypts and decrypts
Easiest to understand
Asymmetric
Two keys (Public & Private)
Encryption/Decryption
Public key encrypts
Private key decrypts
Signing/Verifying
Private key signs
Public key verifies
27Thursday, May 16, 13
59. Common Asymmetric Uses
SSH Keys
HTTPS / SSL
PGP: Pretty Good Privacy
Email
Files
Really any message
28Thursday, May 16, 13
61. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
29Thursday, May 16, 13
62. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
29Thursday, May 16, 13
63. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
29Thursday, May 16, 13
64. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
29Thursday, May 16, 13
65. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
29Thursday, May 16, 13
66. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
• Avoid ECB (Electronic Code Book)
29Thursday, May 16, 13
67. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
• Avoid ECB (Electronic Code Book)
• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)
29Thursday, May 16, 13
68. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
• Avoid ECB (Electronic Code Book)
• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)
• InitializationVectors
29Thursday, May 16, 13
69. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
• Avoid ECB (Electronic Code Book)
• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)
• InitializationVectors
• Similar to SALT in hashing (It’s not a secret)
29Thursday, May 16, 13
70. Keys, Ciphers, Modes, and Initialization Vectors Oh My!
• Keys, should be easy to understand (KEEP IT SECRET)
• Ciphers
• Deterministic algorithm (Ex: 3DES, Blowfish,TwoFish)
• Modes
• Determines how the key stream is used (never cross them)
• Avoid ECB (Electronic Code Book)
• (Use CBC or CFB, Cipher Block Chaining / Cipher FeedBack)
• InitializationVectors
• Similar to SALT in hashing (It’s not a secret)
• Must be random per encrypted text
29Thursday, May 16, 13
71. Example: Encrypt using crypt
$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;
$message = ‘My Credit Card Number is 4123123412341234’;
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH,
MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
$cipher = mcrypt_encrypt(
MCRYPT_BLOWFISH,
$crypt_key,
$message,
MCRYPT_MODE_CBC,
$iv
);
30Thursday, May 16, 13
72. HMAC: Hash-based Message Authentication Code
Using a separate key, this will give us a signature letting us know
that the data has not been tampered with.
When Encrypting:
Always encrypt first, and then get signature of the CipherText.
Store it with your InitializationVector and CipherText.
When Decrypting:
Always verify signature first, and then decrypt if matched.
31Thursday, May 16, 13
73. Example: Using HMAC
$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;
$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;
$hmac = hash_hmac(‘sha512’, $cipher_text, $hmac_key);
//Store it with your encrypted data
$encrypted = base64_encode($iv . $cipher . $hmac);
32Thursday, May 16, 13
77. Example: Using phpseclib
$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;
$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;
$message = ‘My Credit Card Number is 4123123412341234’;
require ‘Crypt/DES.php’;
require ‘Crypt/Hash.php’;
$des = new Crypt_DES();
$des->setKey($crypt_key);
$cipher = $des->encrypt($message);
$hash = new Crypt_Hash(‘sha512’);
$hash->setKey($hmac_key);
$hmac = bin2hex($hash->hash($cipher));
35Thursday, May 16, 13
78. Example: Using phpseclib
$crypt_key = ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’;
$hmac_key = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy’;
$message = ‘My Credit Card Number is 4123123412341234’;
require ‘Crypt/DES.php’;
require ‘Crypt/Hash.php’;
$des = new Crypt_DES();
$des->setKey($crypt_key);
$cipher = $des->encrypt($message);
$hash = new Crypt_Hash(‘sha512’);
$hash->setKey($hmac_key);
$hmac = bin2hex($hash->hash($cipher));
require ‘Crypt/DES.php’;
require ‘Crypt/Hash.php’;
$hash = new Crypt_Hash(‘sha512’);
$hash->setKey($hmac_key);
$verify_hmac = bin2hex($hash->hash($ciph
if ($verify_hmac == $hmac) {
$des = new Crypt_DES();
$des->setKey($crypt_key);
$message = $des->decrypt($cipher);
}
35Thursday, May 16, 13
79. Encryption !== Protection
Data obtained through SQL Injection attacks or other non
system penetration attacks should be relatively secure.
For us to encrypt/decrypt, we must have access to the key.
Therefore, any breach of system security, will disclose the key to
the attacker, leaving ALL encryption useless.
Apache environment variable, memory, config files, password
entered during system startup, do not keep the key private.
36Thursday, May 16, 13
80. AVOID ENCRYPTION AT ALL COSTS!
There is no such thing as 100% secure.
37Thursday, May 16, 13
82. Other Things To Consider
•Encrypt / decrypt on a separate server.
38Thursday, May 16, 13
83. Other Things To Consider
•Encrypt / decrypt on a separate server.
•More overhead and complexity.
38Thursday, May 16, 13
84. Other Things To Consider
•Encrypt / decrypt on a separate server.
•More overhead and complexity.
•Any server breach can still decrypt data.
38Thursday, May 16, 13
85. Other Things To Consider
•Encrypt / decrypt on a separate server.
•More overhead and complexity.
•Any server breach can still decrypt data.
•With enough thought and monitoring, you can kill the
decryption server to limit the damage done.
38Thursday, May 16, 13
86. Other Things To Consider
•Encrypt / decrypt on a separate server.
•More overhead and complexity.
•Any server breach can still decrypt data.
•With enough thought and monitoring, you can kill the
decryption server to limit the damage done.
•Think about restricting requests per second
38Thursday, May 16, 13
87. Other Things To Consider
Paranoid about password safety? Consider encrypting the hash.
Renders SQL-Injection and rainbow tables/brute force useless.
•Encrypt / decrypt on a separate server.
•More overhead and complexity.
•Any server breach can still decrypt data.
•With enough thought and monitoring, you can kill the
decryption server to limit the damage done.
•Think about restricting requests per second
38Thursday, May 16, 13
88. Credits
I’ve learned a lot while preparing this presentation.
Thanks especially to Anthony Ferrara (@ircmaxell)
http://blog.ircmaxell.com
39Thursday, May 16, 13