Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Sharing secrets with PHP

10. Mai 2015
1 gefällt mir 1.371 Aufrufe
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Atomic design
Atomic design
Wird geladen in …3
×

Hier ansehen

M7S3_whathappened.pptx
AracelySM1
Sangfor X Security Health Check Report
Josh Lrt
BT_Neo4j GraphSummit 2023_Graph for Vena.pptx
Neo4j
Seven Peaks Speaks - Compose Navigation
Seven Peaks Speaks
IT-Audit-Manual-2017-1st-Edition.pdf
JacobYeboa1
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
Looming Marvelous - Virtual Threads in Java Javaland.pdf
jexp
Elsevier_Neo4j GraphSummit London 2023 .pptx
Neo4j
1 von 22 Anzeige

Sharing secrets with PHP

10. Mai 2015
1 gefällt mir 1.371 Aufrufe

Herunterladen, um offline zu lesen

Technologie

You want to share a secret within a group in a secure way? You want to make sure, that more than one person is needed to recover the secret so no one can do thing single-handed? You need e.g. four-eyes principle?

Cryptography knows a shared secret as a piece of data, which is only known to parties involved. The data might a text, any number, a passphrase or just bits and bytes.

The slides explain the requirements on how to share a secret, which approaches their are and is showing one solution using an algorithm called "Shamir's Secret Sharing".

This cryptographic algorithm was created by Adi Shamir. The algorithm will divide the secret into parts, where each participant receives its own unique part. Most important is, that some of the parts or all of them are needed in order to reconstruct the secret.

In cryptography Shamir's Secret Sharing is a so called threshold scheme. It means, that not all of the parts are needed, but a number of x parts are sufficient to recover the original secret.

The PHP implementation of the algorithm can be found at https://github.com/teqneers/shamir.

The slides are based on a blog called Data Genetics (http://datagenetics.com/blog/november22012/).

You want to share a secret within a group in a secure way? You want to make sure, that more than one person is needed to recover the secret so no one can do thing single-handed? You need e.g. four-eyes principle?

Cryptography knows a shared secret as a piece of data, which is only known to parties involved. The data might a text, any number, a passphrase or just bits and bytes.

The slides explain the requirements on how to share a secret, which approaches their are and is showing one solution using an algorithm called "Shamir's Secret Sharing".

This cryptographic algorithm was created by Adi Shamir. The algorithm will divide the secret into parts, where each participant receives its own unique part. Most important is, that some of the parts or all of them are needed in order to reconstruct the secret.

In cryptography Shamir's Secret Sharing is a so called threshold scheme. It means, that not all of the parts are needed, but a number of x parts are sufficient to recover the original secret.

The PHP implementation of the algorithm can be found at https://github.com/teqneers/shamir.

The slides are based on a blog called Data Genetics (http://datagenetics.com/blog/november22012/).

Technologie
Lizenz: CC Attribution-ShareAlike License
Anzeige

Empfohlen

Atomic design
Brad Frost
1.9M Aufrufe
173 Folien
Phingified ci and deployment strategies ipc 2012
TEQneers GmbH & Co. KG
3k Aufrufe
37 Folien
Behavior driven development
TEQneers GmbH & Co. KG
1.2k Aufrufe
29 Folien
Introduction to Ext JS 4
TEQneers GmbH & Co. KG
2.2k Aufrufe
146 Folien
10 Steps great leaders take when things go wrong
GetSmarter
76.7k Aufrufe
63 Folien
Forgotten women in tech history.
Domo
139.7k Aufrufe
12 Folien
A Product Manager's Job
joshelman
798k Aufrufe
35 Folien
Top 10 Tips for Getting a Good Night's Sleep
Dana-Farber Cancer Institute
47.8k Aufrufe
18 Folien
Anzeige

Weitere Verwandte Inhalte

Aktuellste (20)

M7S3_whathappened.pptx
AracelySM1
0 Aufrufe
Sangfor X Security Health Check Report
Josh Lrt
0 Aufrufe
BT_Neo4j GraphSummit 2023_Graph for Vena.pptx
Neo4j
0 Aufrufe
Seven Peaks Speaks - Compose Navigation
Seven Peaks Speaks
0 Aufrufe
IT-Audit-Manual-2017-1st-Edition.pdf
JacobYeboa1
0 Aufrufe
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
0 Aufrufe
Looming Marvelous - Virtual Threads in Java Javaland.pdf
jexp
0 Aufrufe
Elsevier_Neo4j GraphSummit London 2023 .pptx
Neo4j
0 Aufrufe
RUDAL.pptx
AntoHarijadi
0 Aufrufe
ARTIFICIAL INTELIGENCE
Ashish Sadavarti
0 Aufrufe
BEWARE OF SCAMS IN BLOCKCHAIN
Maximus Tech
0 Aufrufe
S4_Classification-Thoracolumar-Spine.ppt
yiminli12
0 Aufrufe
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks
0 Aufrufe
OPAC
rolamassoud
0 Aufrufe
UN BUSINESS TRANSFORMATION ORACLE EOI.pdf
JacobYeboa1
0 Aufrufe
ICT 2nd QUARTER summative.pptx
Michael Montarde
0 Aufrufe
Neo4j GraphSummit London - The Path To Success With Graph Database and Data S...
Neo4j
0 Aufrufe
Case study on Custom Student Portal.pdf
Dhanush Bhandari
0 Aufrufe
Meet Us At Molkereikongress 2017!.docx
Mobile Free To Play
0 Aufrufe
Revolutionary-ChatGPT
9 series
0 Aufrufe
M7S3_whathappened.pptx
AracelySM1
0 Aufrufe
3 Folien
Sangfor X Security Health Check Report
Josh Lrt
0 Aufrufe
35 Folien
BT_Neo4j GraphSummit 2023_Graph for Vena.pptx
Neo4j
0 Aufrufe
10 Folien
Seven Peaks Speaks - Compose Navigation
Seven Peaks Speaks
0 Aufrufe
37 Folien
IT-Audit-Manual-2017-1st-Edition.pdf
JacobYeboa1
0 Aufrufe
106 Folien
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
0 Aufrufe
36 Folien

Empfohlen (20)

The Road to Financial Wellness
Experian_US
7.4k Aufrufe
24 Time Management Hacks to Develop for Increased Productivity
Iulian Olariu
1.9M Aufrufe
GO BRAND YOURSELF. How to land a job with personal branding in 5 steps
Lorenzo Galbiati
193.9k Aufrufe
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
2M Aufrufe
Global Diversity, Equity, and Inclusion Debrief
McKinsey & Company
20.6k Aufrufe
The Minimum Loveable Product
The Happy Startup School
4.1M Aufrufe
Six things to remember while writing feedback 2020
Rajesh Soundararajan
4.6k Aufrufe
20 Steps To Your Life Passion
Barrie Davenport
31.5k Aufrufe
LinkedIn on Mentorship #thankyourmentor
LinkedIn Editors' Picks
193.9k Aufrufe
The Unintended Outcomes of Unconscious Bias in Performance Management
InsideOut Development
5.6k Aufrufe
Science of music for work productivity
PGi
19.3k Aufrufe
Inspirational Lessons Learned From Martin Luther King Jr.
Eagles Talent Speakers Bureau
30.3k Aufrufe
12 Resolutions for a Great Year at Work
O.C. Tanner
29.7k Aufrufe
Machine Learning: A Fast Review
Ahmad Ali Abin
19.1k Aufrufe
Does your motivation need a kick start?
University of Southern Queensland
23.5k Aufrufe
Better than a New Year's Resolution: A New Mindset
Deepak Chopra MD (official)
308.5k Aufrufe
How to Plan and Set Financial Goals
Experian_US
25.1k Aufrufe
Choose Your Own (Career) Adventure
Lauren Galanter
28.8k Aufrufe
chatgpt dalle.pptx
Ellen Edmands
4.3k Aufrufe
25 Mission Statements From the World's Most Valuable Brands
Palo Alto Software
2.1M Aufrufe
The Road to Financial Wellness
Experian_US
7.4k Aufrufe
63 Folien
24 Time Management Hacks to Develop for Increased Productivity
Iulian Olariu
1.9M Aufrufe
26 Folien
GO BRAND YOURSELF. How to land a job with personal branding in 5 steps
Lorenzo Galbiati
193.9k Aufrufe
55 Folien
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
2M Aufrufe
36 Folien
Global Diversity, Equity, and Inclusion Debrief
McKinsey & Company
20.6k Aufrufe
17 Folien
The Minimum Loveable Product
The Happy Startup School
4.1M Aufrufe
53 Folien
Anzeige

Sharing secrets with PHP

  1. 1. TEQneers GmbH & Co. KG www.teqneers.de Slide Secret Sharing Split Brains 1
  2. 2. TEQneers GmbH & Co. KG www.teqneers.de Slide Password ‣Everything online or sensitive has a password ‣Usually known by single person ‣Person gone = password gone ‣Equivalent to a door's lock 2
  3. 3. TEQneers GmbH & Co. KG www.teqneers.de Slide Multi people examples ‣NSA access to mobile devices ‣Four-eyes principle for admins ‣Joint bank account of a company ‣Lawyer needs six family member to open a will ‣Nuclear missile launch system ‣and many more 3
  4. 4. TEQneers GmbH & Co. KG www.teqneers.de Slide Advances examples ‣Bank account: access by any 2 of 4 people ‣Nuclear missile: hierarchy of passwords (president counts 3 votes, SoD counts 2, ...) ‣Will: family member die before you, don't want to de-/encrypt will again and send out passwords ‣Will: new family member without redistributing passwords to all again ‣Four-eyes principle: admins can do some operation only with another admin 4
  5. 5. TEQneers GmbH & Co. KG www.teqneers.de Slide Characteristic of multi PW solution ‣Exposure of 1 sub password doesn't expose any more hints to attacker ‣All sub passwords required to obtain solution ‣Knowledge of all-but-one no better than knowing none ‣Sub passwords have same magnitude in length than master password 5
  6. 6. TEQneers GmbH & Co. KG www.teqneers.de Slide Characteristic of multi PW solution ‣Generate new passwords, because one got exposed, without re-issuing the others ‣Keep sub passwords despite additions/deletions ‣Generate new viable sub password without re- issue 6
  7. 7. TEQneers GmbH & Co. KG www.teqneers.de Slide Ideas? 7
  8. 8. TEQneers GmbH & Co. KG www.teqneers.de Slide Password Carve-up ‣Discloses partial information ‣Reduces effort of brute-force attack ‣Not elegant ‣Need all pieces like a broken plate 8
  9. 9. TEQneers GmbH & Co. KG www.teqneers.de Slide Random Offsets ‣Disclose a password doesn't help attacker ‣Magnitude of passwords is good ‣More elegant ‣Still need all pieces 9
  10. 10. TEQneers GmbH & Co. KG www.teqneers.de Slide Exclusive Or (XOR) ‣Disclose a password doesn't help attacker ‣Magnitude of passwords is good ‣More elegant ‣Still need all pieces 10
  11. 11. TEQneers GmbH & Co. KG www.teqneers.de Slide Shamir's Algorithm ‣Using a bit of math ‣Not too complicated ‣Matches all requirements ‣Doesn't need all sub-keys to decrypt ‣Threshold cryptosystem 11
  12. 12. TEQneers GmbH & Co. KG www.teqneers.de Slide Back to school ‣Draw a graph ‣Transform password into coordinate (e.g. 25,20) ‣Now draw a line through this point ‣How would you do it? 12
  13. 13. TEQneers GmbH & Co. KG www.teqneers.de Slide Some examples ‣Infinite possibilities ‣Correct way: you need 2 points 13
  14. 14. TEQneers GmbH & Co. KG www.teqneers.de Slide Equation of straight line ‣Y = mX + C ‣M is gradient (slope) of line ‣C is intercept of y-axis ‣Our Secret S = C 14
  15. 15. TEQneers GmbH & Co. KG www.teqneers.de Slide More solutions ‣Any two point on the line describe the line and determine the interception of y-axis (our S) 15
  16. 16. TEQneers GmbH & Co. KG www.teqneers.de Slide Simplest solution ‣Any number of point we desire ‣Distribute hundreds of coordinates ‣Individually, each coordinate is useless, because infinite number of solutions ‣Any two points together describe 
 solution ‣Awesome! 16
  17. 17. TEQneers GmbH & Co. KG www.teqneers.de Slide Order-2 ‣From linear to quadratic ‣Straight lines are order-1 polynomials ‣Quadratic equations are order-2 ‣e.g. y = Ax 2 + Bx + C ‣Unlimited solution with only 2 points 17
  18. 18. TEQneers GmbH & Co. KG www.teqneers.de Slide Order-2 example 18 ‣Any number of point we desire ‣Distribute hundreds of coordinates ‣Individually, each coordinate is useless, because infinite number of solutions ‣Any three points together describe 
 solution ‣Awesome! Again!
  19. 19. TEQneers GmbH & Co. KG www.teqneers.de Slide x-order 19
  20. 20. TEQneers GmbH & Co. KG www.teqneers.de Slide Advance feature support ‣Not a broken-plate type problem ‣No need of all passwords ‣Non-complete combination no value to attacker ‣Easy to generate new sub passwords, no need to re-issue others ‣In case of compromised passwords: keep uncompromised coords and generate new curve ‣President: just needs more coordinates than others (e.g. 3) and SoD gets 2, others 1 20
  21. 21. TEQneers GmbH & Co. KG www.teqneers.de Slide Demo https://github.com/teqneers/shamir 21
  22. 22. TEQneers GmbH & Co. KG www.teqneers.de Slide Links ‣https://github.com/teqneers/shamir ‣http://en.wikipedia.org/wiki/Secret_sharing ‣http://en.wikipedia.org/wiki/Shamir %27s_Secret_Sharing ‣http://www.cs.cornell.edu/Courses/ cs513/2000SP/SecretSharing.html ‣http://groups.csail.mit.edu/cis/crypto/classes/ 6.857/papers/secret-shamir.pdf 22

×