crypto-basics-talk/index.html

<!DOCTYPE html>
<html>
  <head>
    <title>Crypto basics</title>
    <meta charset="utf-8">
    <style>
      @import url(https://fonts.googleapis.com/css?family=Droid+Serif);
      @import url(https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz);
      @import url(https://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700,400italic);

      body {
        font-family: 'Droid Serif';
      }
      h1, h2, h3 {
        font-family: 'Yanone Kaffeesatz';
        font-weight: 400;
        margin-bottom: 0;
      }
      .remark-slide-content h1 { font-size: 3em; }
      .remark-slide-content h2 { font-size: 2em; }
      .remark-slide-content h3 { font-size: 1.6em; }
      .footnote {
        position: absolute;
        bottom: 3em;
        font-size: 0.7em;
      }
      li p { line-height: 1.25em; }
      .red { color: #fa0000; }
      .large { font-size: 2em; }
      a, a > code {
        color: rgb(249, 38, 114);
        text-decoration: none;
      }
      code {
        background: #e7e8e2;
        border-radius: 5px;
      }
      .remark-code, .remark-inline-code { font-family: 'Ubuntu Mono'; }
      .remark-code-line-highlighted     { background-color: #373832; }
      .pull-left {
        float: left;
        width: 47%;
      }
      .pull-right {
        float: right;
        width: 47%;
      }
      .pull-right ~ p {
        clear: both;
      }
      #slideshow .slide .content code {
        font-size: 0.8em;
      }
      #slideshow .slide .content pre code {
        font-size: 0.9em;
        padding: 15px;
      }
      .inverse {
        background: #272822;
        color: #777872;
        text-shadow: 0 0 20px #333;
      }
      .inverse h1, .inverse h2 {
        color: #f3f3f3;
        line-height: 0.8em;
      }

      /* Slide-specific styling */
      #slide-inverse .footnote {
        bottom: 12px;
        left: 20px;
      }
      #slide-how .slides {
        font-size: 0.9em;
        position: absolute;
        top:  151px;
        right: 140px;
      }
      #slide-how .slides h3 {
        margin-top: 0.2em;
      }
      #slide-how .slides .first, #slide-how .slides .second {
        padding: 1px 20px;
        height: 90px;
        width: 120px;
        -moz-box-shadow: 0 0 10px #777;
        -webkit-box-shadow: 0 0 10px #777;
        box-shadow: 0 0 10px #777;
      }
      #slide-how .slides .first {
        background: #fff;
        position: absolute;
        top: 20%;
        left: 20%;
        z-index: 1;
      }
      #slide-how .slides .second {
        position: relative;
        background: #fff;
        z-index: 0;
      }

      /* Two-column layout */
      .left-column {
        color: #777;
        width: 20%;
        height: 92%;
        float: left;
      }
        .left-column h2:last-of-type, .left-column h3:last-child {
          color: #000;
        }
      .right-column {
        width: 75%;
        float: right;
        padding-top: 1em;
      }
    </style>
  </head>
  <body>
    <textarea id="source">

name: inverse
layout: true
class: center, middle, inverse
---
# Crypto basics
Ward Wouts<br>
---
# Agenda

1. Introduction
1. Keys
1. Randomness
1. Ciphers
1. Modes

---
# Introduction
---
layout: false
.left-column[
## Introduction
]
.right-column[
This talk is intended to give you some idea about the things to think about when dealing with cryptography. There are many mistakes that can be made. We'll discuss some of the more common ones.

We'll stay out of much of the theory behind cryptography.

This talk will definitely not make you an expert.

Hopefully at the end you will be able to avoid the biggest pitfalls, though.
]
---
template: inverse
# Keys
---
layout: false
.left-column[
## Keys
]
.right-column[
In cryptograhpy we see two different styles of using keys: symmetric and private/public keys.

We'll keep things simple for now and only deal with symmetric keys.

A key is used to encrypt & decrypt data.

The used key should be secret. This implies unpredictable!
]
---
layout: false
.left-column[
## What do keys look like?
]
.right-column[
The most used ciphers are `DES` and `AES`.

- Keys for DES are 7 or 8 bytes long. (56 bits + 8 bits parity)
- Keys for AES are 16, 24, or 32 bytes (128, 192, or 256 bits)

A keys typically looks like random bits, and *should be* random bits.

Both sides should get a hold of the key somehow:
- derive from password
- transmit with message
- fetch from escrow

.footnote[See: https://en.wikipedia.org/wiki/Data_Encryption_Standard <br>
And: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard]
]
---
.left-column[
## Keys and randomness
]
.right-column[
As stated keys should be both random and unpredictable. This is not the same thing! A stream of bits can be random (50% chance of either a 0 or a 1) and be *entirely predictable*.

```python
#!/usr/bin/env python3

import random as r

# force same starting point in deterministic bitstream
r.seed(5)

key = [ r.getrandbits(8) for i in range(16) ]
print(key)
```
]
---
.left-column[
## Keys and randomness
]
.right-column[
Contrast this with the builtin secrets random number generator for cryptographic usage:

```python
#!/usr/bin/env python3

import secrets as r

key = [ r.randbits(8) for i in range(16) ]
print(key)
```
]
---
.left-column[
## Keys and randomness
]
.right-column[
Keys often come from non-random, predictable sources, such as:
- time()
- rand()
- GetTickCount()

Use only secure-random functions, such as:
- CryptGenRandom (Win32)
- getrandom(2) (Linux)
]
---
.left-column[
## Pitfalls to watch for
]
.right-column[
- hardcoded keys
- insecure key generation
- insecure key exchange
]
---
template: inverse
# Randomness
---
.left-column[
## Randomness
]
.right-column[
BLAAH
]
---
.left-column[
## Ciphers
]
.right-column[
A cipher is the thing that does the actual encryption in cryptography.
There are two categories of ciphers:
- block ciphers
- stream ciphers

If data is encrypted in 1 byte chunks: it's a stream cipher (RC4 is a wellknown one). Bigger chunks: it's a block cipher.

8 byte blocks? 7, or 8 byte key &#8594; likely DES.

16 byte blocks? 16, 24, 32 byte keys? &#8594; likely AES.

Block ciphers are by far the most used.
]
---
template: inverse
# Ciphers
---
.left-column[
## Ciphers
]
.right-column[
ASFDFADSFAS
]
---
template: inverse
# Modes
---
.left-column[
## Modes
]
.right-column[
So, what *is* a mode?

Block ciphers encrypt a fixed number of bytes. So what if the data to be encrypted is bigger that that number of bytes? And what it it's smaller?

A *mode* is a way of chaining multiple blocks of encryption together.
]
---
.left-column[
## ECB
]
.right-column[
The simplest way of encrypting multiple blocks is:

<img src="ECB.png" width="100%">

This is called `ECB` (Electronic Code Book).
]
---
.left-column[
## ECB
]
.right-column[
Don't use ECB:
<table>
<tr>
<td><img src="Tux.jpg" width="100%"></td>
<td><img src="Tux_ecb.jpg" width="100%"></td>
<td><img src="Tux_secure.jpg" width="100%"></td>
<tr>
<td>Original</td>
<td>ECB</td>
<td>Other mode</td>
</tr>
</table>

.footnote[Pictures from https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#ECB]
]
---
.left-column[
## CBC
]
.right-column[
An improvement is to use the last cipherblock as input for encrypting the next block:

<img src="CBC.png" width="100%">

This is called `CBC` (Cipher Block Chaining).
]
---
template: inverse
# Final notes
---
.left-column[
## Credits
]
.right-column[
I've reused a lot of Ron Bowes excellent material for Kringlecon 2019: https://docs.google.com/presentation/d/1uEf6jSATaZDkvdLNIEeq1B4cpnkLko_22A1hMb8xRJE/edit#slide=id.p1 <br>
Check his talk here: https://youtu.be/obJdpKDpFBA
]
---
.left-column[
## Reading material
]
.right-column[
- "Serious Cryptography: A Practical Introduction to Modern Encryption"
by Jean-Philippe Aumasson, published by No Starch Press is an excellent book (https://nostarch.com/seriouscrypto)
]


    </textarea>
    <script src="https://remarkjs.com/downloads/remark-latest.min.js">
    </script>
    <script>
      var slideshow = remark.create();
    </script>
  </body>
</html>