RobertBoedigheimer@boedie

Cryptography101

• Webdevelopersince1995• PluralsightAuthor• 3rd DegreeBlackBelt,TaeKwonDo• MicrosoftMVP• ProgressDeveloperExpert- Fiddler

• boedie@outlook.com• @boedie• weblogs.asp.net/boedie

AboutMe

• Cryptographyisthescienceofkeepingmessagessecure• WhyCryptography?▫ Confidentiality – protectdatafrombeingread▫ Integrity– verifythatdatawasnotmodified▫ Authentication– identifyandvalidateauser▫ Non-repudiation– sendercannotdenylaterthathesentamessage

• System.Security.Cryptography

Background

• Whatisyourgoal?(Confidentiality,etc.)• Howmuchisdataworth?• Howlongdoesitneedtobesecured?• Whataretheprimarythreats?▫ Intransit▫ Accessconfigurationfiles▫ Dumpofmemory▫ Modifypages▫ Reverseengineerassemblies▫ …• Companysecuritypolicies?• Regulatorycompliance?• Layereddefenses,howmanyareenough?

• Don’twriteown!!

Considerations

• …Cng▫ WrapperaroundCryptographyNextGeneration(CNG)

� Activedevelopment,newerOSrequired• …CryptoServiceProvider▫ WrapperaroundWindowsCryptographyAPI(CAPI)

� NolongerdevelopingbutavailableonolderOS• …Managed▫ Writtenentirelyinmanagedcode▫ Need.NETframework▫ NotFIPScompliant

• https://tinyurl.com/o2zgbjk

.NETClassSuffixes

HashFunctions• One-wayfunction– easytocomputebutsignificantlyhardertoreverse• Hashfunction– convertsavariablelengthinputtoafixedlength▫ Createsa“datafingerprint”(digest)▫ Oktosee,don’tletitbetamperedwith▫ Becarefulwhenlimitedvaluerange!

• AbstractbaseHashAlgorithm▫ MD5(128bithash)▫ SHA(SecureHashAlgorithm)

� SHA-1(160bithash)� SHA-2

� SHA256� SHA384� SHA512

▫ KeyedHashAlgorithm� HMACSHA1(upto512)� MACTripleDES

(subsetofderivedclassesshown)

HashAlgorithms

• Goalistoprotectintegrity ofquerystring• UseaHash-basedMessageAuthenticationCode(HMAC)▫ Computethehashofaquerystring whenconstructed▫ Validatequerystring wasnotmodifiedbycomputinghashwithquerystringandcomparingtooriginalhash▫ Usesakeytoensurethatattackercouldnotcreateownvalidhash

TamperproofQuerystrings

• Consideredbestpracticeforpasswordssincetheycannotberetrieved• Usedforauthentication

• Commonattackagainsthashedpasswordsis“dictionaryattack”▫ Pre-computethehashvaluesofanentiredictionary,comparehashedvaluestohashedpasswordtolookformatches

HashedPasswords

• Addsomeuniquerandomdatatoeachpassword• Greatlyincreasesworkrequiredtomountadictionaryattackagainstallpasswords,needtopre-computedictionaryhashvaluesforallsaltvalues

• NOTE:Thisdoesnothingtoincreasesecurityforanindividualpasswordifsaltiseasilyfound!(Add“randomdata”todothis…)

SaltedPasswords

• Computepowerconstantlyincreasing,sobruteforceattacksagainsthashfunctionsarepossible• Adda“workfactor”tothecalculationbasedonanumberofiterations▫ Setiterationstogetacceptabletimeforlogin

• Rfc2898DeriveBytes

PBKDF2(Password-BasedKeyDerivationFunction2)

• Plaintext– originaldata• Encryption– processofobscuringdata• Ciphertext – encrypteddata• Decryption– processtorecoveroriginaldata

• Cipher– algorithmforperformingencryptionanddecryption

Terminology

SymmetricAlgorithms• Encryptionanddecryptionusethesame(secret)key• Primaryattackis“bruteforce”keysearch,tryallpossiblekeys• Keydistributionisdifficult

• AbstractclassSymmetricAlgorithm▫ Rijndael (AES)▫ DES▫ TripleDES

• .NETsymmetricalgorithmsare“blockciphers”• Padding– dataaddedtofilltoblocksize▫ Zeros▫ PKC27▫ ISO10126

• Mode▫ ECB▫ CBC (recommend)

• IV(InitializationVector)▫ Randomdatausedtoseedfirstblock▫ Doesnotneedtobesecret▫ Neverreuse,alwaysuniqueforeachsetofdata!

SymmetricAlgorithms(cont.)

• Utilizestwocomplimentarykeys(publickeyandprivatekey)• Generally1,000timesslowerthansymmetricalgorithms• Oftenuseasymmetrictoencrypta“session”symmetrickey

• AbstractclassAsymmetricAlgorithm▫ RSA▫ DSA(digitalsignaturesonly)▫ ECDiffieHellman

AsymmetricAlgorithms

• GenerateanRSAkeypair▫ Storeonlythepublickeyonwebservers▫ Storetheprivatekeyonaninternalsecuredsystemthatneedsthedata• Meantforsmallamountsofdata

WebsiteEncryptingSafely

• Providesintegrityandnon-repudiation• Hashthecontentsofamessage,signit(encrypt)withsendersprivatekey

• Bydefault,doesnotprovideconfidentiality,canencryptwithreceiverspublickeybeforesigning

DigitalSignatures

• Certificate(reliesonasymmetricencryption)▫ Server’spublic keyisdigitallysignedbyaCertificateAuthority(CA)• Browserknows“well-known”CA’sandwilltrustcertificatessignedbythem

• TLShandshake▫ Browsergetsservercertificate▫ Browserchoosessymmetrickeytoencrypttraffic,encryptswithserver’spublickey

HTTPS

• Keysizes▫ Tradeoffperformanceandsecurity▫ SymmetricAESuse256bits▫ AsymmetricRSAuse2048or4096• Keystorage▫ Hardcodedstringsarevisibleifuseadisassembler(likeILDASM)▫ Encrypted<appSetting>sectionofweb.config▫ Splitkeyincode,registry,andconfig files

KeySizesandStorage

• Don’twriteown!

• Usetrustedalgorithmsandimplementations▫ https://tinyurl.com/o2zgbjk• Usehashingtovalidatetheintegrityofdataortoprovebothknowthesamesecret• Usesymmetricalgorithmsunlesshavespecialneedsforasymmetric(digitalsignatures,keyexchange,etc)• Knowthreats,choosethepropercountermeasures

Summary

• Pluralsight– IntroductiontoCryptography▫ https://tinyurl.com/kkn3coq

• AppliedCryptography- BruceSchneier• CryptographyEngineering– Ferguson,Schneier,Kohno• UnderstandingCryptography– Paar,Pelzl

• TheCodeBook– SimonSingh• TheCode-Breakers– Kahn

Resources

• boedie@outlook.com• @boedie• weblogs.asp.net/boedie

• Codeandslides- https://tinyurl.com/ybygpvdz

Questions