PV181 Laboratory of security
and applied cryptography
Symmetric cryptography
Marek Sýs, Zdeněk Říha
| PV1811
Before we start
• Log into your account within IS
• Find and download provided materials
• Look where is the openssl folder
– Start -> openssl -> version -a
2 | PV181
OpenSSL basics
Manual pages: www.openssl.org/docs/manmaster/
Basic usage: OpenSSL commands params
Help: non-recognized command ( e.g. –help)
Basic commands:
1. dgst – hashing, MAC
2. enc – encryption
3 | PV181
How to check implementation of crypto
primitive?
• Test vectors
– standards define outputs for selected inputs
• MD5 defined in RFC1321:
– MD5 ("") = d41d8cd98f00b204e9800998ecf8427e
– MD5 ("message digest") = f96b697d7cb7938d525…
• AES defined in FIPS 197
– Plaintext: 00112233445566778899aabbccddeeff
– Key: 000102030405060708090a0b0c0d0e0f
– Ciphertext 69c4e0d86a7b0430d8cdb78070b4c55a
4 | PV181
How to check hash of data?
• Hashed, encrypted, … data are typically binary
– not human readable
• Human readable formats
• Hex – byte encoded by 2 chars from charset 0-9, A-F
• Base64 – each 6 bits encoded by 1 char
– charset is A-Z, a-z, 0-9, +, /
– as padding = is used
• 0,1 or 2 times (no padding, “=“ or “==“)
5 | PV181
Hash function - properties
• Cryptographic hash function
• Input of arbitrary size
• Output of fixed size: n bits (e.g. 256 bits).
• Function is not injective (there are “collisions”)
– should be hard to find them
• Hash is a compact representative of input (also
called imprint, (digital) fingerprint or message
digest).
• Hash functions often used to protect integrity. First the
has is computed and then only the hash is protected
(e.g. digitally signed).
| PV1816
Hash functions - examples
• MD5
– Input: „Autentizace“.
– Output: 2445b187f4224583037888511d5411c7 .
– Output 128 bits, written in hexadecimal notation.
– Input: „Cutentizace“.
– Output: cd99abbba3306584e90270bf015b36a7.
– A single bit changed in input → big change in output,
so called “Avalanche effect”
• SHA-1
– Input: „Autentizace“.
– Output: 647315cd2a6c953cf5c29d36e0ad14e395ed1776
• SHA-256
– Input: „Autentizace“.
– Output: a2eb4bc98a5f71a4db02ed4aed7f12c4ead1e7c98323fda8ecbb69282e4df584
| PV1817
Secure Hash Algorithm (SHA)
• SHA-1
– NIST standard, collision found in 2016, 160 bits hash
• SHA-2
– function family: SHA-256, SHA-384, SHA-512, SHA-224
– defined in FIPS 180-2
– Recommended
• SHA-3
– New standard 2015
– Keccak sponge function family: SHAKE-128, SHA3-224, …
– defined in FIPS 202, used in FIPS-202, SP 800-185
– Recommended
8 | PV181
Block cipher
• Input divided into blocks of fixed size (e.g 256 bits)
– Padding - message is padded to complete last block
• Different modes of operation:
– Insecure basic ECB mode – leaks info
– Secure modes: CBC, OFB,CFB,CTR,…
• CBC, OFB,CFB need initialization
– Initialization vector (IV) – must be known
9 | PV181
Source: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Random number generators
• Used to generate: keys, IV, …
1. Truly RNG - physical process
– aperiodic, slow
2. Pseudo RNG (PRNG) – software function
– deterministic, periodic, fast
– initialized by seed – fully determines random data
• Combination often used:
– truly RNG used to generate seed for PRNG
– dev/urandom, dev/random in Linux, Fortuna scheme
10 | PV181
Block ciphers - padding
Standard method
ANSI X.923
ISO 10126
PKCS7
ISO/IEC 7816-4
Zero padding
... | DD DD DD DD DD DD DD DD | DD DD DD DD 81 A6 23 04 |
... | DD DD DD DD DD DD DD DD | DD DD DD DD 04 04 04 04 |
... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 04 |
... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 00 |
... | DD DD DD DD DD DD DD DD | DD DD DD DD 80 00 00 00 |
| PV18111
Block ciphers: ECB vs CBC mode
12 | PV181
Source: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Password protection
password hashing & salting
1. Clear password could be stolen:
– store hash of password
hash = H(password)
– Checking: password is correct if hash matches
2. Attack (brute force or dictionary)
– trying possible passwords “aaa”, “aab”…“zzz” – N tests
– N test for single but also for 2,3,… passwords !!!
3. Salt - random string (salt) added to password
hash = H(salt | password)
– protects many passwords not one (salt also stored)
13 | PV181
Password protection
password hashing & salting
14 | PV181
Source: http://blog.conviso.com.br/worst-and-best-practices-for-secure-password-storage/
Key protection
•
15 | PV181
PBKDF2
16 | PV181
Salt &
# iterations
KEY
PBKDF2
keyPassword /
Passphrase <cipher>
encrypted
KEY
Message authentication code (MAC)
17 | PV181
•
Source: https://www.tutorialspoint.com/cryptography/message_authentication.htm
Links
• SHA1 collision:
– https://shattered.io
• Salting password:
– https://crackstation.net/hashing-security.htm
• OpenSSL
– Manual: https://www.openssl.org/docs/man1.0.2/
– https://wiki.openssl.org/index.php/Command_Line_Utilities
– https://www.madboa.com/geek/openssl/
18 | PV181