What to do when you need crypto

whattodo.md

A look at cryptography in Python

---

Even if you know the basics, making the right choices matters a lot. A minor mistake can destroy the security of your system.

Links

repo: https://github.com/reaperhulk/pycon2015-crypto-tutorial
gist: https://gist.github.com/dmend/9a7269d5c521e72cc221
vm: https://4a95d8c077a100de3278-188294849580e8742c8bb57afd78c06c.ssl.cf2.rackcdn.com/pycon-2015-ubuntu.ova

The tools

• Python 2.7
• OpenSSL dev headers
• libfii dev headers
• Compiler (gcc/clang)
• virtualenv/pip

Outline

The goal today is to take good programmers and give you all some intuition about how to use complex crypto systems to good effect.

• Passwords & Authentication

  • Passwords are terrible, but it is what we have. This chapter we figure out authentication and how to store passwords.

• Data at Rest

• Signing and Verification

• Key Management

  • Encrypting things is easy, key management is hard.

Passwords

• A password is a subtype of an encryption key.
• Encryption keys should be hard to guess
• Passwords are really easy to guess
• We need to make our passwords better keys

Key Derivation Functions

• PBKDF2
  • Perennial
  • Downside is that its too slow
• BCRYPT
• SCRYPT
• HKDF

Definition:

Small piece of entropy (a password) and turn it into "a lot of entropy". YOu can think of this as key strengthening. If you need multiple keys, for instance, you can use the input (a "small" password), turn it into, say, a 4096 bit value, and split it in two if you need multiple keys.

BCRYPT

• Based on blowfish.
• Used as the default password storage for many systems including BSD
• 128-bit salt combined with 192 bit key

All KDFs have a notion of keeping track how often you run them, known as work factor. I guess, generally speaking, set the work factor as high as you can without disrupting your system due to the imposed latency.

SCRYPT

Considered the best.

Designed to be resistant to large-scale, customer hardware attacks. Raises resource demands of algorithm to make it more expensive to implement in hardware.

PBKDF2

If you have to use an algorithm that has been standardized. Uses a pseudorandom function and a salt value and repeats a hash process for tunable number of iterations. It requires a lot of "iterations" to achieve a good level of security.

HKDF

• This comes up when you google "key derivation functions", but it not suitable for passwords!
• HMAC Based 'extract and expand'. Probably outdated at this point.

Randomness

• Generating keys
  • Ensure that you are using a cryptographyically secure random number generator that has been correctly seeded to generate random data.
• Virtual Machines
  • It is vanishingly unlikely that using a virtual machine will cause randomness exhaustion

Dammit, babies, use /dev/urandom

import os

randomness = os.urandom(16)

Data at Rest

Some people jump to AES....

We're going to talk about Hasing, Symetric Encryption, and Asymmetric Encryption

The easiest way to deal with sensitive data is to not have it.

To hash or not to hash

• Hashes are one way!
  • Hashes are only useful for recognizing a known value (e.g. file integrity) as they cannot be reversed. Data that is hashed cannot be reconstituted from the hash itself.
• Uses
  • Most common use is authenticating

Symmetric Encryption

There is a single key for encryption and decryption. Disclosure of the key renders the encrypted data viewable.

• Uses
  • It is very fast.
  • Protecting snsitive data that must be retrieved, but isn't exposed to outside system.

from cryptography.fernet import Fernet

key = Fernet.generate_key()
f = Fernet(key)
token = f.encrypt(b"my deep dark secret")
f.decrypt(token)