Crypto 101 – The basics of Cryptography – NSA

View Github Repository Open presentation in a new window

cyberhck

See all presentation from cyberhck

Crypto 101 – The basics of Cryptography – NSA

0 0

crypto

On Github cyberhck / crypto

Crypto 101

The basics of Cryptography

Nishchal Gautam / @cyb3rhck

What is privacy?

And why should we care?

Explain using an example of a guy watching you all the time

NSA

National Security Agency

PRISM?

Planning Tool for Resource Integration, Synchronization, and Management

Very powerful surveillance program from NSA.

So, What is Crypto?

Study of techniques for secure communication!

Something used to convert a message to nonsense!

Example!

The simplest Example would be: Ceaser Cipher!

The Ceaser Cipher!

converts: I LOVE YOU to

C FIPY SIO

When the Key is: 20

Okay, How does it work?

Each letter is shifted by the key!

Explain this. Suppose the key is One. And the message is ABCD Then after performing Ceaser Cipher, the message becomes BCDE. To Get it back

To Get it Back

Just shift in opposite direction!

Explain What's happening here. You are using a same key to convert the message to nonsense, and the same key to get it back. Unless you have the key, You cannot decrypt

Cons!

One can sit all day and try all 26 combinations!

Tell, this technique is called brute-forcing. Trying all combinations until you get to the result. All crypto can be decrypted using brute force. The only problem is: Is it feasible/possible to brute force!

Types of Encryption

  • Symmetric
  • Assymetric
  • Hybrid
The audience now knows about the keys used in encryption. Now, they can calssify according to the types

Symmetric

Use same key for encryption and Decryption Example: Ceaser Cipher!

Exchanging keys securely

Demonstration of symmetric key encryption.

g = 5, p = 23, a=6 (secret) A=ga mod p A=56mod 23=8 send it to bob, bob choses b=15 (secret) B=gbmod p B=515mod 23=19 send it to alice now bob computes s=Abmod p s = 815mod 23=2 and alice computes s=Bamod p s = 196mod 23=2

Assymetric

It uses two different keys for encryption and decryption.

Which leads to:

Public Key Cryptography

Public Key Cryptography

Two Keys (A pair)

  • Public Key
  • Private Key
...

Public Key Cryptography

  • People Encrypt With Your Public Key!
  • You Decrypt that with your Private Key!

PGP

Pretty Good Privacy

PGP

is an Hybrid CryptoSystem.

...

So, GPG?

Is an free implementation of OpenPGP standard!

Demo Time!

Generating keys, (gpg --gen-keys)

Exporting keys to public key server (gpg --keyserver pgp.mit.edu --send-key [id])

Importing keys of your friends from public key server (gpg --search-keys --keyserver pgp.mit.edu "[email]") (gpg --recv-keys --keyserver pgp.mit.edu [key_id])

Encrypting a message and sending (gpg --encrypt-files)

Decrypting a received files (gpg --decrypt-files)

Signing a message

Using enigmail with thunderbird

Do's and Dont's on cryptography

  • Never ever try to use your own algorithm on production
  • Use only tested and verified encryption libraries.
  • Do not encrypt passwords, always hash 'em
  • Do not use depriciated hashing algorithm or any algorithm which is no longer accepted as a good practice such as MD5 or SHA1

Do's and Dont's on cryptography contd.

Do not store decryption key in a plain text format. Encryption should always happen at users' end. Always use latest version of library while developing any application. Do not enter credit card details or other sensitive information on any application which do not run on https

Thank You!