Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Cryptography in 20 Fast Minutes
Transcript of Cryptography in 20 Fast Minutes
Overview of Concerns
Help with design & build of applications
Help in thinking about NSA-Snowden document leaks
Is the file received the same as the file sent?
More than completeness --
Hashes handle this (aka digests).
This is often the most complex part of crypto! I'm only touching on it.
Did the data originate from the person who claims to have sent it?
Passwords - but there are issues
Public / private keys
This is the code part!
Will you to access the original, secret data again?
Almost always, yes.
But! with passwords, users re-enter them every time, so you can store them in a different, "one-way' format.
Fundamentally, they are one-way:
password123 => ef92b778bafe771...
ef92b778bafe771... does not necessarily bring you back to password123
Passwords and keys
Trade secrets and IP
Regulated data: credit cards, HIPAA
Personal Information: yours, or what your company knows about users
Effectively cryptography helps with
This file's contents are secret.
Bob actually sent this file.
This file has not been modified since Bob sent it.
Not using a salt with hash algorithms
Keys not kept secret
Using a weak / broken algorithm (MD5, RC4, DES, Blowfish)
Not using a block chaining mode (CBC/CTR/etc) with AES/3DES
Confidentiality of two-way data
AES-128, AES-256 or 3DES
Require a chaining mode like CBC, CTR, OFB, etc; actual algo: AES-256-CTR
"asymmetric ciphers" - less prevalent
RSA, DSA, Diffie-Hellman, Elliptic Curve
Serious questions about NSA role in Elliptic Curve crypto
SHA-1, SHA-256 and SHA-512
Use them for
Confidentiality of one-way data (passwords)
Using many rounds (SHA-*) or high cost factor (bcrypt)
Salting data before hashing
MD5 is broken (as is CRC- anything)
STORE THE KEY SOMEWHERE SAFE
Lookup Bruce Schneier. Trust him. Read schneier.com and maybe buy Applied Cryptography.
Wikipedia is surprisingly accurate... and includes lots of recent breaks.
Stay up to date with dependencies, like Rails, Java or PHP
http://ted.pennin.gs / @thesleepyvegan