 All right. Well, hello DevCon. It's nice to be back. First of all, thank you very much for showing up and welcome to Crypto for Hackers, a cool little talk I put together. It's in our moments of greatest weakness that we define ourselves as individuals. This is something that I said years ago to a colleague of mine at American Express when I was in charge of their security internet and internet portfolio. The executive VP team had decided not to strengthen our password policy because it would have increased our help desk costs too much. The sad thing is it was cheaper just to pay out in lawsuits and insurance premiums when our customer data was hacked. Now this is one of many real world scenarios that we face in our modern internet. This is the world we live in and this is exactly the way of thinking that has caused so many problems in our infosec community. But times are changing and there are those of us who think differently. There are those of us who are at war with this establishment. Governments and corporations continue to support legislation that revokes our personal rights. Our every action is monitored and our every intention is scrutinized. As each year passes, we lose more of what it means to be free. The ability to share information is one of our most basic and fundamental rights. Without this, there is no privacy, there is no freedom of expression, and no ability to hold rogue agencies accountable for their unlawful activities. As long as governments and corporations can eavesdrop on our communications, we live in a constant state of fear. But we have the power to change the future. We are hackers, we are programmers, we are members of the infosec community and we are strong and we are smart. We are far smarter than they are. And this is what makes them afraid and this is what scares them. Ladies and gentlemen, I'd like to introduce you to a very dear friend of mine. He's a business partner as well. He's a visionary in the field of information security and privacy. Truly a man who needs no introduction, my good friend, the one and only Mr. John McAfee. Now there's a rumor going around the goons that John and I might be up on stage doing a shot together with some goons. So I don't know, goons, is that just a rumor? Proctor? Sorry, I think I threw off his timing. Okay, I threw off Proctor's timing. Sorry about that. So it's not a rumor. All right, so welcome Proctor, an awesome goon who has some alcohol for us. Proctor, Proctor. By the way, I'm really John Smith. I have no relations with the McAfee that just got out of jail the other day, so. No, no. Sir, are you a new speaker at Defcon? I'm afraid I am. And what do new speakers do? Drink. That was a lie, actually. Keynote it last year. Oh, God. He insisted on doing water. Oh, here, I'll switch it. I gotta speak, I think. I'm pretty sure I gotta speak. All right. To Defcon. To Defcon. Doing a selfie. Is that what's happening? Okay. Thank you. I am very proud, by the way, today to be standing on stage with Eja. I noticed Eja at Hack Miami. He seemed to have no life whatsoever. It's true. Which is absolutely true. Absolutely. Which is indicative of a man who is dedicated to the work that he is doing. And I have never seen a more dedicated programmer than the man standing next to me. What he's going to talk to you about today is something radically new. Social encryption, which to me is the closest thing to electronic magic that I've ever seen. You always talk about that, right? Absolutely, sir. I'm on the right stage. Yes. We'll talk about, last 15 minutes, we'll talk about social crypto. All right. Good. And trying to get in touch with this man is the most typical thing in the world. He never answers the phone. But if you call him at 3.15 in the morning, at 3.17, I always get an answer. So he works constantly. A brilliant programmer, and I'm very proud to be working with him. Thank you. I think the Daemon Saw project, which is under the umbrella of Future Tents now, as one of our partners, is one of my favorite projects. And I think that it's going to change the way that we communicate, the way that we look at data, and it's going to give us a degree of privacy, which I personally need. And I think all of you do as well. So without further ado, I'm going to give this back to the man of the hour. And thank you very much for inviting me on stage with us. Oh, you're welcome. Thank you, sir. These mics are not hug-friendly, just FYI. John, thank you very much. That was a very kind introduction. And I may have screwed this up. So if I screwed this up, goons, come get me. So what I want to do before I start about Crypto for Hackers, because I think this is a really exciting one-on-one talk. And thank you very much for packing the room. I love being here at DEF CON. I love speaking. I love interacting with you guys. And by the way, if anyone wants a beer, once this talks over, my schedule totally frees up and my stress level drops like 4,000%. So I would love to have a beer with you and just chat about security or Daemon Saw or anything. Chat about why blue is a better color than red. It doesn't matter, but we can talk. One thing I want to point out is John and I had a crazy, a pretty fucking crazy idea a few weeks ago. And we thought, let's throw the biggest awesome party at DEF CON that has ever happened. Can we do it in just a couple of days? So in a couple of days, we pull together this party. If you go to daemonsaw.com or defconparties.com, there's an event bright link. We can have up to 5,000 people before hustlers strip club is in violation of fire code. So I think we can make it. In fact, I think we're at least 1,500, almost 2,000 now. So go there, sign up. It's a free party tonight at 10 p.m. And there's free buses, free limo service from valleys. All the information is on DEF CON parties. All the information is on daemon saw. We would love for you guys to show up. Well, thank you. Thank you. So there's going to be some free beer. You have to take the bus and the limo, some sort of contractual agreement hustlers have. I don't understand it. But there's a number that we'll tweet out for free limo pickup. So that's not bad either. But show up, party with us. We rented out the entire rooftop floor. And we'll have free booze. And then once all the free booze runs out, about 20 minutes probably knowing this crowd. It will be $5 beers and $5 shots for the whole night. Not $12 strip club prices. We negotiated that just for you guys. So join us. We'll be there. And it will be awesome. All right. Enough about that. Also, if you want to get a picture with John or a picture with me, the place to do that is at that party. There's a lot of people here. It's overly congested because of some safety issues. So if you want a picture, we ask that you please don't come up to John after this. But at the party, we're going to be there. And we'll be there as long as you guys are there. If you're there till 4 a.m., we'll be there. So if you want a picture with John or with me, we'll totally do it at the party. So just keep that in mind. So who am I? My name is Eja. Is that my real name? It's my real name here. So I'm a founder of Demon's Saw. I'm the founder of Demon's Saw. Which is a new type of secure and anonymous information sharing platform. Version 1.0 was launched last year at DEF CON. Version 2.0 I launched late last night. It is a brand new type of information sharing platform that allows you to share your files securely and allows you to share your communications securely. Chat securely, share securely. There's no infrastructure. There's no peer to peer. It's unlike anything you've ever seen before. It's a little bit of tour, a little bit of bit torrent. It's a little bit of drop box thrown in. It really looks like a cookie recipe gone crazy. But it works and it's secure and there's no infrastructure. I don't log, I don't track, there's no ads, I don't make any money. I've never made a dime off of Demon's Saw. I do it. I work 100 hour weeks. Part of that is Demon's Saw just to make something that we can protect our privacy. So I get nothing out of it except knowing that we're secure. I'm also a senior programmer at Rockstar Games. So yes, I have just outed myself right here at DEF CON 23. I'm a senior programmer and I worked on Grand Theft Auto 5 and I worked on Max Payne 3. I lived in Europe for almost a year finishing up GTA 5 on PS3 and 360. John was very kind in his words. I've been a programmer for a long time. I'm passionate about code and I'm passionate about hacking. And I'm also a part-time hacker in my free time. My lawyer told me that I should preface the next phrase with I may or may not have been involved with the original Blu-ray hack where the device keys were released to the world. So I may or may not have been Atari Vampire who released the first set of device keys for Blu-ray and HD DVD a few years back. So now my lawyer will be happy. So I've obviously have somebody who's obsessed with security. I'm somebody who's obsessed with privacy. Now, last year at DEF CON, I spoke about the modern internet and I spoke about how we've given up our control and our privacy was at risk in exchange for convenience. This year, rather than focus on the sad dark times we've seen ourselves thrown into in the last ten years, I'd like to talk about the future and what we can do to regain control and change our future. Because everything in this talk is about empowerment of the individual and making us stronger. I have a shirt on and you'll see what it says in a few minutes. And I'll be giving a bunch of these away today. But as the weeks went on last year, I started thinking more about the role of crypto that it plays in secure communications. And I thought about how traditional security was based around the infrastructure. So if you really think about the traditional security model that we've had for 30, 40 plus years, it's based around authorities and trust. It's based around these trusted nodes, column key stores or authoritative sources or certificate authorities or identity providers or whatever you want to call them, all that they can be called. But it's these pieces of hardware and software that we trust for some reason. And when we want to authenticate or authorize, we access these individual centralized nodes that then verify our identity. Well this model of trust is not ideal and not scalable for social networks and for individual sharing. It just doesn't work. PKI and strong crypto is just too difficult. Exchanging billions of keys to securely communicate in a large group is too much work. And even key stores don't solve this problem. It's painful to be secure in our modern age. Crypto is hard. It shouldn't be that way. So becoming powerful again and empowering the individual really starts with making crypto easy. Now I want to talk just for a second about what our world would look like without secrets. Imagine a world where we didn't have privacy. What would that look like? Well remember at our core each one of us are individuals. And we wrap this individual core in layers of social networks. But when it comes down to it, we're still individual people and we still have dark secrets that we want to protect. So a world without secrets would be an extremely dangerous place. It would be fragile where everything is known about everybody. Even the most wandering thoughts of disobedience would be dealt with in the most serious of ways. In such a world there would be no freedom, no joy, no anticipation of learning new things. There would be nothing to live for. It would be dismal and bleak. Society would crumble and our existence would be meaningless. Now it's pretty dark statements, right? But if you really think about secrecy and you really think about privacy, we cannot survive without privacy. So crypto is our strongest weapon. It was considered a military weapon in the U.S. until 1992. Oh by the way, this is Picard. This is the worst face palm in the world. It's called a peek-a-boo face palm. I'm sure you realized it. It's where it's so bad you face palm and then you peek a boo to make sure it's just that bad. So it's really bad face palm. So crypto can be used as both an offensive and a defensive weapon. We can focus our attacks and we can protect our assets. A poor crypto implementation as in the case of the AACS hacks a few years back can totally ruin a specification or protocol or company or even an app. There's been a lot of news lately in the U.K. and the U.S. about very, very foolish individuals like David Cameron, the prime minister of the U.K. Anybody know David Cameron? Okay, all right, yeah. All right. Fool. Foolish man. There's also another guy who doesn't get it, James Comey, FBI director. Anybody know James? Once again, a guy who just doesn't understand it. Both of these gentlemen have advocated either for decreasing the amount of encryption or providing backdoor access to the Feds. Now, to be honest, the Feds never make a mistake. I'm being facetious right now by the way. The Feds never make a mistake with respect to crypto, right? It's not like they just 21 million records have just been leaked in an OPM hack recently, right? That would never happen. So we can't trust the Feds to protect our stuff either. The trick is becoming more powerful. We have to be empowered. We have to take control and we have to be authoritative. Throughout the course of human history, technology has always been the deciding factor between survival and extinction. This is still true today. Governments and corporations have one fatal weakness. They are not us. They are not programmers. They are not hackers. They do not adapt well and quickly to change. We do. And so technology is on our side, favoring those who embrace it most. Today we have the capacity and the ability to be greater than governments and corporations. And this is what makes them afraid. This is what scares the shit out of our government and the UK government and corporations. Because they no longer are the powerful ones. So the will of the people will win in the end through hackers and programmers and people like us. I was thinking about a battle cry for our hacker generation. So I call this group here the hacker generation. I'm not sure. I don't know if I coined that. I just view us as the hacker generation. Maybe generation X, maybe millennials, maybe baby boomers. It doesn't matter. We are the hacker generation. And we need a mantra and we need a battle cry to let the feds and let the corporations know how we feel and know what we're doing. And so I came up with that and I printed it on the back of 150 demon saw shirts that I'm giving out at the party tonight and throughout the rest of the con. Here it is. I'd like to know if you like it. My shit, my way, fuck off NSA. What do you think? Yeah? That's it. This is the battle cry of our hacker generation. This is who we are. And so a talk about crypto for hackers should involve some crypto, right? So what we're going to do is now that I got you excited about getting a t-shirt and yes, I'll be giving them at the party. By the way, if I get really drunk, the chances of me giving them all out within five minutes are very, very high. Almost probability of one. So at the party, if you have me be buying me drinks, I could very well give you my entire backpack full of t-shirts. That has happened before. So let's talk about Edward Snowden what said, encryption is the defense against the dark arts. And he was right. Crypto, so what that means in layman's terms is crypto will set us free. Now I come from a very strong religious background years and years and years ago. No longer current. But when I grew up in church and in religion, they always talked about different things setting us free. As I grew into an adult, as I learned technology better, I realized there's very, very few things at all that will set us free. I think we can set ourselves free. But I also think from a technology standpoint, crypto will set us free from an infosex perspective. So there's a few terms we're going to talk about. I'm not going to review them all just because of lack of time here. But we're going to, these are key words that cryptography. What does that mean? That's such a big word. People abbreviated as crypto. Basically all that is, it's a fancy word for just describing, it's the practice and study of techniques for secure communication in the presence of third parties. Okay, that's still kind of geeky. What does it really mean? I want to share information to one of you or many of you out there and I don't want the rest of the people to know about it. Either know about it or tamper with it or do anything or replay it or extend it or anything that's going to alter or somehow convey the message to the unintended recipient. That's all crypto is. It's just securing our communications. A cipher is a fancy term for just an algorithm. A simple function or algorithm that performs encryption or decryption. That's it. That's all it is. Encryption is a fancy word for just saying we're going to take what's called plain text and we're going to mix it up and create this fancy output called cipher text. And then that cipher text shouldn't have anything to do or look like the plain text. That's the goal. Now when we decrypt it, we just convert from cipher text back into plain text. See crypto uses fancy terms. Now to be on it, to be fair, to be a cryptographer is a lifetime pursuit. And this talk I want to make, I want to be very, very specific. I don't mean to demean or minimalize the work of lifetime and full time cryptographers because it's hard work, it's dedication and it's very, very many times selfless. To know this stuff back and forth you have to apply yourself for a lifetime pursuit. But to know the basics and use it effectively, hopefully is a matter of 50 minutes. And that's what we're going to prove out today. A key, it's kind of like a key in the real world. It's just a parameter that determines the functional output of a cryptographic cipher. So you feed a key into an algorithm or cipher and that unique key will have a unique effect on the cipher text generation is all it is. A hash function is a one way cryptographic function. The idea with a hash is you can't decrypt it. That's really what a hash is. And when you hash something you create what's called a digest or a message digest. There are these different types of encryption algorithms called symmetric and asymmetric. All it really boils down to is symmetric just means you have the same key for encryption and decryption. Asymmetric just means you have two different keys. One is used for encryption and the other is used for decryption and vice versa. Now I have some crypto examples here on the slide. I'm going to be talking about five different groups of routines. Ciphers, hashes, H-max which are hash based message authentication codes, key agreement schemes. I'll be looking at the Diffie-Hellman example in particular. And PBKDF2 which is a password based key derivation function. The code that you see here in the coming slides. Very, very simple example code. I have a four hour workshop today at 2 p.m. Called for lack of better naming at the time. Crypto for hackers, the workshop. Probably the worst possible name I could ever come up with. It's from 2 to 6 today and it's also from 2 to 6 tomorrow. If you have a, anybody have a seat in crypto for hackers at the workshop? Oh, excellent. All right. So one brave soul. Excellent. So in that four hour block, what we're going to do is I have eight exercises and I'm going to code with you for four hours in C++. We have networked, boost based, asynchronous IO code and we're going to write code that implements all of these routines and we're going to be sending these across the network and even simulating man in the middle attacks. All within a span of four hours on Linux and Windows. And the code actually compiles too which is a great thing. So for that workshop I've written something called demon crypt and demon crypt is the core class library that demon saw uses and all it is is a lightweight C++ class wrapper around some of the more common crypto plus plus libraries. So the real powerhouse behind demon saw is the open source crypto plus plus. Demon crypt is just a user friendly wrapper that makes encrypting a two line affair rather than eight to ten line affair. So we'll be going through all this code later today. It's going to be a lot of fun. I'm most excited about coding with you guys in the workshop. I'm really, I'm a programmer. I love coding. So if you can't tell, I'm excited. So thank you for being brave. So t-shirt for you. All right. So let's talk about some of these routines. As we mentioned before, a cipher just encrypts or decrypts, right? Ciphers are not new. A lot of people don't realize that cryptography has been around for thousands of years in some basic form of another. For exercise one in the workshop, we're going to be implementing what's called Caesar's cipher, which is depicted in that graphic there. An extremely complex and robust cipher by which you shift characters over by n number of spaces. Totally no one's going to break it, I can tell. Especially since I'm limiting the amount of shifts by plus or minus ten. So there's no way we're going to crack this. So Caesar's cipher has been around. There was a, I don't know if this is true or not. I've probably read it on Wikipedia, so maybe it's true. And there was this quote about Caesar fighting, I think he was on the Russian front or somewhere fighting a war. And he sent a message to his wife at the time, I believe. If I get some of the details wrong, please forgive me. But in the message, he used Caesar's cipher and when she had decrypted it, decrypted it. The message basically said, you know, on the front, be back in a month, don't bathe. True message, true story. So that Caesar used crypto for that very sensitive message to his wife at the time. I don't know if that's true, but it's a good story nonetheless. Ciphers, we're going to be concentrating on the AES candidate ciphers. In 1997, NIST sponsored this exercise from 97 to 2000 whereby people submitted different crypto implementations for the new standard, the advanced encryption standard. And there are a bunch of submissions and it was narrowed down to just five. Demon saw implements all five of the AES candidate that lets you choose which one you want. That was, I always pronounce this wrong, Reindale, hopefully, I don't, Reindale, Reindale, I always, my pronunciation is terrible, but there was what became the AES, Reindale. There was Serpent, Two Fish, RC6 and Mars. And we're going to be using all of those today in the hacker class. The candidate algorithms can have 128 bit keys, 192 bit keys and 256 bit keys. So when you're dealing with ciphers, not only are you dealing with the key input, but you've got to choose a key size. The larger the key size, ideally the less probable collisions and brute force hacking attempts will be. So the reason why you bump up, it all depends on vulnerabilities in the actual algorithm itself. If an algorithm of vulnerability is found in the algorithm itself, then key sizes are not as important. But the reason why you choose key sizes bigger than smaller is the idea that brute force attacks is going to take longer than our lifetime. And that's really the goal of a lot of the cryptographic cipher work is that if your information is encrypted and it's going to take more than a lifetime to brute force crack it, it's probably good enough. And see what most, what most people don't realize is that it's not a one or a zero for crypto. It's an analog value. There's a decimal point in there. It's all up to what your cryptographic needs are. If you don't need the most advanced military strength crypto because all you're doing is sharing photos with your family, then by all means don't implement and use the most advanced crypto. So there's a scale there that goes back and forth. And that's one reason why it makes crypto so much fun is because we don't always have to choose one or the other. So here's a really, really simple example of encrypting using AES. I think this is just using 128 bit key. It with demon crypt. It's three lines of code. That's it. You create an AES object called cipher. You call set key. You set your key. It can be a string or it can be a char star or it can be a U8 pointer, whatever you want. And then you call encrypt. And that's it. So one of the things I've really tried to do by releasing this by the way, demon crypt is MIT open source license. And that's my gift to you guys because it's been helpful for me in creating demon saw. And I wanted to return some of that to you. So feel free to use this however you want. It's an open source license. I wanted to make crypto easy not only to understand but to use. The next topic we want to focus on is going to be hash functions. Now as we mentioned before, a hash is simply a one way conversion. So there's no decryption. Now you take your message and you convert it into a digest. The idea behind hashes is that they should be practically impossible or infeasible to reverse engineer. Now there are good hash algorithms and there are bad hash algorithms. Anybody here at MD5? Okay. What do you think? Good hash algorithm? Okay. Sucks. Bad hash. Okay. So there's bad hash. Okay. Thank you. The three people who raised your hand are correct. And I will thank you for the gentleman who screamed his socks. Even better. So there are good hash algorithms that are bad hash algorithms. Once again, choosing the right hash algorithm is not a 1 and a 0. Even MD5 has its place in the world still. It's still used in H-Max. It's not usually used a lot in normal hashes but you see it all the time in file checksums to download. You still see MD5. And the reason being is it doesn't need to be cryptographically secure. You just need an authentication measure or authenticity measure to know that the file hasn't been modified. So what are some uses for hash functions? We talked about one. File checksums, right? You download a file on the internet. You go to demoncell.com. You download my program and there's going to be a hash there. You download the file. You re-verify the contents of the file and you make sure that the hash that I'm reporting and the hash that you're reporting match. If they don't, something's wrong. Either I fucked up again, which I've done it a couple times because it was 3 a.m. and I uploaded a file. Or somebody hacked my website and exchanged my zip for another zip. Verifying file integrity is important. But there's also hashing of passwords. We have a lot of awesome password dictionaries available now that have really extended our rainbow table abilities because of insecure security practices and the fact that companies have not hashed passwords in their databases. The companies I most love are the companies who implement poor security measures, except when my data is in their systems. Then I don't love them as much. But the reason being is because when they're hacked and a list of a million or 2 million passwords are released, this is a real world indication of what real people like us create for passwords and the natural password derivations that we employ. So having that real world data is essential. But hashing your password in your database is a common and simple thing you can do to prevent these type of leaks. Alright, so some algorithms we talked about. SHA, SHA2 and SHA3. It's interesting to know that a few years back, I forget the exact date. 2007 maybe, I don't know, don't quote me. The NIST sponsored another competition, another crypto competition for looking for the next generation of hash functions. Now SHA2 hadn't been hacked yet and still hasn't been hacked fully. But they thought it was a good idea to be proactive. See I love it when our government starts thinking in standards bodies, start thinking that we figure that all of our stuff is going to be hacked soon. So let's stay ahead of the curve and let's do another call for papers or let's do another call for algorithms. So that's what happened with NIST and that's why we have SHA3. Now with hash functions there are concerns with collisions. There are also concerns with rainbow attacks. Rainbow attacks are merely large, large tables of pre-computed hashes that map up to existing passwords or passphrases or key things. So basically if you've got a list of passwords that have been hashed without salts you can go through and you can scan using rainbow tables which are pre-computed hashes. And reverse engineer the password by way of already knowing the hash. That's really a simple explanation. It's a cool name but all it is is a table of pre-computed hashes that are unsalted. That's really all it is. There's also this thing called length extension attacks that you've probably heard about. That's where you add to your hash. Length extension is a very powerful hack that can be done and which is why people use HMAX for guaranteeing data integrity and authenticity. So how does demon crypt? How can you hash whatever you want in your code just by using demon crypt? It's really, really easy. You create an instance of MD5 or SHA1 or SHA3512 and you simply call the compute function. So I've really tried, I mean if you want to take the code and make it much more functional and beautiful I would love to host it in my Git. So if you want to modify, in fact I will be uploading demon crypt to my Git repository in the next week with full public access and anybody can modify or review it and request modification access. But if you want to modify it and make it awesome that's cool by me. Here's a SHA256 example. Same thing, you create a SHA instance, you call the compute function, you're done. That's all it takes to use demon crypt. Now the output or the digest output between these two is varied. You see that the MD5 has fewer bits in the output than the SHA256. So once again a longer digest, more cryptographically secure, assuming that the algorithm hasn't been compromised. I alluded to this earlier. The next thing on the list is HMACs. What an HMAC is is really just a hash based method message authentication code. So what an HMAC is is that under the seams it uses a hash and it applies a key. So what's different between an HMAC and a hash is that the hash can be salted. So you may ask what's a salt? You forgot to talk about salts and hashes. You were absolutely right, I'm so sorry. So when you're hashing a salt, all that means is that you're adding an extra string in the input. So you're varying the input before it gets sent into the hash function. What an HMAC does which is really really cool is it guarantees or tries to guarantee what's called authenticity and data integrity. Now this talk is probably too short to really get into the benefits. I'm going to talk about that in depth in the workshop. What authenticity is, is really authenticity is an indication to me as I receive a message that this came from the intended origin. So I somehow know that this is coming from at least the point of origin. I don't know it's trusted. I don't know that the person that sent it is really the person that I expect to have pressed the inner key. But I know it came from the point of origin or at a minimum they had access to the same key that I have access to generate the HMAC. Data integrity is the idea that the message hasn't been tampered in payload. So an HMAC allows us to shove a key into the hash and generate this output that hopefully guarantees those two factors. HMACs can be used in place of hashes. They're building blocks for other applications such as probably my favorite crypto routine right now. In fact I think it would be, that is a lot of text over there. That is, sorry, I'm easily distracted by free flowing text. I don't know, it's a fault of mine. But it's a, so one of my favorite crypto routines right now that I've come to fall in love with is PBKDF2 or password based key derivation 2. And it uses, it can use under the covers in HMAC. It's a really, really, really cool routine that allows you to take any sort of text or input and create a very specifically sized key as a result or output as a result that can be used for a key to a cipher. So HMACs are used under the covers in PBKDF2. You can use all the normal hashes in your HMAC. Now here's an example of using an HMAC with demon crypt. Look familiar? It should. I mean, I wanted it simple. I didn't want to, I didn't want to think about crypto when I was writing the rest of demon saw. So you create an HMAC instance, you set the key and you call compute and you're done. That's it. That's, crypto doesn't have to be any more complex than this. And same thing with the shot 512 HMAC. You create an object, you set the key and you call compute and we're done. Open source and free. The way everything should be. PBKDF2. We finally got to my favorite. I love this guy. I even, I even found a cute little like, like salt guy who's kind of dancing around. But what this is, as I mentioned before, this allows us to take a passphrase or a bunch of bytes or any set of arbitrary input data that can be reduced to 1s and 0s and shove it into the input, add salt and basically derive an output that can be used for input into a cipher. So a lot of times you'll say, hello, my name is Eja and I want to use this to create a key. Why don't you just use hello, my name is Eja as the key? I'll give you a really good answer. Is because ciphers are very mean. What do they mean? They only like keys of certain input size. So an AES128 will only take an AES128 key. You try to give it 127 bits. That's, that's a bad example because you can't do that. But you try to give it like 250, so you try to get 120 bits instead of 128 bits. It's just not going to work. So they like precise key input for the number of bits that they're going to, that they're going to use internally. So you use PBKDF2 to generate a very precise set of bytes that can be used for input in a very precise, or precise cipher. Shared secret derivation is really a powerful outcome of this. In addition, PBKDF2 allows us to add iterations. So you can start iteration one which is not secured by any stretch. Or you can go to 100,000 iterations. I believe that the NIST standard last I checked was 100,000 iterations or 10,000. I can't remember. I use 100,000 normally. I think that's the ideal standard for PBKDF2 right now. So you can iterate multiple times in your algorithm to generate a stronger more cryptographically secure output. Computationally it's more intense, which is great for crypto. We don't want a super easy and highly performant crypto routine because it's going to be easier for the hackers to brute force. So we want a bit more computationally intense to generate this. It's ideal. How does this look? Well, it's a little bit more complex but not too much. The name of the class is a bit bizarre. I probably could use your help cleaning up. PKCS5, PBKDF12, HMAC MD5 is definitely not a user friendly class name. I think I've changed it. I think I've removed the PKCS5 prefix to that by the way. But you set the salt and you call compute. And that's it. And that is how, and you can also set the iteration count too, which my example doesn't show. But that's how it's done. So four lines to take a pass phrase using set the iteration count, set the salt, and generate an output. Four lines of code is all it takes. And down below is another example with SHAW 512. So finally, we're at our last cryptographic routine. And the good news is we are right on time. So that's the wonderful news. Key agreement schemes. We're going to talk about something called Diffy Hellman. How many of you heard of Diffy Hellman? Everybody, of course everybody here has heard of Diffy Hellman. So what is Diffy Hellman? You probably heard of the paint mixing analogy, right? This analogy scares the shit out of me because when I'm painting my house, the last thing I want to do is get somebody to randomly mix paint colors, right? Even slightly is going to throw off the hue or the tint of your wall. Reason why we need key agreement schemes. And this is based on asymmetric encryption or strong crypto. This will generate a private and a public key. And the end result is to generate a shared key between two disparate parties without any sort of key exchange. So what happens is you generate three things. That you generate a base, you generate a prime number, and you generate a public key that is sent across the wire. So I generate these three things as well as a private key internally that I hold on to. And basically I send these to you. You take these as input and you send me back your public key. Meanwhile, you're mixing my public key with your private key to generate a shared key. When I receive your public key back, I mix it with my private key to generate a shared key. And our shared keys because of the magic of math and modulus math and prime numbers and all that good stuff results in being the same key without us exchanging it. Diffie Hellman is used in a lot of technologies we use every day. So we use it, WPS uses it. Anybody a fan of Reaver? If you know Reaver, you know WPS. Okay, all right, perfect. See, brave people admitting to knowing Reaver. One of my favorite tools, by the way, in Kali. And SSL or TLS uses Diffie Hellman as well. SSH uses it, VPNs use it, Demon's saw uses it. Diffie Hellman is a great way for two parties just to get a shared key and fast. This can be computationally intensive if the prime number bits are high. And we'll talk about that in the workshop more. If you have a low number of prime bits, like 128, that's very, very insecure. What that means is that your ability, the ability of collisions to happen is more probabilistic. So if you generate a larger prime number, like 30 72 bits, then the chance of collisions over T time is going to be probabilistically lower. But to generate a 30 72 bit prime takes a while depending on your computational power. Like, I can generate on my four-year-old quad-core laptop. I think it's an early i7. I can generate a 1024, even 776, or even a 1776 bit prime in under 15 seconds. Now I've got a fairly slow laptop with only eight gigs of memory. But when I bump it up to 2048 and 3072, it can take a minute or even up to two minutes. So ideally the downside to this is the prime number generation. So you can save out your prime and you can reuse it. But as you can imagine, that has some other security concerns as well. The end result of all this is Diffie Hellman is a powerful technique. And we are going today to be implementing code that uses Diffie Hellman and not only does a secure shared key creation across multiple clients, but we're going to take the key, we're going to pipe it into PBKDF2 to create a specific key length, feed that into our AES candidate algorithm of choice and encrypt secure messages back to the recipient and sender. All today in just one of the eight exercise in Crypto for Hackers. It's going to be a lot of fun. So how does this look? Well really quick. It is a little bit more complex than the other examples. I won't go through all of it here, but what we do is we create our base, we create our prime, and we create our public key. We print those out, then we send those over to the second party, which takes the base, takes the prime, and takes the public key and returns to me a public key. Meanwhile generating his or her shared key. Then I receive his or her public key back and I feed it into my algorithm and generate the shared key without actually exchanging it. So even though this was a little bit more complex code, it's still about ten lines of functional code to do a Diffie Helm and Key exchange. Has anybody tried to do Diffie Helm and Key exchange on your own, like code it from scratch? It is fucking nuts, right? It is painful, right? So this is way better than doing it manually. And by the way, for those of you who raise your hand, you're very brave too. Sometimes they're both the same, right? They're both synonyms. The next two slides, I'm not going to go through, but I wanted to show you. If you do a 2048 bit prime, it gets really, really more. It just looks scarier. Even if you don't read through the numbers, it just looks scarier than this. But obviously more secure. So those in a nutshell are the five different crypto routines. Now what I want to do right now is I want to, now that we've reviewed these algorithms, I want to talk a little bit about unique ways that we can use these cryptographic building blocks to create our own secure applications. As you know, I'm the founder of Demon Saw and just last night I released Demon Saw 2.0. Demon Saw I made for us. I made for us to secure our communications and secure our content. There's no infrastructure, there's no logging. I don't mind bitcoins on your computer like you torrent. I don't do any of this. I don't even know who uses it, honestly. If somebody said I'll give you ten million dollars if you tell me how many people are using Demon Saw, I would not be able to take their money. I would not have any clue. I only know if people are using Demon Saw because they email me and tell me that they like it or email me and request new features. Demon Saw 1.0 was launched last year at DEF CON 22. Now I got to admit it was a little buggy. So thank you very much for your feedback. Thank you for your suggestions. Thank you for helping me test through some of the bug fixes. I'm the only person who writes the code and I do that part time when I'm not working at Rockstar. So it was a good first step but it was C-sharp. It was Windows only. It was a learning experience. It had some bugs and it wasn't everywhere. How can you be everywhere when your Windows only? It doesn't make any sense. So I tried. I did well but I learned a lot from it and thank you very much for your patience and your understanding. Demon Saw 2.0 I set out after DEF CON with some goals. I said what I want is I want it to be everywhere. I want it to be on Linux. I want it to be on OS 10. I want it to be on Windows. I want to be on Raspberry Pi and eventually I want to be on Android. I want to be as everywhere as I can be. Somebody a couple nights ago asked, I think he was drunk because I was drunk. So that's a good indicator. He asked me, when is it coming out on Solaris? I was like, I don't know. That's a great question. And please don't ask me about BSD either because I don't know the answer to that question either. But perhaps not everywhere but we're getting closer. I wanted to simplify the interface. I wanted to increase security and add features that you guys requested. The promise with Demon Saw and clearly you should still not trust me. You should trust nobody but me. It's 100% free. There's no ads, not even on the website. There's no call backs. There's no logging. There's no installs. There's no malware. There's no bundled software. There's no tracking, no logging. I'm not going to sabotage your CPU and mine bitcoins. There's no bullshit. When you download Demon Saw, you get an application that lets you secure your shit your way, fuck off NSA. And that is the honest truth. So, oh, thank you. Thank you. Thank you. So, some of the features in 2.0. There's chat, there's customer. I'm not going to go through this list. You can read it. There's cool features. The one I want to talk about in particular, which Mr. McAfee referred to, was something called social crypto. Social crypto is a new way of thinking about security. This is really the core of Demon Saw 2.0 and really the core of what I do now for a hobby. It's a new way of thinking about security. Now, security is a lot like water. It should be free. We need it to survive, but governments regulate it and companies want to package it up and sell it back to us at a premium. We don't need that anymore. So what social crypto does is it favors individuals in small groups. It doesn't require anybody else. No infrastructure, no key stores, no PKI, nobody. Your data sits on your machine and only your machine only and you share it with whomever you want. There's no revocation. Private public keys to share, there's none of that. It's built and there's no peer-to-peer. It's built on the foundation of traditional security. We can share things in common with those that we interact with. So contextual awareness via shared experiences and knowledge is converted into URLs or assets that are located somewhere in the world, HTML pages, PDFs, images, and instead of using a passphrase to feed into a hash or PBKDF2 routine, we use the contents of whatever is at that URL. It can be local. It can be remote. So we together, if we want to get in a shared group, all we do is we share a URL or multiple URLs. So let's say demonsaw.com, we could all get in a secure group right now that nobody could hack simply by specifying demonsaw.com and tweaking a couple additional parameters. We use the binary contents of whatever is at those URLs in order to feed that into input. So we map this contextual awareness into binary form and this is used as entropy into crypto routines. So this concept at first is a little, little bizarre. It's new. We've never had anything like it, but instead of using passwords and user IDs and public and private keys, because even PGP requires contextual awareness, I have to give you my public key. So if we all wanted to email each other in one big group right now, we'd all have to swap public keys. So there's contextual awareness of where my key is stored or I send it to an email. So even PGP requires contextual awareness. This is a new way of thinking about security and it's not roll your own crypto. We use all the traditional algorithms and ciphers and routines and hashes and stuff you saw today. We don't do anything different. The only difference is we source the entropy through binary data that we acquired from things that are already online. That's the key to social crypto. So right now I want to give you a quick demo of Demon's Cell 2.0. It's available to download now. I know we're running out of time, but last year I screwed up the demo. This year I was hoping not to screw up the demo. So by the way, there is a video tutorial who is narrated by a very professionally sounding voice that is on the website. A 4 to 5 minute tutorial that can walk you through all this. The first thing you do is you add a router. Now this router can be a message router or a data router or both. The way the Demon's Cell works is the message routing is kind of like Tor in that it is separate from the data routing. So you can add a message router or your buddy can have a message router or you can use a message router that's somewhere halfway around the world and then you can route your data to the server. So you control this. How do you set up a message router? You click enable, it's done. We now have a Demon's Cell network running right here locally. I simply click the plus button and I click the add button. Now then you add a client because I love Star Trek, I'm going to call this Picard and I'm going to put Picard downloads in the downloads folder. So I choose a place to save my downloads. I call it Picard and I basically connect. I'm going to add another client here and call it Ryker. That makes sense. And I'm going to choose for Ryker. Ryker and I'm going to connect. So what we've done here is simply by specifying my download location and I specify an IP address these two clients are connected to a secure network. Now this is the bare minimum just to get into the game. Picard can go over here and the resolution on these projectors are terrible by the way. So in case you're wondering why doesn't he increase the resolution I tried. Picard adds a couple of folders that he wants to share. Ryker goes oh ok I like that. So I'm going to do a search. I'm searching for ACDC and I want to download I would help. Normally you could see a pretty status bar here. There you go. So we are now in a secure group. It's not as secure, it's default security. So let's make it more secure. We go to the group tab. What I can do is I can add a URL. In this case I'm adding demon saw.com Oh shit I'm not connected to network. Oh well. We'll add a local file. So if we were connected to the network then we could simply do that. If you had a network here and I typed demon saw.com it would have gone fetch whatever was at the home page so index.htmo whatever I redirected to grabbed all the bits from that HTML page pulled it down as entropy and showed me here the size. Instead what we did is we did the same with a local file. It could be a PDF it could be an image it doesn't matter what it is. Now I am now in a completely different group than a Picard and the router will show that here. Riker's group is a different hash value than Picard's. So if I go over to Picard and I switch his group and I give him the same group then he will now be in the same group as Riker. So by using the entropy that's contained within the resource that we're referencing we are deriving cryptographic signatures that we feed into algorithms to generate our unique group signature. So this is great. What if somebody finds the logo.png By the way you want to test the logo.png it's on demoncell.com. Just an image nothing special. So let's say everybody here knows about that everybody here wants to use that what you can do is you can modify some of these parameters. You can modify the entropy I'm only going to use 50% of the entropy refresh. Now they are in different groups bang. Simply by me saying I want to use half of the bits instead of all the bits I've already kicked myself into a new group so Picard doesn't know about that Picard goes over here and says oh I've caught on 50% done. Now they're in the same group now you can I'm running out of time but you can tweak the cipher you can tweak the bit size you can tweak the hash there's a lot of different things the iterations for the PBKDF the salt etc all these things can be tweaked to set up your group as securely as needed to share your content and you can also add multiple I can add multiple entries here so you can extend this simply by remembering three or four URLs you can set yourself up with a cryptographic signature that is likely infeasible for somebody to know the unique ordering of these URLs and be able to brute force your key now here's the thing if you use you might be saying you're using multiple layers of encryption there's a lot of studies out there that say multiple layers of encryption actually make it less secure if the input is the same if the entropy is the same you generate completely new copies of entropy here so you're using multiple encryption with unique entropy, unique ciphers unique key sizes, unique hashes, unique salts and potentially unique PBKDF2 iterations all within your control no government, no companies free, this is demon saw and I hope you like it we'll do a closing for two minutes I swear, just two minutes, I promise you have? okay