 Another morning everybody I Would hope everybody's not feeling too bad the ill effects of the evening's parties. I Commend all of you for coming to a crypto talk at 9 a.m. I will try not to make it too terrible Before I get started what I'd really like to find out is some of the The backgrounds kind of like a general idea, so I know what I need to explain and I don't want to explain things that Everybody already knows so super like who knows what base 64 is Okay, most of you, okay Who's used cryptography, but they're not quite sure if they're doing it, right? Okay, good. That's the good. It's the crowd I prefer And who's super awesome and just here to audit me and tell me I'm wrong It's okay. You can raise your hand like any people like you nobody okay all right, so By myself. I'm a virtual crime fighter. I work for a company called Iovation here in Portland We are a security and fraud risk analysis company I'm also an IT guy, which is awesome This is actually the first Linux based IoT project. I built which was an access system using one of our One of our products to do physical access What I'm not is I'm not a security researcher I Work for a security researcher, excuse me researcher I have some experience in security research as far as penetration testing understanding things that go on But that is not what I do day in and day out. I'm also not a cryptographer I do not have a doctorate's degree in mathematics, and I do not study math Also not a mathematician that says being a cryptographer requires you to be a mathematician cryptography is just math What to expect from what we're going to talk about is my hope is that you will gain an understanding of common terms and cryptography There are some misconceptions about certain of the certain terms And most importantly understand the key drivers for choosing cryptography Methodologies algorithms and strengths a lot of times depending on what language you're using and how old it is If you're using cryptography functions, the defaults may not be good if you're using JavaScript, it's not too bad, but if using some older stuff like Depending on like Java doesn't give you options on what's good or bad But you know if you're using Python, you may or may not have a good option as a default And to know what stuff to use that should not say PHP. I apologize Actually give this talk in a bunch of different languages the last one I gave it in was PHP and I forgot to change that so Cryptography for I guess a lot of you have some at least some idea what cryptography is But it's the practice and study of techniques for secure for secure communications and the presence of third parties called adversaries Right. That's a great Wikipedia definition But what that really means is is you're trying to obscure data in such a way that it's difficult and therefore costly Notice it does not say impossible. It says difficult and costly For an adversary to duplicate or reverse No cryptography is foolproof time Avails us all But what you're trying to do is you're trying to make it very difficult and very costly and make An adversary have to decide whether they're willing to spend the amount of computing resources necessary To hack your data. So who are your adversaries? So all of us have the same adversary, which is the lone gunman. All right, this is the famous 400 pound hacker on his bed This is just somebody who is it's a hobbyist. It's someone who loves to crack things just to be cracked These are puzzle solvers. They just get joy out of breaking things They usually don't follow the rules and let you know before they tell everybody else that they found a problem with your software Hacktivist groups Most of us have probably heard of anonymous These are people that believe that someone is doing something that shouldn't be being done and those live on both sides of the political spectrum and the What some people might consider right and wrong So everyone is always at risk to hacktivist group because you're always upsetting somebody Competitors especially in the device world industrial espionage Being able to find what your users are doing who your users are what they're doing And also be able to expose exploits so that they can say that your product is not as good as theirs organized crime Not so much on devices, but if you're if you have accounts where people manage their devices Getting information out of there that they might be able to use for some sort of exploitation or fraud And extortion being able to follow what they do where they go and determine. Oh Based on this we find this person goes to this, you know this hotel Every six days. I wonder what he's doing there and they find out and they Extort it's actually it's a real real thing that happens and nation states nation states including our own if you're a United States resident They do a lot of data farming they just collect all the data that they can and They have a lot of very sophisticated software that puts all that data together tries to find patterns and tries to identify things they also try and steal credentials if you have a password on your if you have like a web interface or a way that you have a password a 60% of the individuals on the planet use the same password for everything So if they get the password to your device, they know how to password to their email Which means they have the password to their bank account, which means they have the password to their wherever they need to go The user names in the passwords are normally the same And if the passwords aren't the same when they capture your email, you can do a password reset, right? So that's really who your adversaries are and in the first beginning I talked about cost So in cryptography, we're trying to increase the cost and there's three things that really contribute to cost those are secrets and The level of the secrets and how large they are and how random they are entropy which is We'll talk a lot about what entropy is and entropy is a huge part of Of cryptography and that's perceived randomness throughout the data and then computation. How expensive is it to actually Encrypt the data how expensive is it to hash the passwords or to hash the data that you want to secure And so that brings us to how secret is secret so There's two different types of encryption that are commonly used which are asymmetric encryption and symmetric encryption, so Asymmetric encryption has no shared secrets and we'll talk more about what asymmetric encryption is So because of that it's inherently more secure. You don't have to trust somebody with your secret How predictable is your secret? So if you you know if your secret is Your serial number or your secret is something that was generated based on time if you're storing real-time data If you can determine what that secret is based on a random generation that is time-based If you're doing it on a computer and they know the operating system and the hardware they can recreate it It's actually kind of scary Who has access to your secrets? And are you are your secrets encrypted at rest right if you have credentials on your systems on your devices? Are you encrypting those when they're sitting on the file system or you're assuming that no one can just get to the file system? Linux-based system that is a bad assumption to make And are your secrets encrypted in transit? So if you're setting across a shared secret, are you using encryption to protect that as it goes across the wire? Are you are using TLS or using SSL when you're transmitting data across the wire? And if you don't have that option if you're using a small protocol, are you that doesn't provide something like SSL? Are you actually encrypting important data that's going across stuff that should not be able to be viewed? Computational cost so complexity of the algorithm increases the cost so a few years ago when I was first starting to learn cryptography for financial technology systems There's this thing called triple does because it was the DES and then that wasn't safe enough So if you do it three times you get triple does three times the size of the key And that was perfectly okay because that that was secure well today That's not secure because it's not complex enough and the last seven years the the emergence of a6 and using GPUs to Process mathematics which are very good at there were specifically built for that to hack and crack Passwords and cryptography has made it a really horrible terrible game So that a lot of the old protocols and the cryptography algorithms are not valid anymore And there are some algorithms that specifically target memory and thread utilization to increase cost So a lot of your modern Cryptography algorithms, especially when you're talking about password hashing you get into something like an argon 2i You tell it how many threads you wanted to use and how much memory? So it actually increases the amount of time it takes to to hash To hash your values Because it uses a memory space larger than the address for the CPU so the CPU has to do two calculations to deal with that memory and then feedback loops that's really either side whether it's going to be a Block level encryption for encrypting or if that's going to be a key derivation function for passwords So I hope nobody's totally confused right now, but the things we just I just put in here We're going to talk a lot more in depth here in just a second. So what is entropy? So entropy is the key to cryptography Merriam-Webster has a fairly fairly good definition, which is the degree of disorder or uncertainty in a system and That sounds a little odd to be talking about computer systems with disorder and uncertainty But if you have certainty If someone can predict if you have predictability then you're easy to crack and you don't want that So here is a really good Example of entropy of good entropy So if you take a look at both of these both of these are the same thing one is encrypted one is not all right So it's just talks our way loves talks especially since we're in a better Linux conference And there is no way I mean I've actually tried staring at it, right? You do the whole if you ever been to like I'm old if you look to have these things in the mall Or you can look at it and start and find a picture you might find some pictures And I have found like three or four different things, but it's never been a penguin All right, that's important. This is what's considered Minimally secure today for cryptography This is what was considered secure seven years ago All right That is encrypted all right that is encrypted using AES encryption, which is the advanced encryption standard But it's using a bad It's using a bad method, which is electronic quick book and so you can absolutely number one You can absolutely tell what this data is supposed to be you can tell it That's a penguin the other thing is you can tell is that you have a lot of data that's the same so You have predictability for individual pieces of data and then across the larger spectrum of data for each one of The blocks you also have predictability and that's really bad because it's not very hard to break right? I don't have to break those thousand pieces of white. I just have to break one so the question that becomes is how do we achieve maximum entropy that's really what we're looking for and There's a very long word and hopefully I don't mess up when I say the whole way cryptographically secure pseudo random number generators it's a very big word and a very weird term, but What you need to understand about computers and randomness is there's no such thing as randomness to computers computers well To standard computers. Okay, if you get into some of the the stuff that's coming down the pipe, that's you know billions of dollars They have perceived randomness, but there is no randomness in a zero one bit computer what it does is it it actually has a list of number of values that show no pattern themselves and Determines what part of the list it's going to start with so that's when you actually ask it to generate a random number It's going to Or a random set of data. It's going to go to a known list Find a random place to get that piece of data and get the number of bytes you tell it to and If you're concerned you should be Okay, and if most Most programming languages have been separated with a cryptographically secure random generator and a random generator so if you're doing Just plain old Rand on most of your software You're going to get something that can be determined. It's deterministic based on the time So someone can with a fairly decent level of accuracy determined It's going to be one of these hundred values That could have been generated during this time period if you generated them, which is kind of scary but Linux provides the ability for cryptographically secure random number generation Based on additional things on the computer at that time, right? So it's going to add in the temperature of the CPU it's going to add in additional information that it has it is unique to that particular Device at that particular time to add randomness So if you've ever been told to access dev random to get random data Dev random provides random data if you don't have access to that if you've used open SSL open SSL has a random number generator That does that as well So you add entropy with salts so salt is adding randomness to known information It's just a randomly generated value, which again should be generated using a cryptographically secure random number generator Feedback loops so the difference between those two entropy examples That was the difference of a feedback loop and feedback loops creates a local randomness to block ciphers So that you take the value from one response put it into the encryption of the next response So that even if you've got the same value it doesn't come out the same twice Right salts for randomness for hashing make sure that if you hash a password twice and you use you can use two different salts It's not the same value, right? Security researchers or hackers black white or gray They all know what the top hundred passwords are And they can go look at your data and determine if you don't use a random salt They can actually determine which ones are using those top hundred passwords just based on the averages of what comes out They have a fairly good idea that this one is going to be either one of these two or three passwords You've now reduced the amount of time it takes on the crack it Pretty drastically, and it's the same thing with encryption Using the feedback loops. So initialization vectors add global randomness to block ciphers So if you use even a good block cipher mode and you have inside of the data You have good entropy from block to block to block if you use the same initialization vector every time you encrypt The word go it will look the same So initialization vectors the randomness there allows you to have different values across your data sets and And the reason for this is that all data? all data Will have some predictability right there's some amount of Predictability in there as you can determine that let's say for social security numbers, right? Well, the most common first number is what I don't know what that is But I bet if I did a Google search in about 20 minutes I can tell you with the most common first number of social security numbers I can tell you with the most common first letter of an email address is right I can tell you with the most common last letter is right. It's going to be em So there are patterns in the data and If you allow someone to determine if you don't put that global entropy across your data You're going to allow someone to get in there and determine that oh, I got a good idea What this is so I've got less that I have to do to try and crack it And some cyphers introduce randomness with padding so that's done on RSA It actually does randomness based on padding not based on initialization vectors or anything like that So it's a little bit different And entropy the big thing that we talked a little bit is local versus global right local is making sure that your data from packet to packet from block to block Has entropy you don't have that that definable Vision of what the data is going to be and then global is going to be across your larger data set So using initialization vectors and salts are going to help you do it across the entire system And then again like we talked earlier how random is random It can be very random if you use the correct tools if you use the wrong ones. It's not going to be So in cryptographic systems You have symmetric key cryptography which uses shared secrets and you have asymmetric key cryptography Which uses private public key pairs? And you have something kind of in the middle, which is ecdh which is You're defining different curves Most common ones that I'll talk about today and you can get into the elliptic curve stuff, but Symmetric and asymmetric you know RSA AES those are the two most common those are available on nearly every platform Although ecdh is certainly becoming more available and more secure There's three types of cryptography applications we'll talk about today, which are encryption digital signatures and key derivation So encryption is protecting data that needs to be recalled you need to be able to Decrypt it so that you can see the value you need to use that data for some reason Digital signatures are used to verify the integrity of the data so it's used mostly for data transfer, but In my talk on Monday I talked about you can use digital signatures as well to make sure that your no one has gotten onto your file system and Changed your data changed your code. You can re-verify yourself before you run as part of a startup because that's actually something that's unfortunately prevalent in Linux-based IIT is Leading SSH open sewing and putting in changing your code putting in code that you don't want to get run but getting run anyway And you can protect against that using digital signatures And it cannot be reversed So you cannot if you take if you take something secret in its plain text form and you sign it You cannot take that signature to recreate the value Similar to a hash right hashes cannot be decomposed, but you can recreate it to verify it. So when you create a digital signature To verify that it is the correct signature You take the information that you used from creating it the first time do it a second time if the data values match Then your signature is valid key duration This is most times known as password hashing I try not to use the word hashing because it brings up memories of MD5 and Shaw This is not MD5 or Shaw Although Shaw is often used in key derivation functions It's it's not the same thing and we'll talk about that in just a minute and it cannot be reversed So again, like I said the same thing with a signature, you can't reverse it You don't have to worry about that being out in the open And it's computationally expensive by design so a shot to hash even whether even if it's salted or not is not expensive Key duration functions are extremely expensive to reproduce and that's a super important for your users So we'll go through each one of the types individually And the first one is symmetric key cryptography. You're probably fairly common fairly use this if you have like a password manager It's using symmetric key computer cryptography If you if you have data at rest most often if you're putting in a database If you've got encrypted data stores, those are using symmetry if you've got an iPhone, right or an Android And you've got a pin that you have to put in Wow, thank you Java for telling me you have an update. I Apologize That was crazy So if you if you have those things right and you have like on the iPhone It's your your pin that you enter in to get to the device that is your key your shared secret for symmetric key encryption So you're using symmetric key encryption all the time. You probably just don't know it It has lower computational cost than asymmetric most asymmetric algorithms for the same key size And it uses algorithms against blocks or streams of data Most of us aren't going to be doing stream unless you're doing video streaming But then again, you probably want to use a block that is a self synchronizing stream anyway stream asymmetric encryption is not very Secure because it doesn't take a lot to to decrypt it So most implementations will use block Because stream uses less resources. That's less computationally expensive. That's less secure So the difference is between streams and blocks is stream ciphers have to quickly encrypt streams right as the data is going by Real time it's encrypting One portion of the stream does not affect the other so it's just encrypting it You're not getting that global entropy we talked about because each particular packet going out is getting encrypted in its own way Block ciphers deal with one block at a time. These are probably ones you're most familiar with They're very secure as long as you're using the correct modes Because they allow for feedback loops and that's what the modes will give you to create entropy over the entire package So for block algorithms use AES If you're not sure what to use Chamelea can be used if it's required, but it does have restrictions due to patents But most of the planet out there if you're doing symmetric encryption you're using AES It is you know, it is US government approved is EU approved is FIP standard it is the national institutions of science technology approved That's what you want to use it does should not be used some cryptographic Packages out there does the default you don't want does you really don't Block cipher modes so for AES you're gonna have block cipher modes and do not use electronic cookbook It sounds cool the electronic cookbook It is often the default ECB was once considered secure, but it is not Big red do not use ECB do not use ECB do not use ECB and there'll be another slide later It says do not use ECB So block cipher modes determine how the blocks of clear text are translated into cipher text, right? It's just it's the way that it does things and We'll kind of talk about us a little bit and the reason I'm saying that you use CBC is that the entire message is required for decryption So you cannot decrypt the last piece without the first piece So someone can't determine that I believe that the data that I need is more important on the end So I'm just going to decrypt these last six blocks that cannot happen right And the reason for that is and I won't get too much into it is that if you notice here What's going on is that it encrypts the data so you start with an initialization vector An initialization vector is needed because that's the way these things work with block cipher modes And so you have a random value that you start with with your initialization vector You encrypt the data and then the the initialization vector for the next packet is the encrypted value of the first packet So every packet is going to be different even if it's the same value because it's putting the encrypted value and using that as a feedback loop for the next one so CBC is You know the the standard that gets used today There's also GCM Which does it a little bit different? It it is using a feedback mode it encrypts and generates the authentication codes and return h-mac And we'll talk with h-mac in a second, which is a digital signature So it'll actually return the signature and the encryption at the same time simultaneously So that can give you some advantage And whether or not what you're using is going to support it maybe up in the air But most of your more modern packages are going to support GCM as well So you can decide what's going to work for you Especially if you're just doing it locally you don't care about transmission, but if you're transmitting data, you might care and as you can see it is Remote is completely different. I'm not going to go too much into the graphic If you want to take a look at all these graphics and how all this stuff works Wikipedia as these images come from there's a ridiculous amount of information on cryptography on Wikipedia That will tell you how all this stuff works, but we don't have enough time to really get into that There's Cypher feedback, which is a self synchronizing Cypher stream So if you're going to be doing streaming data, you probably want to use CFB If you're doing audio streaming, whatever streaming you might be using Cypher feedback actually works fairly well So it's slightly different not going to get into that But you can distinctly see that it is different on how it's generating things and it doesn't it doesn't take as much Time and you can start from the middle and go to the end All right, so it's not a secure But if you're doing streaming data that you want someone to be able to lose the data then pick back up You need something like a self synchronizing screen a stream Output feedback is again the same thing, which is very different and this actually is if you need to be able to Not slow down any data and always have the data Working as you basically Sorry pictures there So what this is going to allow you to do is you can actually pre-generate the top part So and then you do an XOR with the bottom piece or plain text and it generates cryptography So you have something that's a little computationally expensive to generate, but you can pre-generate those on both sides starting with a common Common key initialization vector so you can pre-generate generate the information necessary to encrypt and decrypt And then you can do an XOR to actually do that process on either side and get the data back out So it allows you if you have things that are Computing very quickly and can't be slowed down by encryption at all, but you need some sort of encryption again, not a secure, but there are you know, there's a Pluses and minuses each one of them very few people very few of you are going to need either of these last two All right, you're just not going to need them Which brings us to digital signatures For the last thing in symmetric key cryptography So an HMAC, which is a hash-based message authentication code, right? You've probably used an HMAC before you've probably seen HMAC before It's hashing combined with a key So You're going to use hopefully Something shot 256 or better. You're going to provide a key. It's going to do some math against those two and then hash that value So it's if you don't have the key you cannot recreate the hash So that's why it's symmetric keys. You both have to understand what the key is you can verify the data coming across It is very quick and it is fairly secure as long as you're using shot 256 or better and the reason that you want shot 256 or better is for data collision so One second Sorry So when you're doing hashing what you're doing is you're taking a large usually a large piece of data and turning it into 16 24 32 characters There's a lot of room for collision there right especially if you have you know a four megabyte file that you're now doing a shot 256 hash of and bringing that down to 24 characters so The longer that your hash is going to be the least likely that someone is going to be able to create Something else that will have the same hash because there are hash collisions When you're storing data, that's going to be In a format that you're expecting that makes a little more difficult, right? So if you let's say you're taking some JSON and you want to sign that the likelihood of someone being able to recreate another piece Of JSON that has the same signature it gets much more difficult, right? If it's just random data That's much easier to find a collision, but if you're Trying to do something that is kind of readable through JSON that makes it much more difficult But not impossible So the the longer that your your hash string is going to it's going to generate the less likely you are to have collisions The less likely it's going to be that somebody is going to be able to Very you know in the amount of time that is allowable be able to throw something out to a farm Generate something else with a new hash and then ship it Bad things can happen when people can do that that's kind of nation-state organized crime level But it is something to understand why that the hashing is such a big deal and why The the size of the hash actually matters so asymmetric key cryptography. This is Probably was the most secure now. So if you've ever done TLS You've used asymmetric key cryptography So RSA and DSA are available in most languages including PHP. So use RSA DSA was used because there were some questions about copyrights and Patents for DSA. So RSA is what you want to use It uses very large prime integers. So At an open Linux conference if you're if you're using Linux, you're probably okay if you're using chips You're in trouble. So you probably won't be able to use RSA one of the reasons that the company I work for went to embedded Linux is because we work for months to try and generate a single 1024 key, which is not secure 1024 is not secure and we had to get special processors and all this type of stuff to generate that because It's a big integer. It's a very large prime number and the computer just randomly generates numbers and determine if they're prime and Trying to generate these prime numbers very large prime numbers 124 byte prime number. It's a very large prime number. I'm sorry 10 1,024 byte So if you're if you're doing stuff on chip You probably aren't gonna be able to do it. You probably aren't gonna have the memory Let alone the computational capacity, but if you're doing embedded Linux You're probably okay, right? Your processor is going to be able to do that It's not going to be able to do something along, you know on a large key You're probably not be able to do a 4k key And that's just gonna be based on your processor and what it can do and what its capabilities are as well as the board Even on mobile devices you have that problem. So we do Part of our security system has mobile devices involved iPhone generate a 4k 4k key. No problem Android on a really good Android takes 30 seconds So there are a lot of computation Restrictions on using RSA But because of that it's what you want to use right because we're trying to create things that are computationally expensive RSA is very computationally expensive So to be able to brute force that is very hard because you're constantly having to let me go find a new prime number That's ridiculously large and try and see if that one is it It's it's very hard And it uses key pairs to protect secrets, which is super super important That's what makes it super duper secret right is that I don't have to trust you with the security of my secret When you're using symmetric key cryptography You pass the secret to someone else it has to go and transit whether that is physically going in transit or across the wire Or how you know some other out-of-band process? The secret is then able to be collected as it goes along And you're trusting that wherever it's going is going to be secure, right? So if you have a secret from a device going to your your cloud service It's going through a lot of things you don't have any control over it's being stored on a On a file system that you may have done your best to secure, but someone has that file system Right, they have that device they can just jack into it with a terminal and try and break into it if you're using embedded Linux, right? So the Using private public key pairs Although a little more difficult a little more complicated you only have you don't have enough ability to I Can't act as you and encrypt. I don't have your secret right each of us have our own secret And we have enough information to encrypt things for each other, but not I can't decrypt the data for you I can only encrypt it for you crazy computational math. It gets pretty crazy Yes, well you you have to encrypt multiple times for multiple public keys Right Right, so what he's asking is I have to repeat this for the cameras But if you're having to encrypt for multiple recipients, so one of the things that we use a lot is Jose And it provides the ability for multiple recipients But because everyone's keys are different everyone's private keys are different you have to encrypt it each time for each recipient Which is which means it's super secret right so that means that you're not not everybody I can't read your data, and I can't read your data, and I can't read your data I can only read my data even though I'm passing along all the data for everybody You can all I can only read my own data that I'm supposed to be able to get which is why again, it is super super secret That's your question Key sizes and hashing algorithms, so on a spectra key encryption the current minimum recommended size is 2048 and All of us should know that because we if you've ever had a website or in the last year your browser started giving little yellow warnings about this site does not have a secure enough SSL certificate that was because it was using a key a private key shorter than 2048 Again Higher is better right so 24.8 is the minimum it is secured today if you have something that might exist right devices are going to exist likely more than A few days they may exist For a long time and you may not be able to have a really good patch System for people to update it and people may not be able to update their their software their firmware, so Think about the future if you can do 4096 keys Which is it's more than it's much much much Exponentially better Do that if you can Protect for the future, but 2048 is what's going to be the minimum this considered safe And I know on devices it's much more difficult and you may only be able to get 1024 But you're going to be more secure in a 1k RSA key than you are with a 1k AES key I promise you The issue though is data limitations, so RSA can only encrypt or sign data up to the length of the key size Most IOT probably not a problem because we're using very small piece of the data We don't like to use a lot of radio. We don't want to use a lot of data We don't want to spend a lot of time encrypting decrypting moving things along But if you're talking about moving larger amounts of data or anything, it's gonna be larger than your key Oftentimes what you end up doing is you end up using mix mode where you will and we actually do this a lot is that you will encrypt something using a Random key and a random initialization vector for AES and Then you encrypt the key that you use for AES using RSA, so it's always going to be smaller than your key size AES is fairly quick fairly secure, and it's way more secure when your key is different every time That's one of the advantages of the Jose library. It kind of does a lot for you And I think I have a slide here about Jose in a little bit But signatures will just hash it right so again you want to do use a Shaw hash when you're doing that preferably a shot to 56 hash for collisions Although I Have read although I'm not I'm skeptical about whether or not RSA doesn't need the the shot to 56 for For doing its hashing so padding padding is how RSA creates additional entropy, which is kind of weird And I didn't know this until like a year ago So the padding mode that you select in most cryptography doesn't necessarily matter right just long as both of you know What the padding technology is right you're encrypting in block cryptography and ace in symmetric key cryptography You just have to make sure the blocks are always the size of your key So you have to add extra data on the end and how you do that is different Sometimes you'll use null padding sometimes you'll use some of the different algorithms that are out there for just adding padding so that You know which parts are pad and which parts aren't But an RSA it's actually it actually changes the cryptography So what you want to make sure you're using is you want to use the optimal asymmetric encryption padding OAP if you're using RSA A lot of libraries have pkcs1 v1 5. I hope that's still readable on the bottom on the red It is no longer considered cryptographically secure It seems a little weird that padding is going to make a difference but an RSA it absolutely makes a difference I absolutely want to make sure that you are using OAP and So the next part is key derivation Also known as password hashing. This is the part I leave. I like the least. I hope all passwords die I Work at a company where we're trying to kill them But they're not going to die today So since they are there we definitely need to We definitely need to do them right And password hashing you should always use a key derivation function Some of us might be familiar with b-crypt it's been around for quite some time Pbkdf2 has been along for a long time. I forget what it is Something base key derivation function to a pseudo random Yeah, base key derivation function to if you are currently using md5 or shaw for hashing You have a legacy system that you're working with Please please please use a random salt Now right just add in a randomly generated value as a salt so that you can create some entropy there And then make some plans to move to a key derivation function Especially if you're building, you know devices that have a web portal or web access or you have you know a cloud solution that links to it 60% of your users have the same password on their bank account that they have on your device People don't want to have to remember passwords people hate passwords. I hate passwords You probably hate passwords. You probably have passwords that are used on more than one place Think about your users your users are doing the same thing and your users aren't as technical They don't understand the risk, right? So they're they've got it everywhere. Their bank is the same password They're emails the same password Right if I get your email address and you only have one right most non-technical people only have one email address I have everything I can do password resets on your bank accounts. I can it's just terrible things I Can get access to any system that you might possibly have and if you're using a very common bank If you're using Wells Fargo Bank of America, right? I'm in because I can do a password reset fairly simply. So please please please key derivation functions So what key derivation does it uses salt for entropy? It's not an option. Most of them will die. Well, most of them will automatically generate it for you It iterates to increase cost So it just keeps rehashing and rehashing and rehashing over and over and over again usually re-injecting the salt and It doesn't make it It makes a little less Excures it a little bit, but that's not the purpose. The purpose is is that it just takes time You're trying with passwords with hashing. You're trying to buy time When someone steals your passwords if you've used a good key derivation function unless someone has used one of the top 100 passwords They will not be able to crack it They will just give up If they do have one of the top 100s How much time that user has when you when you've been able to determine especially in a cloud-based solution if you've been how when you Determined that you have been hacked Your users need those three days to go change their passwords Right a good key derivation function on the top 100 will will give you up to three days to inform your users Hey, you need to go change your password. You go change your password everywhere that you have this password Some of them like I said earlier create costs via threads in memory and bigger is better, right? I have a mantra which is hash so it hurts if you can You can find a time that users don't think that there's something wrong with your system, but yet you're spending a lot of time hashing That's good. I try and tell people half a second right have a second when you're talking about computing that is an eternity but when you're talking to a Perception half a second is nothing logging into a system, right? Whether it's a device a website if you took half a second to log in you wouldn't think twice about it But that half a second allows you to do millions and millions and millions of iterations Which means that every time an assailant has to do on a brute-force attempt to try and regenerate it every attempt Is half a second right so if it's going to take them 10 million attempts It's five million seconds. They're gonna have to spend on one single password to try and crack it And it takes way more than 10 million attempts normally, right? So Bigger is always better and it makes a huge difference So which key derivation function should you use argon 2i is the new hotness, right? It's been around for a couple of years now. It's vetted. It's starting to make it into standard libraries for programming languages It is it's actually fairly amazing Because it allows you to use up additional threads. So one of the the big password hacking tools out there is a six very small Processors that are very good at math GPUs But if you use up multiple threads, it means you have to use multiple GPUs because a six are single threaded So you reduce the capacity to do cracking if you're using threads for Password hashing and if you're on a device Right, you can use threads. You're not you know if you're on a if you're on a web platform You got something out there threads are expensive because you have all of these other people by like all these other requests are buying for They're vying for resources and processing time, but on a device you don't have that So, you know argon 2i is actually really really good. It's a good use case for Being used on devices S-crypt is preferred It actually does time-based so you can instead of trying to determine What's going on as far as how long it should take? So well with a B-crypt you would determine that oh, I think about you know Two to the one thousandth is about a half a second where S-crypt you can just say just take half a second And it'll always be half a second regardless of if you're if you have chip upgrades And your stuff goes faster. It's going to do more iterations. It's going to do it based on time and it is fairly memory-intensive as well B-crypt has been around forever most of your programming libraries are going to have B-crypt Or a library or module that you can use with it and PBKDF2 is absolutely available on Linux because it's part of open SSL So you will have access to open SSL and basically every embedded Linux platform and PBKDF2 is there It's not as easy to manage as B-crypt or S-crypt what it is secure It's not doesn't like I said, it doesn't have the level of security But like I said, if you if you can't get B-crypt or S-crypt But you have open SSL PBKDF2 is there for you and absolutely ready to be used So if you don't have PHP You don't want to If you this is one of the places that this is a great joke because PHP has been thought of as the worst security platform on the planet Blame Wordpress don't blame PHP But it actually has the best password management stuff on the planet And you can actually use it for IoT. I do that sometimes don't hate me, but I think it's kind of cool So in the key duration functions, it depends on your on what library that you're using what's gonna be available right node has All four right it comes by default node comes in its crypto package. It's got a PBKDF2 It has packages that are reliable that are encrypted to see that use S-crypt B-crypt or argon 2i Python I have not seen argon 2i Python But I know that absolutely has S-crypt and B-crypt and Java Has B-crypt. I know for sure. It's good. It's likely gonna have an argon 2i as well. So And C is always gonna be there right because they write the reference implementation in C So that stuff's always gonna be available to you so Every app is different. We all know that right but there are commonalities that exist across most applications. I Will only recommend that that I know that works. There are other things that are out there That work really really well, but I've never used in the field So I'm not gonna make a recommendation on that because I can't tell you If it's secure or not. I work on systems that we have ethical hackers that are trying to break into it every single day Because we'll pay them if they do. I know these things work. I know that they're secure So if there's something that you think might be secure that's not up in here It's not because it's not secure. It's because I don't know and I have not proven how secure it is And if you think that your application is different right where you need to use something that's non-standard you should Talk to yourself about you know do the advantages outweigh the disadvantages of doing something special and using some less than less than vetted or less than secure cryptography method so Recommended types. I'm gonna use recommend use RSA asymmetric cryptography when transferring data when you're moving things back and forth between people RSA is going to be the most secure way to do that. You may need to mix it with AES If your packet size is too large or if you have an undetermined package size Alright, if you don't there's no way for you to absolutely know that it's going to be below 2k and you've got a 2k key You may want to mix it up Always always always always use cryptographly secure pseudo random number generators for keys So even if you're you know don't just come up with a word for a key right just use dev random Use something that's man like go to a web page that will generate it right you have cryptographly secure random number generators on the internet That will just give you a random value Don't make keys things that are deterministic And always always always use argon 2i script be crypto PBKDF for key derivation Use the strongest cryptographic That you can afford right AES 256 CBC shot to be six is the minimum RSA 2048 plus using PKCS B1 OAP and with a shot to be six for hash hash until it hurts The packages are out there If you're using a language like Python or any language that's not see Use a library that wraps a C library, right? Don't use somebody's Library that just kind of does it inside the code that may sound really cool, but it's not the package It's constantly being updated and vetted right use something that wraps a known C library known C library That's it are there any questions Okay. Yes Correct. So what he said is there's Based on entropy for generating random random numbers cryptographly secure pseudo random number generation that there are pieces of hardware That are built in that's not always necessarily going to be there The operating system provides additional entropy and it's all based on I mean if you're compiled for that chip So what I can tell you is in Linux. It's going to use whatever it has available to it for that compiled chip set to generate Good secure random good secure random number generation Whether that's using hardware that's installed or that's using additional information. It can determine And because you know you may have chips that just don't supply that But the operating system rely on the operating system to do that Don't try and figure it out yourself on how to generate a random number Right. And so his is the statement is to make sure that you your operating system is doing that properly Don't just assume that it is and look into it because there are different operating systems that for the embedded Linux stuff next question Well, when you're talking about radio transmission what I what I don't do it depends on what level security you need to have So even though Right, right, right. Well, you can always put just you can encrypt the data that you're transmitting So it's just like do you so do you trust seal? Do you trust CLS? Sometimes yes, right if it's not data that is super secure I will trust SSL going across if it's not I will encrypt the data that goes across the secure medium of the radio Right, so you can encrypt the data packet that you're sending across the secure radio if you're concerned about the security level of the radio I'm always concerned about man the middle attack regardless So I definitely worry about that on on what I build and what you build is certainly up to you We've got 25 seconds another question Yes, I mean elliptic curve and RSA are fairly similar right now as far as strength So that's correct. So elliptic curve. You can get it's a smaller size key to get the same security There are some issues with reference implementations right now with elliptic curve and like said, it's But there's not much you can control about that it is coming up and it is going to be the standard, right? It's going to overtake RSA just like RSA overtook the ESA and elliptic curve is what's used in RSA to Actually generate your shared secret when you're doing SSL, right? So it's out there the Diffie-Helman elliptic curve stuff is out there And it's going to be what comes up But the tried and true everything uses it everything doesn't write for the most part is RSA and that that's why I suggest it It's not that there's anything wrong with elliptic curve as long as you have the correct implementation It's just that RSA is super secure super standard. You get used everywhere and We're 40 seconds over so I really appreciate your time coming out to a crypto talk first thing in the morning. Thank you very much