railsconf 2019 slides

1. Modern Cryptography for the absolute beginner Jeffrey Cohen @jeffcohen cohen.jeff@gmail.com
4. Alan Turing
6. Secret Writing Steganography Cryptography Substitution Code Transposition Cipher From "The Code Book," by Simon Singh. Doubleday, 1999
7. Cryptography is not Security
8. Cryptography There are two primary use cases for digital cryptography: • • Verification Secrecy
9. Cryptography There are two uses cases for verification: • • Message tampering Authorship
10. Use Case: Message Tampering How can we verify that a message was transmitted perfectly without any accidental changes?
11. Use Case: Parity Bits
12. Use Case: Parity Bits Content: CAT
13. Use Case: Parity Bits Content: 01000011 01000001 01010100
14. Use Case: Parity Bits Content: 01000011 01000001 01010100 Even Parity: 11000011 01000001 11010100
15. Use Case: Parity Bits Content: 01000011 01000001 01010100 Odd Parity: 01000011 11000001 01010100
16. Check Digits
17. Check Digits 1. Sum the digits in the odd-numbered positions, then multiply by 3. 2. Add the digits in the even-numbered positions to the previous result. 3. Divide by 10, and keep the remainder. 4. If the remainder is not 0, subtract the remainder from 10.
18. Data Verification These are all synonyms! Checksum Hash Digest Fingerprint MD5 SHA-1 SHA-256 bcrypt
19. Use Case: Password Security Password: swordfish bcrypt hash: $20A6@3AC194F02... Reversing this process is impossible.
20. Symmetric Encryption
21. Symmetric Encryption Hello
22. Symmetric Encryption Hello "Advance by 1" Ifmmp
23. Symmetric Encryption Ifmmp Hello "Advance by 1"
24. Symmetric Encryption Hello Ifmmp Fortunately, this is reversible
25. Symmetric Encryption Hello DES AES-256 Blowfish Ifmmp Fortunately, this is reversible
26. Symmetric Encryption Hello Ifmmp But how do we transmit the key?
27. Symmetric Encryption
28. Public Key Cryptography Each key transforms data. They are called a pair because they mathematically exactly reverse the effect of the other key.
29. Public Key Cryptography One key is arbitrarily selected to be the public key, and the other will be the private key.
30. Public Key Cryptography Hello ??????
31. Public Key Cryptography Public Key Hello x9dak
32. Public Key Cryptography Public Key Hello x9dak Private Key
33. Use Case: Secret Message Mr. A Mr. B
34. Use Case: Secret Message Mr. A wants to send a secret message to Mr. B. Mr. A Mr. B, Meet me at noon for lunch. Your friend, Mr. A Mr. B
35. Use Case: Secret Message STEP 1: Mr. A encrypts the message with Mr. B's public key. Mr. A Mr. B, Meet me at noon for lunch. Your friend, Mr. A Li%8aja^@*9cmakA P91&*C9Naxw8723h Yolq&6209CKn02K Mr. B
36. Use Case: Secret Message STEP 2: Mr. B decrypts the message with Mr. B's private key. Mr. A Mr. B, Meet me at noon for lunch. Your friend, Mr. A Li%8aja^@*9cmakA Mr. B, P91&*C9Naxw8723h Meet me at noon for lunch. Yolq&6209CKn02K Your friend, Mr. A Mr. B
37. Use Case: Authenticity A1. Mr. A calculates the content's digest. A2. Mr. A encrypts the digest with his private key. This is the "wax seal". B1. Mr. B decrypts the digest value using Mr. A's public key. B2. Mr. B independently calculates the digest of the received content. B3. Mr. B expects the digests to match!
38. Wait a Minute! ssh-keygen -t rsa -b 4096
39. Wait a Minute! ssh-keygen -t rsa -b 4096
40. Wait a Minute! ssh-keygen -t rsa -b 4096 This won't work! RSA can only encrypt messages shorter than the "key length".
41. Wait a Minute! In reality, we use both! We use asymmetric cryptography to securely transmit a random symmetric key.
42. What's Next? Now: PKCS Soon: Elliptic-curve PKCS Future: Quantum implications?
43. Modern Cryptography for the absolute beginner Jeffrey Cohen @jeffcohen cohen.jeff@gmail.com