Everything You Need To Know About Cryptography In 1 Hour
Everything you need to knowabout cryptography in 1 hourColin PercivalTarsnapcperciva@tarsnap.comMay 13, 2010Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Amazon AWS signature method 1(non-collision-free signing).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Amazon AWS signature method 1(non-collision-free signing).Flickr API signatures(hash length-extension).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Amazon AWS signature method 1(non-collision-free signing).Flickr API signatures(hash length-extension).Intel HyperThreading(architectural side channel).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Amazon AWS signature method 1(non-collision-free signing).Flickr API signatures(hash length-extension).Intel HyperThreading(architectural side channel).WEP, WPA, GSM. (various flaws).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel).SSL (session renegotiation).Amazon AWS signature method 1(non-collision-free signing).Flickr API signatures(hash length-extension).Intel HyperThreading(architectural side channel).WEP, WPA, GSM. (various flaws).Cryptography is usually broken for one of three reasons:Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel). StupiditySSL (session renegotiation). StupidityAmazon AWS signature method 1(non-collision-free signing).Flickr API signatures(hash length-extension).Intel HyperThreading(architectural side channel).WEP, WPA, GSM. (various flaws).Cryptography is usually broken for one of three reasons:Stupidity.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel). StupiditySSL (session renegotiation). StupidityAmazon AWS signature method 1 Using a tool wrong(non-collision-free signing).Flickr API signatures Using the wrong tool wrong(hash length-extension).Intel HyperThreading(architectural side channel).WEP, WPA, GSM. (various flaws).Cryptography is usually broken for one of three reasons:Stupidity.Using the wrong tools or using them in the wrong way.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Lots of people get cryptography wrong:Google Keyczar (timing side channel). StupiditySSL (session renegotiation). StupidityAmazon AWS signature method 1 Using a tool wrong(non-collision-free signing).Flickr API signatures Using the wrong tool wrong(hash length-extension).Intel HyperThreading Unusual environment(architectural side channel).WEP, WPA, GSM. (various flaws). Unusual environmentCryptography is usually broken for one of three reasons:Stupidity.Using the wrong tools or using them in the wrong way.Unusual environments.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekColin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Reality: Most applications only need a small set ofwell-understood standard idioms which are easy to get right.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Reality: Most applications only need a small set ofwell-understood standard idioms which are easy to get right.55 minutes from now, you should:Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Reality: Most applications only need a small set ofwell-understood standard idioms which are easy to get right.55 minutes from now, you should:Know what to do in 99% of the situations you’ll encounter.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Reality: Most applications only need a small set ofwell-understood standard idioms which are easy to get right.55 minutes from now, you should:Know what to do in 99% of the situations you’ll encounter.Know where some of the common mistakes are.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography in 1 hour?Conventional wisdom: Don’t write cryptographic code!Use SSL for transport.Use GPG for protecting data at rest.“If you’re typing the letters A-E-S into your code, you’re doingit wrong.” — Thomas PtacekReality: You’re going to write cryptographic code no matterwhat I say, so you might as well know what you’re doing.Reality: Most applications only need a small set ofwell-understood standard idioms which are easy to get right.55 minutes from now, you should:Know what to do in 99% of the situations you’ll encounter.Know where some of the common mistakes are.Know when you’re doing something non-standard and youreally need to consult a cryptographer.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Attacking people is almost always more dangerous thanattacking data.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Attacking people is almost always more dangerous thanattacking data.Data doesn’t hold press conferences to complain that it wastortured!Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Attacking people is almost always more dangerous thanattacking data.Data doesn’t hold press conferences to complain that it wastortured!(The information, not the android.)Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Attacking people is almost always more dangerous thanattacking data.Data doesn’t hold press conferences to complain that it wastortured!(The information, not the android.)The purpose of cryptography is to force the US governmentto torture you.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Why cryptography?Cryptography protects against some attacks, but not all.“Three Bs”: Bribery, Burglary, Blackmail.Fourth B: (Guantanamo) Bay.Attacking people is often more expensive than attacking data.Attacking people is almost always more dangerous thanattacking data.Data doesn’t hold press conferences to complain that it wastortured!(The information, not the android.)The purpose of cryptography is to force the US governmentto torture you.Hopefully they’ll decide that your information isn’t thatimportant.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Encryption prevents evil people from reading your data.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Encryption prevents evil people from reading your data.Authentication (aka. Signing) prevents evil people frommodifying your data without being discovered.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Encryption prevents evil people from reading your data.Authentication (aka. Signing) prevents evil people frommodifying your data without being discovered.Identification prevents evil people from pretending to be you.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Encryption prevents evil people from reading your data.Authentication (aka. Signing) prevents evil people frommodifying your data without being discovered.Identification prevents evil people from pretending to be you.Sometimes Authentication and Identification are performed ina single step: “this message hasn’t been modified since Iwrote it” and “I’m Colin” are replaced by a single “thismessage hasn’t been modified since Colin wrote it”.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Introduction to cryptographyCryptography has three major purposes: Encryption,Authentication, and Identification.Encryption prevents evil people from reading your data.Authentication (aka. Signing) prevents evil people frommodifying your data without being discovered.Identification prevents evil people from pretending to be you.Sometimes Authentication and Identification are performed ina single step: “this message hasn’t been modified since Iwrote it” and “I’m Colin” are replaced by a single “thismessage hasn’t been modified since Colin wrote it”.In most cases you will want to put together two or morecryptographic components.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.The ciphertext is the data evil people get to see.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.The ciphertext is the data evil people get to see.A key is used to convert between these. Sometimes we needseveral keys.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.The ciphertext is the data evil people get to see.A key is used to convert between these. Sometimes we needseveral keys.Symmetric cryptography is when converting plaintext tociphertext uses the same key as converting ciphertext toplaintext.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.The ciphertext is the data evil people get to see.A key is used to convert between these. Sometimes we needseveral keys.Symmetric cryptography is when converting plaintext tociphertext uses the same key as converting ciphertext toplaintext.Asymmetric cryptography is when the two directions usedifferent keys.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Cryptographic languageThe plaintext is the data we care about.The ciphertext is the data evil people get to see.A key is used to convert between these. Sometimes we needseveral keys.Symmetric cryptography is when converting plaintext tociphertext uses the same key as converting ciphertext toplaintext.Asymmetric cryptography is when the two directions usedifferent keys.Ideal cryptographic components don’t really exist, but if acryptographic component is recognizably non-ideal, it isgenerally considered to be broken.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingAn ideal hash function H(x) is a function mappingarbitrary-length inputs to n-bit outputs which is:Collision-resistant, andOne-way.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingAn ideal hash function H(x) is a function mappingarbitrary-length inputs to n-bit outputs which is:Collision-resistant, andOne-way.Collision-resistant means that it takes 2n/2 time to find twoinputs which have the same hash.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingAn ideal hash function H(x) is a function mappingarbitrary-length inputs to n-bit outputs which is:Collision-resistant, andOne-way.Collision-resistant means that it takes 2n/2 time to find twoinputs which have the same hash.One-way means that given a hash, it takes 2n time to findan input which has that hash.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingAn ideal hash function H(x) is a function mappingarbitrary-length inputs to n-bit outputs which is:Collision-resistant, andOne-way.Collision-resistant means that it takes 2n/2 time to find twoinputs which have the same hash.One-way means that given a hash, it takes 2n time to findan input which has that hash.Nothing else is guaranteed!Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingAn ideal hash function H(x) is a function mappingarbitrary-length inputs to n-bit outputs which is:Collision-resistant, andOne-way.Collision-resistant means that it takes 2n/2 time to find twoinputs which have the same hash.One-way means that given a hash, it takes 2n time to findan input which has that hash.Nothing else is guaranteed!In particular, knowing H(x) might allow an attacker tocompute H(y ) for some values of y .Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.DO: Consider switching to SHA-3 within the next 5-10 years(once NIST decides what it is, probably in 2012).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.DO: Consider switching to SHA-3 within the next 5-10 years(once NIST decides what it is, probably in 2012).DO: Use a hash when you can securely distribute H(x) andwant to validate that a value x ′ which you received insecurelyis in fact equal to x.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.DO: Consider switching to SHA-3 within the next 5-10 years(once NIST decides what it is, probably in 2012).DO: Use a hash when you can securely distribute H(x) andwant to validate that a value x ′ which you received insecurelyis in fact equal to x.DON’T: Use MD2, MD4, MD5, SHA-1, RIPEMD.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.DO: Consider switching to SHA-3 within the next 5-10 years(once NIST decides what it is, probably in 2012).DO: Use a hash when you can securely distribute H(x) andwant to validate that a value x ′ which you received insecurelyis in fact equal to x.DON’T: Use MD2, MD4, MD5, SHA-1, RIPEMD.DON’T: Put FreeBSD-8.0-RELEASE-amd64-disc1.iso andCHECKSUM.SHA256 onto the same FTP server and thinkthat you’ve done something useful.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
HashingDO: Use SHA-256.DO: Consider switching to SHA-3 within the next 5-10 years(once NIST decides what it is, probably in 2012).DO: Use a hash when you can securely distribute H(x) andwant to validate that a value x ′ which you received insecurelyis in fact equal to x.DON’T: Use MD2, MD4, MD5, SHA-1, RIPEMD.DON’T: Put FreeBSD-8.0-RELEASE-amd64-disc1.iso andCHECKSUM.SHA256 onto the same FTP server and thinkthat you’ve done something useful.DON’T: Try to use a hash function as a symmetric signature.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationSymmetric authentication is performed by providing amessage authentication code (MAC).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationSymmetric authentication is performed by providing amessage authentication code (MAC).An ideal message authentication code fk (x) uses a key to maparbitrary-length inputs to n-bit outputs such that it takes 2n time for an attacker to generate any pair (y , fk (y )) evenif given arbitrary pairs (x, fk (x)).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationSymmetric authentication is performed by providing amessage authentication code (MAC).An ideal message authentication code fk (x) uses a key to maparbitrary-length inputs to n-bit outputs such that it takes 2n time for an attacker to generate any pair (y , fk (y )) evenif given arbitrary pairs (x, fk (x)).Sometimes called a “random function”.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationSymmetric authentication is performed by providing amessage authentication code (MAC).An ideal message authentication code fk (x) uses a key to maparbitrary-length inputs to n-bit outputs such that it takes 2n time for an attacker to generate any pair (y , fk (y )) evenif given arbitrary pairs (x, fk (x)).Sometimes called a “random function”.Unlike hashing, knowing fk (x) does not allow you to computefk (y ) for some other y .Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationSymmetric authentication is performed by providing amessage authentication code (MAC).An ideal message authentication code fk (x) uses a key to maparbitrary-length inputs to n-bit outputs such that it takes 2n time for an attacker to generate any pair (y , fk (y )) evenif given arbitrary pairs (x, fk (x)).Sometimes called a “random function”.Unlike hashing, knowing fk (x) does not allow you to computefk (y ) for some other y .The Flickr API used hashing to authenticate API requestswhere they should have used a MAC.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.AVOID: CBC-MAC.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.AVOID: CBC-MAC.Theoretically secure, but exposes your block cipher to attacks.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.AVOID: CBC-MAC.Theoretically secure, but exposes your block cipher to attacks.AVOID: Poly1305.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.AVOID: CBC-MAC.Theoretically secure, but exposes your block cipher to attacks.AVOID: Poly1305.If your name is Daniel Bernstein, go ahead and use this.Otherwise, you’re never going to produce a secure and correctimplementation.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Symmetric authenticationDO: Use HMAC-SHA256.DO: Guarantee that you cannot have two different messagesresult in the same data being input to HMAC-SHA256.Amazon and Flickr both got this wrong.AVOID: CBC-MAC.Theoretically secure, but exposes your block cipher to attacks.AVOID: Poly1305.If your name is Daniel Bernstein, go ahead and use this.Otherwise, you’re never going to produce a secure and correctimplementation.DON’T: Leak information via timing side channels when youverify a signature.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksA side channel is any way that an attacker can getinformation other than the ciphertext.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksA side channel is any way that an attacker can getinformation other than the ciphertext.Cryptosystems are defined by their mathematical design,whereas side channels are inherently artifacts of howcryptosystems are implemented.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksA side channel is any way that an attacker can getinformation other than the ciphertext.Cryptosystems are defined by their mathematical design,whereas side channels are inherently artifacts of howcryptosystems are implemented.The most common side channel is timing – how long it takesfor you to encrypt/decrypt/sign/verify a message.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksA side channel is any way that an attacker can getinformation other than the ciphertext.Cryptosystems are defined by their mathematical design,whereas side channels are inherently artifacts of howcryptosystems are implemented.The most common side channel is timing – how long it takesfor you to encrypt/decrypt/sign/verify a message.Other side channels include electromagnetic emissions(“TEMPEST”), power consumption, and microarchitecturalfeatures (e.g., L1 data cache eviction on Intel CPUs withHyperThreading).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksDO: Consult a cryptographer if you’re planning on giving evilpeople physical access to anything which does cryptography(e.g., smartcards).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksDO: Consult a cryptographer if you’re planning on giving evilpeople physical access to anything which does cryptography(e.g., smartcards).DO: Consult a cryptographer if you’re planning on allowingevil people to run code on the same physical hardware as youuse for cryptography (e.g., virtualized systems).Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksDO: Consult a cryptographer if you’re planning on giving evilpeople physical access to anything which does cryptography(e.g., smartcards).DO: Consult a cryptographer if you’re planning on allowingevil people to run code on the same physical hardware as youuse for cryptography (e.g., virtualized systems).DO: Consult a cryptographer if you’re planning on releasing aCPU which leaks information in new and exciting ways.Colin PercivalTarsnapcperciva@tarsnap.comEverything you need to know about cryptography in 1 hour
Side channel attacksDO: Consult a cryptographer if you’re planning on giving evilpeople physical access to anything which does cryptography(e.g., smartcards).DO: Consult a cryptographer if you’re p
what I say, so you might as well know what you're doing. Reality: Most applications only need a small set of well-understood standard idioms which are easy to get right. 55 minutes from now, you should: Know what to do in 99% of the situations you'll encounter. Know where some of the common mistakes are.
GRE Geometry - Everything you need to know 500 videos 600 practice questions step-by-step study guide All you need. All for free . If you enjoy this unique learning format, let us know, and we'll add similar resources to our SlideShare page GRE Geometry - Everything you need to know .
You've taught me everything I need to know More than a family, more than a home You've taught me everything I need to know You've taught me everything I need to know Like you Did Aidan Mountford Once yours now my mug Old coffee stains still in the rug When I walk through these halls Feels like you're still around But when I open my eyes
Institute Chair Professor, Indian Institute of Technology, Kanpur. 09/11/2021 8 Careers in Science & Engineering Everything You Need to Know November 10, 2021 18:00-19:00 IST . Careers in Science and Engineering: Everything that You Need to Know Presentation slides are available now! The edited recording will be made available as soon as .
EVERYTHING YOU NEED FITNESS GUIDE Lays out all the fitness information you need to get results with the 10-Minute Trainer workouts. EVERYTHING YOU NEED NUTRITION GUIDE If you want great results, you need to eat healthy. This guide contains a recipe booklet of tasty, heal
Everything You Ever Really Needed to Know About Personal Finance On Just One Page . The cover of this document tells you the whole story. Everything you really need to know abut personal finance can be summarized in just one page. Spend less than you earn. Earn more. Live frugal. Do something sensible with the difference. Control your
work/products (Beading, Candles, Carving, Food Products, Soap, Weaving, etc.) ⃝I understand that if my work contains Indigenous visual representation that it is a reflection of the Indigenous culture of my native region. ⃝To the best of my knowledge, my work/products fall within Craft Council standards and expectations with respect to
If you think you don't need this, consult a cryptographer. He'll tell you that you're wrong. DO: Verify the authenticity of your encrypted data before you decrypt it. Colin Percival Tarsnap cperciva@tarsnap.com Everything you need to know about cryptography in 1 hour
Oh How I Need You [Lyrics, 104 bpm, 4/4] [Default Arrangement] by Stu Garrard, Leslie Jordan, David Leonard, and Paul Mabury Verse 1 Lord I find You in the seeking Lord I find You in the doubt And to know You is to love You And to know so little else Chorus 1 (Oh how I) I need You Oh how I need You Oh how I need You Oh how I need You Verse 2
