Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
applied cryptography

Applied Cryptography December 2017 ECDLP is the problem of finding - PowerPoint PPT Presentation

Mar 03, 2023 •328 likes •529 views

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security.There are many attacks that break

  1. Applied Cryptography December 2017

  2. …ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security….There are many attacks that break real-world ECC without solving ECDLP. The core problem is that if you implement the standard curves, chances are you're doing it wrong. https://safecurves.cr.yp.to/ 2

  3. The Basics

  4. Use the right primitives • Encryption != Integrity • Encryption != Authentication • Hashing != Encryption • Hashing != Irreversible (in general) Garbled != Senseless

  5. Understand your cryptographic libraries • Understand their purpose • Understand their assumptions • Validate input to the libraries • Check return values 5

  6. Side Channels

  7. Crypto black box • Perform complex mathematics • Fast enough to be suitable • On general purpose hardware • Correctly for all inputs Without any measurable side effect

  8. Side effects? • Data and error conditions • Processing time • Data access time • Power fluctuations • Electromagnetic emissions Acoustic emissions 8

  9. Password Storage

  10. What could be simpler? • Take password • Store in database • ….? • Profit!

  11. Step 1 – Hash it! • Get password • Store SHA256(password) • Preimage resistance for the win! Precomputed dictionary attack Everything* falls 11

  12. Step 2 – Hash it with salt! • Get password • Store random || SHA256(random|| password) • No precomputation! Active dictionary attack Pretty much everything falls 12

  13. Step 3 – Expensive hash it with salt! • Get password • Store random || PBKDF2(random|| password) • Slow computation! Active dictionary attack with acceleration Normal passwords fail 13

  14. Step 4 – Argon2d with salt! • Get password • Store random || argon2d(random|| password) • No acceleration! Active dictionary attack Bad passwords fail 14

  15. Step 2 – Argon2d with salt! • Get password • Store random || argon2d(random|| password) • *whew* Denial of Service? Data independence? 15

  16. Conclusions

  17. Think big • Crypto without math is wrong • Crypto without system context also wrong • Understand your users, your systems, and your libraries • Secure accordingly

  18. Thank you! scott.stender@nccgroup.trust @scottstender

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

858 views • 17 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

456 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

329 views • 11 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El Gamal Encryption Public-Key Cryptography Lecture 9 El Gamal Encryption Public-Key Encryption from Trapdoor OWP Public-Key Cryptography Lecture

2.11k views • 163 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

276 views • 24 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

340 views • 16 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

422 views • 7 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP CCA Security El Gamal Encryption

1.79k views • 162 slides
Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

856 views • 83 slides
FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004 Cryptography in FIPS 201 Cryptography in FIPS 201 Digital signatures on logical credentials o CHUID, X.509 certificates, biometrics Cryptographic

273 views • 12 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

894 views • 78 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

787 views • 76 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

268 views • 11 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.21k views • 57 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

323 views • 13 slides
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Bobs secret key is sk [ B ] and its associated public key is pk [ B ]. The public key setting assumes Alice is in possession of pk [ B ]. Alice pk [ B

622 views • 48 slides
Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker

Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker

Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker ping@zesty.ca kragen@pobox.com problems: design: solutions: practical matters: evaluation: problems: the big 5 problems: the big 5 1 many

961 views • 51 slides
Crypto: Passwords and RNGs CS 642 Guest Lecturer: Adam Everspaugh http://pages.cs.wisc.edu/~ace

Crypto: Passwords and RNGs CS 642 Guest Lecturer: Adam Everspaugh http://pages.cs.wisc.edu/~ace

Crypto: Passwords and RNGs CS 642 Guest Lecturer: Adam Everspaugh http://pages.cs.wisc.edu/~ace Topics Password-based Crypto Random Number Generators Symmetric Key Encryption key generation R k Gen K R M Enc C C Dec M

728 views • 29 slides
CS 4803 Person authenticating to a local computer Computer and Network Security Person

CS 4803 Person authenticating to a local computer Computer and Network Security Person

Authentication Verifying the identity of another entity Computer authenticating to another computer CS 4803 Person authenticating to a local computer Computer and Network Security Person authenticating to a remote computer Two

666 views • 6 slides
Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON.

Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON.

Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON. Belgium, 11 October 2019. 2 Background: Dragonfly in WPA3 and EAP-pwd = Password Authenticated Key Exchange (PAKE) Negotiate Provide mutual

1.98k views • 56 slides
Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as

Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as

Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as all keys are shared Use protocols to agree on a shared key (see earlier) Public key: bind identity to public key Crucial as people will

693 views • 41 slides
User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

672 views • 28 slides
BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER

BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER

BITLOCKER MEETS GPUS BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER Windows Vista, 7, 8.1 and 10 encryption feature (Ultimate, Pro, Enterprise, etc..) It encrypts several types of memory units

906 views • 30 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.