Cryptographic Keys

Generating cryptographic keys requires high-quality random (unpredictable) data. The usual approach: Create Cryptographically-secure Pseudo-Random Number Generator (CPRNG) with at least 256 bits of entropy. After seeding, practically unlimited “key-grade” random data can be generated.

How to get entropy?

  • Physical processes (e.g. disk access, user input, network events, …)
  • Store some entropy and reuse between reboots
  • Initial seeds from outside (for VMs)

Information-Theoretical Entropy

Entropy is the measurement of uncertainty.

The unit for entropy is:

  • for one symbol: bit
  • for a sequence of symbols: bit/symbol
  • for density: bit/bit (or none)
$$ \begin{array} {lcl} E=-\displaystyle\sum_{i=0}^{n-1}{p_i*\log_{2}(p_i)} \end{array} $$

for n symbols with probability p_{0}, …, p_{n-1}

Example

A source can emit 128 different symbols, all equally probable.

  • Entropy per symbol: 7 bit
  • Stream-Entropy: 7 bit/symbol

Seeding

Seeding defines the order of the output generated from the pseudo-random number generator.

Examples on Linux are: /dev/random and /dev/urandom, which must be seeded before use. Bad seeding can lead to bad random numbers.

Bad seeding practices:

  • seeding with time (predictable)
  • seeding with single entropy source
  • waiting a few seconds after boot
  • seeding with cloned file (vm or image clone)
  • Java’s SecureRandom() with broken implementation (Android…)

Using cryptography with keys generated from badly seeded CPRNGs is worse than not using cryptography at all! False sense of security!

Hardware RNG

Hardware RNGs produce “true” randomness, usually from thermal noise and/or quantum effects (quantum effects are often called “true random” simply because we do not understand how they work).

Their main advantage is, that they do not depend on any external interactions or software. But you have to trust them. If they are broken, you are screwed.

Passwords

Passwords are used to verify that you are who you claim to be.

Passwords are disliked because:

  • the system might claim that you need to be more secure
  • the system may force you to change it regularly
  • the system may decrease security be offering “recovery” by mail
  • the password may get stolen (and used to log in to other systems)
  • can be guessed (if bad)

Storing Passwords

Solution 1: Plaintext

If hacked, attacker has all password. Bad solution.

Solution 2: Crypto Hash

Hash the password and store it in the database. Verify by comparing h(user_pwd) to h(pwd). Attacker only gets h(pwd), but can be reversed.

  • Bruteforce: CPU or GPU (GPU >1000x faster than CPU)
  • Rainbow table: Compute once, break many
  • Dictionaries: Common password lookup tables

Solution 3: Salted Crypto Hash

If possible, use Argon2 whenever possible. Alternatives: bcrypt or scrypt.

Do not use PBKDF2 because it is not memory-hard and susceptible to graphics card attacks.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a method of access control where a user must provide multiple pieces of evidence to prove their identity. The most common factors are:

  • knowledge (e.g. password)
  • possession (e.g. key)
  • inherence (e.g. fingerprint)

Today, the typical first factor is a password and the second is often an authenticator app or device.

Time-based One-time Password (TOTP)

TOTP is an algorithm that computes a one-time password from a shared secret key and the current time.

Implementation aspects:

  • secret usually transfered as QR code
  • interval typically 30 seconds
  • maximum time skew configurable
  • code reuse needs to be prevented (once a code has been used it should be invalidated)
  • add emergency codes for recovery or in case of loss of device

Remarks:

  • secret can be extracted on server-/client-side
  • client-side can be multiple devices
  • clock sync is important
  • man-in-the-middle still possible
  • TOTP app and password entry on same device is only 1FA

Disk Encryption

Securely storing private data is done in one of the following ways:

  • encrypt everything (e.g. full disk encryption)
  • do not store private data
  • abstract or anonymize private data

Disk Encryption

Refers to encrytion done by the operating system or storage device.

  • Full Disk Encryption: LUKS (Linux) or BitLocker (Windows).
  • File Encryption: EncFS (Linux) or EFS (Windows).

Note: File-level encryption is less secure but more flexible.

But disk encryption only protects data at rest. This means it protects against:

  • disks being stolen
  • non-running devices being stolen (what about servers or laptops?)

Cloud Encryption

Cloud encryption usually means disk encryption. The benefits and risks are the same as for normal disk encryption. Additionally:

  • no protection against cloud provider
  • keys may leak to other VMs on same hardware

Note: Assume data in the cloud is only secure if it never reaches it non-encrypted.

Practical Exercise

Assuming a source that generates 256 characters which are equally distributed. What is the entropy per symbol?

8 bit/symbol

How would the entropy behave with a different distribution? Would the entropy be higher or lower?

A uniform distribution provides the highest entropy, because it is the most unpredictable.

Why is high entropy important for cryptography?

High entropy means that the data is unpredictable, which is important for cryptography.

Interpretation: Four Horsemen of the Infocalypse

The four horsemae of the infocalypse are used to scare people to surrender their rights to privacy, anonymity and freedom of speech. They are used to justify mass surveillance and censorship.

The original four horsemen are

  • drug-dealers
  • money-launderers
  • terrorists
  • pedophiles

but could now include all kinds of crimes (e.g. intellectual property pirates, or others)