https://missing.csail.mit.edu/2019/security/
Security and Cryptography Overview
- Focus on security concepts relevant to tools like Git and SSH.
- Emphasis on practical cryptography concepts.
- Not a substitute for formal security training.
Entropy: Measuring Randomness
- Entropy quantifies randomness, crucial for password strength.
- Measured in bits; higher values indicate stronger passwords.
- Example:
correcthorsebatterystaplevsTr0ub4dor&3
Understanding Hash Functions
- Maps arbitrary data to fixed-size values.
hash(value: array<byte>) -> vector<byte, N> (for some fixed N)- Properties:
- Deterministic,
- non-invertible,
- collision-resistant.
- Example: SHA1, although no longer considered strong.
printf 'hello' | sha1sumApplications of Hash Functions
- Used in Git for content storage.
- Summarizes file contents; aids in data verification.
- Commitment schemes in secure communications.
Key Derivation Functions (KDFs)
- Produce keys from passphrases for cryptographic use.
- Designed to be slow to resist brute-force attacks.
- Applications:
- Creating encryption keys
- Storing login credentials.
passwdSymmetric Cryptography
- Uses a single key for both encryption and decryption.
- Keygen produces a random key for secure communication.
- Example:
- AES (Advanced Encryption Standard).
Asymmetric Cryptography
- Involves a public and a private key.
- Public key for encryption, private key for decryption.
- Used in PGP email, private messaging, and software signing.
Key Distribution Challenges
- Distributing public keys and associating them with identities.
- Methods vary: Signal’s trust on first use, PGP’s web of trust, Keybase’s social proof.
Practical Security Tools
Password Managers
- Store high-entropy passwords securely.
- Examples: KeePassXC, pass, 1Password.
Two-Factor Authentication
- Enhances security by requiring an additional authentication factor.
Full Disk Encryption
- Protects data on stolen laptops.
- Tools:
- Linux: cryptsetup + LUKS,
- Windows: BitLocker,
- macOS: FileVault.
Private Messaging Security
- Signal and Keybase use asymmetric encryption for privacy.
- Key exchange is crucial for secure communication.
SSH: Secure Shell
- Asymmetric key pair generation with
ssh-keygen. - Private key encrypted, public key shared for server access.
- Uses challenge-response for identity verification.
Conclusion and Additional Resources
- Cryptography is a cornerstone of modern digital security.
- Cryptographic Right Answers.