Contenu connexe Plus de Yung-Luen Lan (6) Cryptography11. Don’t Use ECB mode!
Block 1 Block 2 Block N…
Cipher 1 Cipher 2 Cipher N…
12. ECB: Cut & Paste
Cookie: auth=AES-ECB(username)
Cookie: auth=AES-ECB(1234567890123456admin)
13. ECB: Byte-by-Byte
• Oracle(m)=AES-ECB(m‖secret, key)
AES-ECB(123456789012345secret, key)
AES-ECB(123456789012345*secret, key)
AES-ECB(123456789012345ssecret, key)
AES-ECB(12345678901234secret, key)
AES-ECB(12345678901234s*secret, key)
AES-ECB(12345678901234sesecret, key)
AES-ECB(1234567890123secret, key)
A block: 16-bytes
30. (Crypto) Hash
• MD5, SHA1, SHA2, SHA3……
• input n output
• One-Way: H(x) x
• 2nd Pre-Image Resistance: y H(x) = H(y)
• Collision Free: x ≠ y H(x) = H(y)
38. data paddatadata
64bytes 64bytes 64bytes
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
SHA1: 0x0000000011111111222222223333333344444444
40. ? ???
64bytes 64bytes 64bytes
SHA1: 0x0000000011111111222222223333333344444444
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
41. ? ???
ytes 64bytes 64bytes
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
PadExtension
42. ? ???
ytes 64bytes 64bytes
v1: 0x55555555
v2: 0x66666666
v3: 0x77777777
v4: 0x88888888
v5: 0x99999999
SHA1: 0x5555555566666666777777778888888899999999
PadExtension
43. ? ???
ytes 64bytes 64bytes
v1: 0x55555555
v2: 0x66666666
v3: 0x77777777
v4: 0x88888888
v5: 0x99999999
SHA1: 0x5555555566666666777777778888888899999999
PadExtension
46. Comparison
public static boolean isEqual(byte digesta[], byte digestb[])
{
if (digesta.length != digestb.length)
return false;
for (int i = 0; i < digesta.length; i++) {
if (digesta[i] != digestb[i]) {
return false;
}
}
return true;
}
Java 6u15: MessageDigest.isEqual
47. Constant Time
Comparison ( )
public static boolean isEqual(byte[] a, byte[] b) {
if (a.length != b.length) {
return false;
}
int result = 0;
for (int i = 0; i < a.length; i++) {
result |= a[i] ^ b[i];
}
return result == 0;
}
57. 1 2 3 4 5 6 7
8 9 10……