Crypto 101

The basics of Cryptography

Nishchal Gautam / @cyb3rhck

What is privacy?

And why should we care?

NSA

National Security Agency

PRISM?

Planning Tool for Resource Integration, Synchronization, and Management

Very powerful surveillance program from NSA.

So, What is Crypto?

Study of techniques for secure communication!

Something used to convert a message to nonsense!

Example!

The simplest Example would be:
Ceaser Cipher!

The Ceaser Cipher!

converts: I LOVE YOU to

C FIPY SIO

When the Key is: 20

Okay, How does it work?

Each letter is shifted by the key!

To Get it Back

Just shift in opposite direction!

Cons!

One can sit all day and try all 26 combinations!

Types of Encryption

  • Symmetric
  • Assymetric
  • Hybrid

Symmetric

Use same key for encryption and Decryption
Example: Ceaser Cipher!

Exchanging keys securely

Demonstration of symmetric key encryption.

Assymetric

It uses two different keys for encryption and decryption.

Which leads to:

Public Key Cryptography

Public Key Cryptography

Two Keys (A pair)

  • Public Key
  • Private Key

Public Key Cryptography

  • People Encrypt With Your Public Key!
  • You Decrypt that with your Private Key!

PGP

Pretty Good Privacy

PGP

is an Hybrid CryptoSystem.

So, GPG?

Is an free implementation of OpenPGP standard!

Demo Time!

Generating keys, (gpg --gen-keys)

Exporting keys to public key server (gpg --keyserver pgp.mit.edu --send-key [id])

Importing keys of your friends from public key server (gpg --search-keys --keyserver pgp.mit.edu "[email]") (gpg --recv-keys --keyserver pgp.mit.edu [key_id])

Encrypting a message and sending (gpg --encrypt-files)

Decrypting a received files (gpg --decrypt-files)

Signing a message

Using enigmail with thunderbird

Do's and Dont's on cryptography

  • Never ever try to use your own algorithm on production
  • Use only tested and verified encryption libraries.
  • Do not encrypt passwords, always hash 'em
  • Do not use depriciated hashing algorithm or any algorithm which is no longer accepted as a good practice such as MD5 or SHA1

Do's and Dont's on cryptography contd.

  • Do not store decryption key in a plain text format.
  • Encryption should always happen at users' end.
  • Always use latest version of library while developing any application.
  • Do not enter credit card details or other sensitive information on any application which do not run on https
  • Thank You!