posts-go/docs/2023-08-23-real-world-crypt...

158 lines
7.0 KiB
HTML
Raw Normal View History

2023-08-23 17:09:04 +00:00
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.2.0/github-markdown.min.css"
/>
<title>haunt98 posts</title>
</head>
<style>
.markdown-body {
box-sizing: border-box;
min-width: 200px;
max-width: 980px;
margin: 0 auto;
padding: 45px;
}
@media (max-width: 767px) {
.markdown-body {
padding: 15px;
}
}
</style>
<body class="markdown-body">
<h2>
<a href="index.html"><code>~</code></a>
</h2>
<h1>
<a
id="user-content-real-world-crypto-101"
class="anchor"
aria-hidden="true"
2023-08-30 03:28:39 +00:00
tabindex="-1"
2023-08-23 17:09:04 +00:00
href="#real-world-crypto-101"
><span aria-hidden="true" class="octicon octicon-link"></span></a
>Real World Crypto 101
</h1>
<p>
My notes when reading
<a
href="https://www.manning.com/books/real-world-cryptography"
rel="nofollow"
>Real-World Cryptography</a
>
</p>
2023-09-10 18:03:48 +00:00
<h2>
<a
id="user-content-hash-function-convert-from-input-to-digest"
class="anchor"
aria-hidden="true"
tabindex="-1"
href="#hash-function-convert-from-input-to-digest"
><span aria-hidden="true" class="octicon octicon-link"></span
></a>
<strong>Hash</strong> function convert from input to digest
</h2>
2023-08-23 17:09:04 +00:00
<ul>
<li>Pre-image resistance: Given digest, can not find input</li>
<li>
Second pre-image resistance: Given input, digest, can not find another
input produce same digest. Small change to input make digest big change.
</li>
<li>Collision resistance: Can not find 2 input produce same digest.</li>
</ul>
2023-09-10 18:03:48 +00:00
<h2>
<a
id="user-content-mac-aka-message-authentication-code-produce-from-key-message-to-authentication-tag"
class="anchor"
aria-hidden="true"
tabindex="-1"
href="#mac-aka-message-authentication-code-produce-from-key-message-to-authentication-tag"
><span aria-hidden="true" class="octicon octicon-link"></span
></a>
2023-08-23 17:09:04 +00:00
<strong>MAC</strong> aka Message Authentication Code produce from key,
2023-09-10 18:03:48 +00:00
message to authentication tag.
</h2>
<ul>
<li>A send B message with MAC (generate from message and A key).</li>
<li>
B double check message with MAC (generate from receive message and B
key).
</li>
<li>A and B use same key.</li>
</ul>
2023-09-10 18:03:48 +00:00
<div class="highlight highlight-source-mermaid">
<pre><span class="pl-k">sequenceDiagram</span>
<span class="pl-k">participant</span> <span class="pl-ent">alice</span>
<span class="pl-k">participant</span> <span class="pl-ent">bob</span>
<span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">send alice, mac(secret_key_alice, alice)</span>
<span class="pl-ent">bob </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">compare mac(secret_key_alice, alice) with mac(secret_key_bob, alice)</span></pre>
</div>
<ul>
<li>
Prevent forgery: without secret_key, can not generate MAC even if
knowing <strong>a lot of</strong> alice and mac(secret_key, alice),
</li>
<li>Prevent collisions: keep MAC long enough (256-bit),</li>
<li>
Replay attacks: send transaction 2 times with perfectly MAC and u know
why -&gt; instead of mac(secret_key, alice), use
<strong>counter</strong> as mac(secret_key, counter, alice).
</li>
<li>
Verify must be done in <strong>constant time</strong>: if not, probaly
return error the moment the bytes differ -&gt; attacker recreate byte by
byte by measuring how long -&gt; timing attacks
</li>
</ul>
<p>Constant time comparision:</p>
<div class="highlight highlight-source-go">
<pre><span class="pl-k">for</span> <span class="pl-s1">i</span> <span class="pl-c1">:=</span> <span class="pl-c1">0</span>; <span class="pl-s1">i</span> <span class="pl-c1">&lt;</span> <span class="pl-en">len</span>(<span class="pl-s1">x</span>); <span class="pl-s1">i</span><span class="pl-c1">++</span> {
<span class="pl-c">// Use XOR instead of compare x[i] == y[i]</span>
<span class="pl-c">// If x[i] == y[i] -&gt; XOR is 1</span>
<span class="pl-c">// Otherwise XOR is 0</span>
<span class="pl-s1">v</span> <span class="pl-c1">|=</span> <span class="pl-s1">x</span>[<span class="pl-s1">i</span>] <span class="pl-c1">^</span> <span class="pl-s1">y</span>[<span class="pl-s1">i</span>]
}
<span class="pl-c">// v == 1 means all XOR is 1 means x == y</span></pre>
</div>
<p>Use for:</p>
<ul>
<li>
Integrity: because MAC ensure no one can tamper with message without
noticing
</li>
</ul>
<div class="highlight highlight-source-mermaid">
<pre><span class="pl-k">sequenceDiagram</span>
<span class="pl-k">participant</span> <span class="pl-ent">alice</span>
<span class="pl-k">participant</span> <span class="pl-ent">bob</span>
<span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">send username, password</span>
<span class="pl-ent">bob </span><span class="pl-k">--&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">return alice|mac(secret_key, alice)</span>
<span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">send alice|mac(secret_key, alice)</span>
<span class="pl-ent">bob </span><span class="pl-k">--&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">return OK</span>
<span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">send bob|mac(secret_key, alice)</span>
<span class="pl-ent">bob </span><span class="pl-k">--&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">return ERROR</span></pre>
</div>
<p><strong>HMAC</strong> is MAC using hash</p>
2023-08-23 17:09:04 +00:00
<div>
Feel free to ask me via
<a href="mailto:hauvipapro+posts@gmail.com">email</a> or
<a rel="me" href="https://hachyderm.io/@haunguyen">Mastodon</a>.
<br />Source code is available on
<a href="https://github.com/haunt98/posts-go">GitHub</a>
<a href="https://codeberg.org/yoshie/posts-go">Codeberg</a>
<a href="https://git.sr.ht/~youngyoshie/posts-go">sourcehut</a>
<a href="https://gitea.treehouse.systems/yoshie/posts-go">Treehouse</a>
<a href="https://gitlab.com/youngyoshie/posts-go">GitLab</a>
</div>
</body>
</html>