►
Description
Tales from the Crypt: Cryptography Primer - Adam Englander, iovation
Cryptography is a complex and confusing subject. There seems to be more disinformation than actual information. Learn how to properly use cryptography to secure user credentials and sensitive data. We will discuss cryptographic methodologies and algorithms available to Node.js. The focus will be on encryption, digital signatures, and hashing. We will discuss methodologies as part of a compare and contrast based on cryptography strength and randomness.
About
A
So
this
talk
is
Tales
from
the
Crypt,
a
cryptography,
primer
and
I'm,
actually
with
innovation.
Now
we
recently
got
purchased
that
I
guess
I
wasn't
a
pity,
but
that's
fine,
but
really
quick,
like
30
seconds
on
Who
I
am
so
I'm
a
senior
engineer,
innovation,
I'm
IOT
enthusiasts.
Actually
last
year,
I
gave
a
talk
on
IOT
security
and
I
am
an
NJ
b
division,
one
girls,
basketball
coach,
which
is
my
passion.
A
So
what
are
we
going
to
discuss
here
for
the
next
little
bit
we're
going
to
talk
about
common
methods
in
terms
used
for
cryptography,
an
application
development
there's
a
lot
more
stuff
that
goes
on
with
cryptography,
but
we've
only
got
15
minutes.
So
I
can
only
talk
about
so
much
and
please
don't
dwell
if
you're
like
me
when
I
started
working
at
launch
key
/
renovation,
I
thought,
I,
understood,
crypto
and
then
I
found
out.
A
I
knew
I
didn't
know
what
I
didn't
know
and
I
knew
weigh
less
than
I
thought
and
I
didn't
understand
the
way
that
I
thought
I
did.
If
you
find
yourself
in
the
same
position
after
this
talk,
going
wow
we're
doing
that
completely
wrong,
don't
feel
bad
about
it,
everybody
does
it
just
move
on
all
right
fixing
moving
forward.
A
So,
if
you
don't
know,
and
if
you're
a
complete
noob,
which
is
perfectly
okay,
cryptography
is
the
practice
and
study
of
techniques
for
secure
communication
and
the
presence
of
third
parties
called
adversaries.
That's
a
great
definition
out
of
a
Wikipedia,
but
what
does
it
really
mean?
Is
it
basically
cryptography
is
obscuring
data
in
a
way
that's
difficult
and
costly
to
duplicate,
reverse
so
application
development,
that
is
the
real
world
use
you're,
trying
to
make
it
very
hard
for
people
to
decrypt
your
data
and
recreate
passwords.
A
So
good
cryptography
has
a
high
level
of
entropy.
That's
a
great
buzz
word
in
the
crypto
world
entropy.
But
what
it
really
means
is
that
encrypted
or
hash
data
has
a
low
level
of
predictability,
so
you're
trying
to
reduce
patterns,
but
all
data
has
patterns,
and
that's
why
entropy
is
so.
If
you're
talking
about
passwords
all
right,
there's
this
thing
called
the
top
100
passwords
and
those
top
100
passwords
comprise
about
ten
percent
of
everyone's
passwords.
A
All
right
password,
one
I
hate
passwords,
all
right,
whichever
ones
you
add,
tell
them
that
they
can't
use,
they
go
find
other
ones,
and
so
you
have
common
data.
All
right,
you'll
have
common
dates
that
people
use
for
birth
dates.
Things
like
that.
What
you're
trying
to
do
is
you're
trying
to
make
those
pieces
not
look
the
same,
and
when
you
remove
those
patterns,
what
you're
doing
is
you're
increasing
the
difficulty
and
making
it
more
costly
to
reverse.
A
So
if
you've
got
patterns
in
your
data,
it's
less
costly,
it's
easier
for
hackers
to
figure
out
what
you're
doing
so.
Here's
a
great
example
of
poor
entropy.
We
actually
have
a
poster
of
this
stuff
in
our
office,
so
this
is
a
tux
everybody's
favorite,
linux
penguin,
and
this
is
what
is
been
considered
good
cryptography
for
a
long
time.
This
is
a
es
with
ebc,
so
electronic
cookbook,
sorry
ECB
bc,
ECB
and
electronic
cookbook
does
not
have
really
good
entropy
because,
as
you
can
see,
the
encrypted
data
has
a
very
distinct
pattern.
A
It
looks
just
like
the
old
one
and
everywhere
that
was
white
has
the
same
value
on
the
new
on
the
new
value
everywhere.
That
was
black
has
the
same
value
so
in
this
particular
type
of
encryption
with
poor
entropy.
You
don't
have
to
solve
every
piece
you
just
have
to
solve.
One
of
the
black
pieces
and
you've
got
all
of
them.
A
You
have
to
solve
one
of
the
white
pieces,
you've
got
all
of
them
and
then,
once
you
get
most
of
your
data,
you
can
kind
of
munge
the
rest
and
figure
it
out
so
ways
that
you
can
increase.
Entropy
is
mixing
in.
This
is
a
great
phrase:
cryptographically
secure,
pseudo-random
data,
that's
a
great
big
term.
Pseudo-Random
is
something
you'll
hear
a
lot,
because
it's
not
actually
random.
It
just
kind
of
looks
random
in
the
form
of
an
initialization,
vector
or
salt.
A
So
if
you've
been
using
crypto
you're
wondering
what
this
IV
is
for,
the
initialization
vector
is
to
should
be
random
and
that
will
increase
your
entropy
so
that
if
you
have
the
same
value,
if
you
have
the
same
password
one
and
you're
in
your
password
hashes,
the
values
that
come
out
are
going
to
be
different,
which
is
important.
That's
the
important
part,
and
also
you
can
increase
entropy
with
feedback
loops.
A
So
here's
an
example
of
a
really
good
feedback
loop,
and
this
is
for
AES
encryption
using
a
cipher
block
chain.
So
cipher
block
chain
is
kind
of
the
standard
for
doing
block
based
encryption.
And
if
you
take
a
look
at
what
it's
doing
is
it's
basically,
you
take
your
initialization
vector
because
that's
where
you
have
to
start-
and
hopefully
that's
random
and
you're,
mixing
it
with
your
plain
text
for
that
particular
block
you're.
A
Putting
on
your
encryption
cipher
against
it,
you're
getting
your
cipher
text
and
that
cipher
text
is
now
the
initialization
vector
for
the
next
set
and
what
that's
doing
is
that's
creating
entropy,
because
on
the
first
example,
you
saw
that
every
time
you
encrypted
white,
it
came
out
the
same
value.
Well,
this
time,
every
time
in
white,
it's
going
to
have
a
different
value,
because
the
encrypted
value
of
the
previous
one
is
now
being
used
in
the
next
one,
and
this
is
where
the
block
chain
comes
from
right.
A
If
you've
heard
about
cryptocurrency
and
all
this
kind
of
stuff,
this
is
what
they
mean
by
blockchain
means
that
you
cannot
decrypt
the
last
piece
without
having
decrypted
the
first
piece.
You
have
to
go
all
the
way
down
the
chain
to
figure
out
the
pieces
as
they
go
in
so
that
you
have
to.
You
can
tell
if
any
of
the
data
has
been
in
compromise,
who's
been
compromised,
it's
not
going
to
come
out
the
same
at
the
end,
and
so
this
is
a
good.
Entropy
looks
like
so.
A
This
is
a
ESC
bc,
I'm
using
the
cipher
block
chain
that
we
just
saw
there,
and
you
can't
tell
if
that
was
a
picture
at
all
and
that's
what
you
want.
This
is
what
you're
trying
to
get
you're
trying
to
get
something
that
doesn't
represent
your
ease
of
your
previous
data
whatsoever.
This
is
hard
to
crack
and
I
kind
of
over
a
little
bit,
but
there's
a
big
difference
between
localized
and
global
entropy.
A
So
when
you
have
a
random
when
you're
doing
your
block
chaining
right,
you're,
creating
local
entropy
on
that
piece
of
data,
so
each
block
inside
of
your
data,
even
if
you
have
the
same
value
right.
If
you
encrypt
a
five
letters
of
at
five
letter
A's,
it's
not
going
to
be
the
same
value
each
time,
but
it's
also
important
throughout
your
data
that
you're
going
to
have
global
entropy.
A
So
your
entire
data
set
is
has
better
entropy,
because
if
you
encrypt
5
5
a's
and
you
have
it
in
there
a
hundred
times,
it's
different
every
time,
so
you
can't
just
determine.
Oh,
these
are
all
the
same.
I'm
gonna
go
find
that
you
know
so.
I'm
gonna
happen.
Your
database
and
I
wants
a
particular
date
of
birth.
I
can
find
oh
well.
If
I
crack
this.
One
I
now
have
a
thousand
dates
of
birth.
Instead
of
maybe
this
other
one
that
only
has
20,
so
it
makes
it
an
easier
attack
vector.
A
So
this
way,
if
they
want
to
decrypt
and
try
and
hack
your
data,
they
have
to
do
it
one
at
a
time
same
team
with
passwords,
because
passwords
is
this
across
your
data,
no
matter
what
your
data
is,
there's
going
to
be
passwords,
even
if
it's
going
to
be
oh
well,
most
of
our
user
IDs
start
with
you.
If
you've
got
an
ID,
that's
a
numeric
value.
You
may
have
most
of
them
at
least
a
thousand
of
them
start
with
this
number
right.
A
So
you
don't
want
that
always
to
be
the
same.
If
you're
encrypting
those
things,
because
you
don't
want
to
aid
your
adversaries,
you
don't
wanna,
make
it
easy
on
them.
So
there's
different
cryptographic
types.
The
two
will
discuss
here
are
symmetric
key
cryptography,
which
is
shared
secrets
and
a
symmetric
key
cryptography
which
is
public/private
key
pairs.
You
probably
use
both
of
these
and
you
definitely
use
every
day
and
may
not
know
it,
and
each
one
of
them
has
a
different
trust
level.
A
If
you're
going
to
share
keys
with
someone,
you've
got
to
trust
that
they
can
keep
that
key
safe,
because
if
they
can't,
then
your
whole
scheme
is
now
broken.
So
if
you're
sharing
with
other
parties,
you
may
want
to
consider
using
a
symmetric
key
cryptography
where
they
don't
have
all
the
data.
It's
a
little
more
complicated
a
little
more
work,
but
you
don't
have
to
worry
about
if
they
get
compromised.
You're
compromised.
A
A
A
Digital
signatures
are
used
to
verify
the
data
authenticity
of
the
data.
Sometimes
a
digital
signature
is
not
more
than
a
hash.
All
those
are
terribly
secure
if
you've
done
a
download
before
you've.
Seen
the
you
know
the
Shah
hash
and
the
md5
hash
all
that
type
of
stuff.
That's
the
verify.
The
data
is
accurate,
although
you
have
to
assume
that
if
they've
hacked
that
they
probably
hack
the
hash
too,
but
in
this
particular
situation,
its
signing
data
using
secrets
so
that
you
can
determine
the
authenticity
of
the
data
to
use
mostly
in
data
transfer.
A
So
when
you
receive
data
from
someone
you
want
to
make
sure
it
hasn't
been
tampered
with
along
the
way
through
man.
Middle
attack,
you
want
to
make
sure
that
data
is
accurate
and,
like
I
said
it
cannot
be
reversed,
but
can't
be
reproduced
for
for
verification
and
there's
key
derivation.
So
key
generation
is
what
we
call
password
hashing.
It
cannot
be
reversed
and
it's
computationally
expensive
by
design-
and
this
is
the
important
part
important
part
of
password
hashing-
is
computationally
expensive
by
design
if
you're
doing
standard
hashing,
it's
not
expensive
right
to
do.
A
An
mp5
takes
all
snow
time
and
we'll
kind
of
go
through
a
little
bit
that
in
a
minute,
so
symmetric
key
cryptography
uses
against
your
secrets:
cipher
algorithms,
against
blocks
or
streams
of
data,
you're,
probably
using
blocks
unless
you're
doing
video
streaming
or
audio
streaming,
or
something
like
that.
Most
people
are
doing
block,
you're,
moving
blocks
of
data,
and
that's
going
to
be
good
enough.
So
we'll
talk
about
blocks
do
not
use
electronic
cookbook
still
in
there.
It's
still
everywhere
available
as
an
option
for
backwards
compatibility.
Do
not
use
it
all
right.
A
A
There's
this
whole
idea
of
collisions,
which
you
don't
want,
is
you
don't
want
two
pieces
of
data
being
able
to
have
the
same
signature?
So
you
want
to
have
a
hashing
algorithm
that
has
enough
it's
large
enough
for
your
data
set
you're
not
going
to
have
collisions.
Sha256
is
considered
safe
for
most
pieces
of
data.
If
you've
got
gigantic
data,
yeah
you're
going
to
change
that,
but
sha256
is
going
to
be
a
really
good
option
for
a
symmetric
key
cryptography.
So
our
NSA
is
common
and
available
in
node.
A
It
uses
very
large
prime
managers,
it's
very
computationally
expensive
and
it
uses
key
pairs
to
protect
secrets.
So,
in
order
for
us
to
move
encrypted
data
back
and
forth,
I
have
a
set
of
keys.
You
have
a
set
of
keys
I
encrypted,
with
my
set
give
it
to
you,
you
encrypt
with
your
set,
give
it
to
me
and
you've
got
a
private
key
to
public
keys.
So
private
key
is
secret.
You
don't
give
it
to
anyone
ever
ever.
A
So
if
you're
doing
it
yourself,
if
you're
just
storing
the
data
yourself,
you
can
just
use
the
private
key,
but
the
public
key,
the
key
that
you
give
out
to
anyone
who
needs
to
be
able
to
encrypt
data
to
send
to
you
or
to
verify
a
signature
of
your
data,
that's
what
you
give
out,
because
they
can
only
encrypt
and
verify
signatures.
It
does
not
have
enough
data
to
do
the
reverse
key
size
and
hash
algorithms
are
very
important
for
this.
The
minimum
recommended
key
size
is
2048.
It's
too
easy
to
crack
1024.
A
If
you've
used
a
browser,
all
right,
google
has
said
we
will
anyone
who
has
a
key
size
smaller
than
2048
we're
going
to
tell
you
that
it's
not
secure.
So
a
lot
of
you
that
have
websites
have
had
to
upgrade,
and
this
is
why-
and
you
want
the
same
thing
when
you're
doing
your
local
data,
so
sha-1
is
considered
safe
because
of
the
way
that
it
does
its
signatures.
A
A
Our
icing
has
data
limitations,
so
it
can
only
encrypt
or
signed
up
for
the
length
of
key
size
which
is
problematic
right.
If
you
have
a
24
th
e,
you
can
only
do
2k
of
data
most
transactions,
that's
fine,
some
transactions
it
may
not,
which
is
why
it's
often
mixed
with
symmetric
key
cryptography.
So
if
you've
used
Jose
or
anything
like
that,
using
a
JSON
web
encryption,
your
you
can
use
it
to
actually
use
the
RSA
to
encrypt
the
keys
that
you
use
for
actually
using
symmetric
encryption.
A
So
you
create
random
keys
in
IVs
encrypt
your
data
using
that
using
AES,
which
is
very
fast,
induces
large
amounts
of
data,
and
then
you
encrypt
the
key
and
the
IV
using
your
RSA
and
send
it
that
way.
So
you
have
a
different
key
tivy
every
time
which
adds
an
extra
security
and
signature
is
use
hashing.
So
if
your
signature,
if
the
day
that
you're
signing
is
larger
than
the
key
size,
it's
going
to
hash
it
so
that
it
can
actually
fit
it
padding
in
RSA
is
how
it
creates
entropy.
A
So
it's
important
to
use
a
good
padding
scheme.
Usually
a
padding
scheme
doesn't
matter,
you
just
use
it
for
making
sure
that
everybody
else
understands.
What's
your
padding
scheme
is,
and
then
it's
used
by
someone
else,
and
you
can
tell
them
what
it
is,
but
for
RSA,
it's
crucial,
p
kc
s,
one
patty
is
not
safe.
Do
not
use
it
use,
oh
I,
a
P
which
is
defined
in
the
crypto
library
as
peak
RS,
APK
cs100,
a
P
petting,
make
sure
you're
using
oap
padding.
Otherwise
it
is
not
safe.
A
It's
key
derivation
functions
like
we
said,
like
pashley
like
never
use,
md5
or
Shaw
for
a
password.
It's
super
common
to
find
this,
especially
in
legacy
code
that
you're
using
some
sort
of
hashing
algorithm
to
do
passwords
because
ten
years
ago
is
considered
safe.
Because
ten
years
ago
you
didn't
have
a
thousand
GPUs
inside
of
a
board
that
you
could
just
go
crack
passwords
all
day.
Today,
that
is
the
case.
Only
use
key
derivation
functions
in
jets,
assault
for
entropy
make
sure
your
salt
is
random
and
it
does
interation.
A
Is
it
just
as
more
and
more
hashing
iterations
to
increase
costs?
The
idea
of
password
hashing
through
key
derivation
is
to
make
it
expensive.
It's
not
that
it
can't
be
duplicated.
It
just
has
to
be
very
expensive
to
do
so,
and
if
you
use
the
right
algorithms,
people
who
try
and
hack
your
site
will
try
and
get
the
most
recent
passwords,
the
top
100
passwords
and
then
they'll
just
stop
so.
Users
that
are
trying
to
be
security.
A
Conscious
will
be
safe
enough
for
you
to
find
out
that
you've
been
breached
and
give
them
the
alert
to
change
their
password.
That's
all
you're
trying
to
do
is
buy
time,
so
bigger
is
better.
So
the
more
time
it
takes
the
safer.
Your
users
are
the
more
time
you
have
to.
Let
your
users
know
that
you
had
a
breach
that
they
need
to
go
change
their
passwords
if
they
have
that
pass
for
that
site
and
for
any
site
that
they've
used
that
password
on
elsewhere.
A
If
you're
wondering
what
key
derivation
function
to
use
so
our
gone
to
I
is
the
new
hotness
in
one
the
nice
password
hashing
competition
there's
some
questions
because
it's
only
been
around
for
a
couple
years
that
hasn't
really
been
proven,
tried
and
true.
But
if
you
want
the
best
password
hashing
on
the
planet,
you
want
argon
to
I.
A
A
script
has
been
around
for
quite
some
time
and
it
does
not
have
a
maximum
password
length
and
it's
a
does
time-based,
so
you're
going
to
be
able
to
get
the
same
kind
of
values
that
you're
going
to
get
the
higher
values
that
you
want
based
on
time.
Bcrypt
is
acceptable,
but
don't
use
pd,
p,
BK
df2,
if
you
have
to,
if
you
have
no
options
for
installing
anything
on
your
server,
you
can
use
PP
k
DF
to
it
comes
built
in,
but
it's
not
super
super
secure
and
it's
not
really
forward.
A
It's
not
forward
safe.
All
of
these
other
things
bcrypt
a
script.
An
argon
to
I,
are
storing
the
hashing
information
inside
of
the
hash.
So
you
know
what
was
used,
so
you
know
how
many
iterations
they
were.
So
if
you
want
to
increase
that
at
some
time,
you
can
do
that
so
they're
they're
much
better
option
if
you'd
be
able
to
just
give
it
a
password
and
figure
it
out.
A
You
don't
remember
how
many
iterations
and
that
type
of
stuff,
you
only
have
to
know
the
number
of
iterations
when
you
create
the
password,
but
no
passwords
are
best.
So
if
you
have
an
option
to
not
start
passwords,
I'm
gonna
suggest
don't
all
right.
The
less
information
that
you
have
for
attackers
to
get
the
less
likely
you
are
to
be
attacked.
I,
have
recommendations
so
use
RSA,
a
symmetric
key
cryptography
when
transferring
data.
A
If
you're
moving
it
back
and
forth,
you
don't
want
to
trust
other
people
with
your
sensitive
information
with
keys,
and
you
don't
want
to
have
the
keys
to
someone
else's
kingdom.
You
don't
want
to
have
the
secret
of
someone
else
who
accesses
their
data
on
your
system.
If
you
don't
have
to
mix
AES
with
random
keys
and
IVs
for
transfer.
A
So
if
you're
you
can
rea
using
AES
and
random
keys
and
IVs,
they
can
crack
it
once,
but
probably
not
again
always
use
crypto
random
bytes
for
randomness
do
not
use
anything
else
for
generating
random
values.
It
is
not
cryptographically
secure
and
use.
Bcrypt
s,
crimped
or
argon
to
I
for
passwords,
always
always
always
strengths.
A
Aes
256
CBC
is
the
minimum
use
that
and
for
the
the
H
Mac
use
a
shot,
256
RSA
2048
plus.
If
you
can,
if
you
can
do
4096
and
you
can
manage
it
and
handle
it
on
your
servers
and
the
load,
do
it
the
higher
the
better
the
safer
that
you
are,
the
more
future
proof
that
you
are
because
one
day
2048
they're
going
to
come
out
and
say
yep,
it's
not
secure
anymore.
A
It's
the
minimum
now
remember:
2048
is
the
minimum,
make
sure
that's
using
OA
EP,
always
Oh
aap
and
the
RSA
sha-256
signature,
and
when
you're
hashing
hash
until
it
hurts
okay,
most
people
are
only
logging
in
once
it
may
take
half
a
second
you're
gonna
have
to
spawn
a
thread
to
do
it.
It's
going
to
be
okay
right.
You
want
to
spend
half
a
second,
not
gonna
complain
about
half
a
second,
but
it's
going
to
make
their
data
secure
so
further
reading.
A
A
C
Oh,
do
you
I'm
looking
for
good
javascript
libraries
that
can
run
in
the
browser
and
run
in
node
and
so
in
particular
I'm
willing
to
accept
just
the
keyboard,
the
password
derivation
function,
but
I'd
actually
like
all
of
the
basic
algorithms
that
swing
both
ways?
Do
you
have
preferred
JavaScript
only
libraries
that
can
let
me
follow
your
recommendations
so.
A
First
of
all
never
send
a
hashed
password
over
the
wire
because
they
now
have
the
actual
value
shift
on
the
wire
all
right.
If
they
steal
the
password,
they
still
the
password
you've
got
other
problems,
there's
ways
that
you
can
resolve
that
via
ssl
pinning
and
things
like
that
to
trust
in
the
connection
is
secure,
but
you
never
want
to
hash
it
and
send
it
if
you
encrypt
it,
they've
got
to
have
the
information
to
encrypt
it.
A
Don't
subside
on't
suggest
using
any
javascript
library
to
do
this
outside
of
the
core
stuff,
because
the
core
stuff
has
problems
and
gets
fixed
on
a
patch
in
a
regular
basis.
The
JavaScript
ones
are
always
lagging
behind.
I
think
there
are
great
exercise
and
you
might
want
to
use
it
if
you
have
to,
but
I
would
say,
use
the
c
libraries
that
are
doing
it
because
those
the
ones
are
being
maintained
by
cryptographers.
So
I
don't
have
any
suggestions
for
any
JavaScript
levers
to
do
it.
Okay,.
A
D
Just
one
comment:
it's
counterintuitive,
but
on
64-bit
systems,
sha-512
is
actually
faster
than
sha-256,
so
people
who
had
it
hitting
performance
considerations
might
want
to
keep
that
in
mind.
Awesome.