All right. And we're recording and as far as you know, I'm in a really cheerful mood. >> Haha, we're doing random number generation. >> And we're kind of going to dive into like the crypto side of secure software, which is I didn't weakest to strongest part of your whole stack. >> And we're looking at random number generation. >> So question is, what does the null doing? The time operator inside of the seed of this random null when it passed into time, will cause it to spit out the timestamp, like the number of seconds since 1970. I, I actually think, I don't know is what does not null due to time. >> You're gonna wanna type an exclamation point there where you said not no, I was just like well, not know. >> Oh, got it. >> Got it right, right, right, right. Time see documentation. >> Maybe it's just like the formatting or something. Yeah, probably this documentation feels invalid. Ok. >> I'll check that later when we I don't know if we're going to split up today, but you said the documentation was invalid? >> Well, I just didn't feel like it had myFunction. >> So I'm gonna go to one that I trust a little more. This one, there we go. >> Pointer to a time, object with a time will be stored or a null pointer. Okay? So I think it always just returns the current calendar time. >> And null just means I don't need to store it for okay? >> So if I want a time objects, then I can pass it a time pointer where it will give me a time object I could like putts with or I can just take the number of seconds out. >> Two is a null pointer, actually a pointer to nothing? >> Or does it get saved somewhere exploitable? I think if I pass it a null pointer, it's going to put the answer out here. And if I pass it something else, it will write the answer into there. Did it's a little weird, right? Like I could, I could put like result here and maybe like ampersand result there. It might be the same result. I think. >> I don't think that's the relevant part of book return. >> And if no, not at all. >> Ok, so here we go. >> So take a look at this and I'm gonna run this a few times until I get some sort of variation. >> So now every time I run it, I do get something different. So that's interesting. >> I'm too methodical random. >> I'll probably have to jack this up to a thousand and get lucky. >> So what's wrong with, well, okay, what's wrong with all of these is that I'm seeding them inside of my DOM, little utility function. So obviously I'm just getting one value out every single time I run it, so that's no good. This one finally will like, let me see it and then spit out numbers in a row. But every time I run it will still be the same. So go ahead and, and for quantities and adjusted, or just tell me what to adjust to make this so that every time I run it, I get numbers that are hopefully completely unpredictable. They just put the S friend instead of 1983 at a time thing, time, time instead of 1983, there might be no that now every time I run it, I'll get different values. >> Okay? >> So now the question is, who cares, right? >> Like why? >> What does this, what does this matter? >> And it all more or less say that like randomness and crypto are the same thing. And I think that when you haven't done crypto, like professionally, you kinda, you hear that and you're like, okay, they tell me that predictable random numbers are bad. But, but why? And, and, and I'll even say, I think that actually predictable random numbers are good sometimes kind of in a particular version of the word predictable. So I'd like to get to the subtle parts. >> All right, so here's a goal, but a lot of people deploy bad crypto. >> And when you deploy bad crypto, you are putting your whole organization at risk. So if one of the goals of this course is that you're gonna go out and you're going to be developers and build things for joining companies. >> I don't want you to cost everybody their job and stuff. So to deploy nation state level security, so that you know that a thing is there and it's stable and it can hold all of my medical records or whatever or more importantly, things that really matter to be kept secure that you're not going to give away the farm by using insecure crypto. >> Ok, so that's kind of a gold mine. >> I think I saw this somewhere else, but doesn't cloudflare use like pictures of lava lamps going up and down and moving around to set their random yes, yes. That's the lava lamp wall. Yeah. So they've got this thing where like, you know, they they read values of, of lava lamp be things coming off in order to like have entropy in the system for their random number generators. But I'll say even like even if you could never, ever predict the value going into the seed, right? So even if that seed is truly, you've just read from the lava lamp wall or whatever. Yeah. >> Exactly like what does random there's random number generator problems and a lot of CDFs, right? As Jerry's pointing out, because it matters to security. >> So let's say that we use are lava lamps here, right? And we put it into srand. Now that means that you won't be able to predict the seed. >> So one of the things that matters is, given ten of these random numbers that have just been spit out, can I predict the next one or can I predict anything about the next one? >> So I could say that if I were to produce for you a 1000 random numbers in a row seated with the most secure seeding or whatever. If you can tell me even a single bit with better than 50-50 probability of b 10001 number, then the scheme is not cryptographically secure. >> So is the rand function predictable? >> Yes, I will give you a script that will consume I think about 31 of these things and then tell you all the rest of the numbers we just goal, which is cool. >> So see, random number generator is not, is not very secure. And actually there was a CTF problem we did a couple weeks ago. >> There are five random number generators implemented in G, lib, C. >> And you can force it into using some of the other like versions that they have. >> Select the default one is one of them. I could write you that same script for all of the different random number generators for G lib C. So none of the five or cryptographically secure. >> How do you even go about doing that? I like math somehow. Yeah. I would say somehow. >> Method. >> Actually, I don't even think I gave it that time that I did this class. >> I think I went back further, estimated that you're finding a pattern in like a sample setters some, in some way, right? >> Yeah, I stopped kind of giving this lecture in classes. >> Oh God, yeah, I see why, right? >> But here is me cracking G lib sees random number generator. >> So if you want to dive in, I can I can show you I at a future date first, let me show you. But at the higher level, like I'm, I'm not so worried about G. >> Lib sees random number generators so much as like the following question. So here's the questions that I like want to adress intellectually is what are the two versions of predictable random number generators? >> When do I want unpredictable numbers? >> Why would I ever predictable keys or they actually use? >> But those are some of the questions I want to try to address here, not in that order. >> Ok, so here we go. >> Let's start with an old fashioned historical safer. And, and here is the cryptographic principle. >> I was just saying out loud. >> If an adversary figures out any part of your secret stuff in any way, they shouldn't be able to do any additional information is like a kind of a rule to assess yourself by. >> So if you can leak, if you've lead to X number of bytes, are any future bits of any kind deduce a bowl with anything better than 50-50 probability anywhere in the past or the future based on the things that got leaked. >> That's like the cryptographic standard. Okay, so let's take a look at an old fashioned historical safer. >> It's called historical because it's totally busted. But, but you know, you could actually make it nation-state secure in various ways. But that's, that's also a fascinating, subtle debate. A lot of subtlety in, like I say, it's a beautiful topic deep inside. So here's how this works. You to do a basic encryption. >> You're gonna take a plain text and you're gonna take a key. >> The key is, it's going to be in this shared secret between you. So, so if Sophia and I are going to send a message like little note in class, whatever else, we're going to use an encryption scheme. >> We're both gonna know the secret key. >> And by both knowing the secret key, I can encrypt at that key and she can decrypt with that key. This is symmetric key crypto. This is what 99% of all traffic is encrypted by. It is typically way more secure than the public-key crypto. >> And anyway, all of your bank traffic is encrypted as symmetric key crypto. >> All of your web traffic, your communication with SEC dot-product ninja is encrypted with symmetric key crypto, but the conversation begins with public-key crypto. Okay, so here we go. Sorry, I highlighted the wrong thing when I said the key. The key in this case is, let's say CBA. And here's how visionaries gonna work. >> You guys know the CaesarCipher pretty old fashion. >> I don't know any ciphers really. Wow. >> Okay, everyone really, you're just given a number like five. You shift up five letters no matter what it is. >> Yes. >> So here's cyber shaft, by the way. >> It's a really cool little tool that I use to putts with the stuff to do like all the historical ciphers. >> So let's putz around this thing. >> So let's say I put in andy rules and I can go encrypt Rot 13 is kind of the CaesarCipher, and that is where each letter in any rules gets shifted by some amount. So if I shift by 0, I see Andy rules, if I shift by one, now it's UBO as sniffed. >> And that's kinda cool. >> I might, I might, I might use the named Boaz as like a screen name. >> And the future, right? Like in a video game or something like the word length are retained. >> Yes. >> So in this case it's just taking a capital a to capital B, OK? And went to o, di went to E, X, Y, Z went to z. Now if I made it, Andy rules with a Z, you'll notice that the Z went to a. >> So, so, and it's like got it kinda got it where it's preserving case, right? >> Like if I leave off uppercase letters, lowercase letters. >> So Annie rules goes to bow asthma, but if I rotated twice, then a goes to C, et cetera. >> All right. You guys with me on that? >> Yes. >> Nature of rotation. >> Ok. Next question. >> Month rotation doesn't use the ascii cable to it as any rules with a capital Z. >> Is it rotated to the next come? >> Weird character? >> No. Yeah. >> So so this rotation is like on paper by the way, is Nick excellent question, but because you ain't loans dean. >> Oh, okay. Got it. Alright. Cool. Welcome. Alright. So yes, the letters are done like pencil-and-paper style. >> This is called the CaesarCipher because Caesar, Julius Caesar ages ago, you said, or something like that. >> Other Caesars like a title rights and lots of people will have the name Caesar. So if I kind of disregard the ascii part and just say lowercase letters only these things are in there. If I start throwing like apostrophes and stuff like that, it has no effect on the non alpha alpha characters. They have like a rock 47, which includes some other ascii characters. >> So that can like go a little bit further through some extra principles, but you'll note that it even preserve spaces here, right? >> Yeah, cool. >> Thank you so much. Yeah. Alright. So so that Caesar cipher and it's just on the letters. Okay, old-fashion, no big deal. >> Now this one is vigenere cipher. >> So my Vigenere cipher, I'm gonna put in a through L as my input. I mean, I can make whatever my input and hear from my key. Here's the idea. >> If I put in the key of a, what it will do is take each of these letters and rotate by 0. >> So it's going to treat the a is 0 and it's gonna do like a CaesarCipher rotation of 0 on each of my layers. >> If I go a B, then it will do is do a Caesar rotation of 0 and the first letter, a Caesar rotation of one on the next letter and then back to 0 and then back to one. >> So here the second letter got rotated by one, the fourth letter got rotated by one, the sixth letter got rotated by one, et cetera. >> Is that because of the values of the letters? >> Yeah, the letters here are being translated into numbers, which is then getting like Caesar cipher in, in order. >> So if you were to type C, every third character would be no. >> If I type just see every character is rotated by two. >> If I write C, B, a, every third character is rotated by 2, second character rotated by 1, third character rotated by 0, and then back to two. >> So it cycles through the key, using the key to decide how much to do the CaesarCipher on that letter and the position of the character. >> And the key is the That's right, that's right. >> So so if Sophie and I are exchanging some secret message, and our secret message is like c are key a CS for social good. >> And our message could be like cryptography rocks, that's everyone. >> So the first is the C is getting rotated by two. The R is getting rotated by whatever letter into the alphabet, S's and an F and so on. >> There's an a in social good. So like 1-2-3, 4-5-6, 7-8-9. >> The tenth letter gets rotated by nothing over six tenths. The PPE should actually be a p Down here also, you can kinda see that. Ok, so this is the Vigenere cipher questions on it, and I think I got it pretty straightforward. So here's a quick little quiz. Let's, let's pop testing here. I'm going to say, oh, we vole sb will be and the first word is Andy. >> Read the rest of the sentence. So I'm gonna reverse this a little bit. >> There's the cipher text and just presume that the first word is Andy, extra affection for the first person who can read the whole thing to me. Or spilled. >> I don't know, really know along the way. >> I don't think the key is the key is that the key is not andy, The first word is be. >> So here you're gonna work a little bit as a crypt analysts. You're going to break the cipher. >> So I didn't tell you the key, but I did tell you that the first word is Andy. >> So what do we know? >> Well, if the first word is Andy, then what should be the second letter in the C0? >> X2 was the first letter in the key. I'm going to say the first letter in the key must be a. >> If I put a B here, I get other things like the fact that my input was a, my output should be a. >> If it was Andy and it became this, then definitely the first letter by Q should be a green belt. Yeah. I think the next one is N k. >> I agree. So I put in an n and that would take me from n equal to o. We. >> Alright, cool. So now for the third letter T, t, then at that point here, I can see that it just spits out my whole secret message. Yes, I go. >> You can just bind this decoder and then just keep iterating through each character roughly. >> Yeah, and we can even see that in this thing. >> Since you knew the word was Andy, that like the first and the fourth letter are definitely going to be plain text, right? So like the first letter of the key is a, the fourth letter of the key is a, or the key is only length three. >> And so the fact that we like start looking at this one and this one, all of a sudden we see Andy. So cool. We're like, okay, yeah, this is definitely we win. >> Okay, fine. That's something. >> Here's another thing. >> Take a look at this. All right, this is a totally different type of blackbox moment. I'm going to shut gutting some concepts here. >> We'll get there. >> You are a security analyst for a National Security Agency of some kind. And you are watching traffic on the wire between two hosts. So you got WireShark running, or let's be honest, you're at Starbucks and you're on the public Wi-Fi, and you're just running Wireshark and you just looking at everybody's traffic, you see the client send a message. And in binary that message is 11010101010. And then you see the server reply with 11010101010, right? >> That's what you've learned from your eavesdropping. >> You have no idea what Alice and Bob are up to. >> Roughly what on Earth have you learned? That number is some kind of password of some kind or handshake. The numbers being used twice, I know they're the same, right? >> So if I'm listening on an encrypted channel and the number comes out the same the first time and the second time, it's something, it's something it might be encrypted, right? This might be an encrypted message, it might not be ascii, but if I can crack it 1 second, crack it forever. But it yesterday. So imagine that I'm just watching Alice talk to her stockbroker and she's like, you know, doing micro trading, algorithmic trading. >> And so what I'm watching here is network traffic from the algorithm to the market, looking to see when they're buying and selling something like that. Maybe I can't crack everything. >> But if I can see, if I can look at their behaviour, I know that what they're doing is buying and selling their encrypting their buy and sell orders. But I can see pattern of any kind in their buy and sell orders. I can eventually deduce which message was by which message was cell. Probably even like, you know, how big the orders are and things like that, that point, then I can just steal all of the best ideas of that algorithm by putting in my order first or, or copying it the same way or whatever that would be. And I'm also night. >> So you're saying that if they don't encrypt your messages, you can gain access to the messages. >> No, no, no. >> I'm saying these are encrypted messages conceivably. >> But if the encryption is not different every single time I run it, even with the same message. >> So let's take a look at this version arrow one, right? >> Sophie and I are sending messages back and forth, and CS for social good is our key. And I'm going to send like, Hi, my name is Andy. This, by the way, happened to like the Germans in World War II, right? Yeah. >> Because they said the same thing repeatedly. >> Yeah. >> Like they opened the message with Heil Hitler or whatever or end it like so. So I send this, Hi, my name is Andy and I send this across the wire in my visionary key. So you guys to see that you maybe you can figure out that says, Hi, my name is Andy. >> She replies, My name is Sophia slip. So that worked out so perfectly. Thanks for the Nazi comparison. >> Oh, right. Yes, CS for social good. And Nazis have a lot and calm now, please. >> No, they don't. >> Honestly pretty Should the Nazis were all about social good. >> That is really misguided. >> Oh, wow, we will address this off the recording. So you did literally say Heil Hitler? Yes, yes, that's right. >> Now. >> Now in the deep fakes of my future lectures, you will all have Heil Hitler available. >> It's good. >> So here's her reply. >> Or weird because you use the key FDM, like in the message. >> Yeah, right? >> Like because I happen to use the key and the message should get a bunch of a's, which that, that's just what was crack me up. But you can also see that like the opening is very similar, right? So if you're watching this as encrypted traffic, you're like, oh, hey, I, I'm seeing some patterns here, right? >> To some extent my goal when seeing encrypted traffic is that the letters have to look truly random throughout, right? If they're not looking truly random throughout, I'm leaking all sorts of stuff. >> So you randomize your key well, but Sophie and I have to like, have the same key in order to be able to decrypt each other's messages. >> It's more than that. >> I laser-like shuffle the same message. >> So like we want to send this exact chat, right? >> Like I want to be saying, hi, my name is Annie. How many number of CS for social good? >> Like I want to say all those things, but I want it to just like now, if we repeat the message, she's like, could you say that again? >> And I'm and I'm like, yeah, hi, my name is Andy. >> Like I can be repeating that message over and over and over again. >> And it's gonna be the same every single time. So that's why you need a predictable random list of silica and rate. Maybe, yeah, there's, there's, there's just some stuff to explore here. >> There's some stuff to explore here. >> This one is, is, I'll say that I'm part of a, part of why I call this is like authentication part one. When it comes to us, like storing passwords and things like that, which is the thing you're all going to have to do one day. >> How do you store the passwords? What's the essence of storing passwords? >> Like? To some extent you're going to have to introduce assault. And so with crypto, we need a version of assault also, which It's called the IV or sometimes the nonce, which is a number used once. >> Assault, yes, we need assaulted in crypto, not fault, but this assaults like I don't know what that means in this context. >> Yeah, that's OK. We'll get there. >> That it is, is, it is some noise so that every message doesn't come out the same. Gotcha. >> And we are going to here we go. >> So next meeting is May fifth at seven. >> There you go. >> Alright, for the hard core, that's how you announcement. >> I want as few people as possible to read my announcement. >> So this is an essential part. >> Oh my gosh. I've I've wasted so much time today. >> I'm sorry. >> And welcome. Yeah. >> No, no, I appreciate appreciate it. >> Yeah. Okay. That's fine. We'll get there. We'll get k. This is have you guys heard Claude Shannon? >> Claude Shannon? >> Yeah, dude, basically. >> And like one paper I think as a master's student invented like the word, I think even the letter bit or like the phrase bit. Information theory, coding theory, and like the concept of perfect secrecy all in one paper was pretty crazy. >> So this is one of my favorite cryptographic schemes to understand. >> It shows up in every single CTF because it's so, so vitally important and it is perfect and yet totally not perfect. And to understand why it's perfect and why it's not perfect. >> And, and, and how much of your traffic is actually just XOR. >> And the essence of why that's like a really fascinating little intellectual journey to go on. >> So here we go. >> The concept is, if you have a really long string of just random bits and you share it with your partner. >> What we're gonna do is x or bitwise XOR every single bite of my random noise and my plain text and send it to you. >> And then you can X or the same string of random bits with the cipher text and get back out the thing. >> So let's, so the essence of this is this. >> If we take a look at X4, XOR is going to go through bit by bit and say R o is only one of them on yes or no. >> So there is a yes at the bottom bit? >> No. >> Yes, no, yes, no, no, yes, no, yes, yes, no, yes, no, no. >> That's how it works. >> Ok. Who cares? Well, so here's how you would use it to encrypt. >> Alright, if I make a random byte, or actually this is four bytes here, which is a little bit tricky. So I'm, I'm being a little bit on the cheeky side here. Take a look at the way I'm doing this. >> Here's a four character array for Andy. >> I'm going to take the next four bytes that come out of this random number generator. Because we know that this random number generators producing a one as a, like a 32-bit thing at a time. >> I'm going to take Andy, cast it as an int star, and de-reference that so that this whole four character, this 4-byte thing became a single integer. >> It's a little bit tricky the way I'm doing that, but I'm turning this into 32-bits of Andy. And then I'm going to XOR those 32-bits of Andy with the first random number that comes out of 1983. >> All right, so, well, one like who cares? So take a look at this intellectually. >> If this is, this is Andy as binary. >> By the way, which of these letters is the a? >> Can you see the a in here? What's, what's capital a and ascii? >> It's also what it is. Is it what? Oh, yeah. Yeah. >> It's 65. So this is the one that has the 65 and it is the capital a. >> Capital N is going to be like basically the 14th letter of the alphabet. >> So this is 14 plus 64. So that's my 248 padded together. >> And then d is the fourth letter of the alphabet. >> And then why is the 25th letter of the alphabet all within a one at the top. So now here's the thing about this. >> So, so this ascii text is very, very structured. >> Every eight bits is going to be like a 010 and then is going to be some binary that represents how deep into the alphabet My thing is. So 00 and then some binary 00. >> And now imagine that I'm going to XOR this with a coin flip. >> I'm going to flip a coin with the bottom thing and it has a 50-50 chance of being one or 0. If I have a 50-50 chance of being one or 0, and I XOR this one with a one or a 0. >> What are the odds of getting a one or 0 back out given a structured bit one do one x or random bit. Okay? >> So one was predictable. >> It's from my plain text is from the, you know, the secret message I'm sending. >> But the, the other bit is truly just a coin flip. >> If my random bit has a 50-50 chance of being a one or a 0. Then what are the outputs for that random bit being one, where one XOR, that random bit 00561 XOR one is 01, XOR 0 is one. >> Likewise, if my structured bit was 0. >> So what's cool about this is that you can take super structured text, XOR it with random bytes, and it will look truly random. >> Every single bit is, has a 5050 odd being a one or a 0. >> Okay, that's pretty powerful. What about decryption? Well, if I have a x or b, and if that equals C, then a XOR c is what? >> All right, so not obvious, that's fair. >> A short, hey, let's suppose a is one and when x is 0, if a is 0, so a, a is always 0. >> So if I have c XOR a, and that's the same thing as saying a XOR b x or a, which is the same thing as saying a XOR a XOR B Which is the same thing as 0 XOR B, which is B. >> Alright, let's try that again. >> How about c XOR B? Let's look at that. >> That's a XOR b x or b which is a XOR b x, where b, which is a XOR 0, which is a weird. So here's, here's what's true. >> If a XOR B C, then a XOR C is B and B XOR C is a set. >> Those three are now in a forever. You know, like triad relationship. >> A, B, and C go together AND make C, then a and B, then B and C make a, which is one really cool way to do this is that I can, I'm sorry, I'm way, way past time. Sorry. >> If you gotta go, you gotta go, if I go to X4 and I put in four score and seven years ago and I XOR this with like Andy, rules go crazy, I get nonsense out of there. >> So I need to go into hex to get it out. >> Cool. >> So four score and seven years ago with Andy rules, yo crazy gave me this, these like unprintable bytes. These unprintable bytes XORed with Andy rules yo crazy, give me four score. And seven years ago, those principal bytes with four score and seven years ago gave me any rules, yo crazy integral. >> And that's the beauty of XOR. >> These truly do look like completely random, but they're completely know will play with this more on Wednesday. >> But you can pull the key out of that thing, right? >> If you can predict some part of it, you can get some part of the key if the key is not a random string. So I can the essence of onetime pad, the perfect secrecy comes from the key being as long as your message and you only ever using the key once. >> Okay, I think I understand. >> Yeah, you can meditate on that a little bit and we'll get, and we'll, and we'll, we'll put some more. This is one of the most encryption scheme, most important encryption schemes in the whole world, because you're using it all the time without knowing it. I mean, it's so simple. >> Lecturers, the really fast, it's really, really fast and it's really actually perfectly secure if your key is truly random. >> I really need to think about this. >> This is kind of, yes, give me, give me a weird vibes. >> It doesn't seem that seems too good to be true. >> I'm not an untrusted I will give you yeah. Yeah, yeah. It is too good to be true and yet it's also like use a lot. I don't know. >> It's a very, it's your right not to trust it. >> Here's an XOR problem for you. >> Take a look at this one, I guess I gotta stop class. Alright. 70 recording. >> Thanks, everybody. See Wednesday
Andy Novocin's Personal Meeting Room
From Andrew Novocin April 27, 2020
6 plays
6
0 comments
0
You unliked the media.