Security

From Bitpost wiki
Revision as of 13:54, 9 April 2018 by M (talk | contribs) (Created page with "=== KERBEROS HANDSHAKING === CLIENT AUTHENTICATION Client > username > AS (which is running the TGS) client < [Client/TGS session key] (encrypted with user pw) <...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

KERBEROS HANDSHAKING

   CLIENT AUTHENTICATION
   Client > username > AS (which is running the TGS)
   client < [Client/TGS session key] (encrypted with user pw) < AS/TGS
   client < TGT (client info encrypted with TGS secret key, can't be decrypted by client) < AS/TGS
   client decrypts [Client/TGS Session Key] for communication with TGS
   CLIENT SERVICE AUTHORIZATION
   client > TGT, Service Principal Name (SPN, aka hostname) > TGS
   client > Authenticator (clientid+timestamp, encrypted with client/TGS key) > TGS
   client < Client-to-server ticket, encrypted with service's key < TGS
   client < Client/Server Session key, encrypted with Client/TGS Session Key
   CLIENT SERVICE REQUEST
   client > client-to-server ticket > Service Server (SS)
   client > new Authenticator > SS
   client < timestamp confirmation < SS
   client confirms
   client > service requests > SS
   client < service responses < SS


OVERVIEW

Notes to review before interviews, etc:

   ---------------------------
   fedramp cloud certification
   ---------------------------
     strong encryption, eg AES 256-bit
     data should be encrypted before it leaves end-user "organization"
     encrypt: data-at-rest, data-in-transit, data-in-use
     encryption keys MUST be kept within end-user org
     CSP requirements: implement security, third-party assess, maintain authorization, comply with continous monitoring
     
 basics review

     public-private key
     ------------------
     plain -> encrypted -> plain
           ^            ^
         publickey      privatekey
         
     
     SSL HANDSHAKE
     -------------
     client                                                    server
            -> hello ->        
            < cert
     (check) 
              send secret encryped with server public key >    decrypt secret)
              (opt) send client cert >                         (check - but not otherwise used?)
              ack>
              <ack
              exchange with shared secret key

 best encryption to date
   ssl labs: 
     Key RSA 2048 bits (e 65537)
     signature SHA256withRSA
     certchain includes Let's Encrypt Authority X3, RSA 2048 bits, Signature: SHA256withRSA
     TLS 1.2 (not allowed: TLS 1.1, 1.0; SSL 3, SSL 2
       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)  ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)     ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)      DH 2048 bits   FS 128
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)      DH 2048 bits   FS 128
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)         DH 2048 bits   FS      
   
   review 

     AES 256-bit for encryption
       aka Rijndael, which won in the original NIST AES selection process (in 2001!)
       symmetric key algorithm (same key to encrypt and decrypt)
       block size 128
       key length 256 (can be 128 and 192)

     SHA-256 for signatures
       a bit-specific SHA-2
       deprecates SHA-1
       NOT deprecated by SHA-3 (an alternative developed through NIST competition)
       256-bit "hash values" aka digests aka signatures)
       server + client ssl certificate process
       
     HMAC is a signature with a key - what I'm doing with JWT (HMAC-SHA256)
       
    broken: RC2 RC4 DES IDEA ...

    next-gen: https://security.stackexchange.com/questions/135054/whats-after-aes
     TLS 1.3, which is still a draft, is going with two authenticated ciphers as its required choices:
       AES-GCM, with either 128- or 256-bit keys;
       ChaCha20/Poly1305
     The reasons we have two are the following:
       As a backup—if one of them is broken, everybody can switch to the other;
       They have different strengths:
       AES-GCM has excellent hardware support in many platforms;
       ChaCha20/Poly1305 has faster all-software implementations than AES-GCM does.

   good for https with SSL certs, according to SSL labs:
       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)  ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)     ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)      DH 2048 bits   FS 128
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)      DH 2048 bits   FS 128
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)         DH 2048 bits   FS      
  

 NIST (National Institute of Standards and Technology)
 
   SHA-3 competition 2007-2012 (SHA = Secure Hash Algorithm)
     64 entries
     5 finalists: BLAKE, Grøstl, JH, Keccak and Skein
     winner: Keccak
     schneier's feedback:
       Yes, I would have rather my own Skein had won, but it was a good choice.

 NSA has Suite A (classified algorithms that will not be released) and Suite B cryptography algorithms
   Suite B's components are:
   
   Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. 
     For traffic flow, AES should be used with either 
       the Counter Mode (CTR) for low bandwidth traffic or 
       the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (THIS CAN BE PARALLELIZED)
   Elliptic Curve Digital Signature Algorithm (ECDSA) – digital signatures
   Elliptic Curve Diffie–Hellman (ECDH) – key agreement
   Secure Hash Algorithm 2 (SHA-256 and SHA-384) – message digest

 talk about my projects

   nopc
     energy market
     need to measure power behind the consumers meter
     i wrote a client that lives on embedded devices
     i cross-compiled openssl, libmodbus, libcurl, libwebsockets, zlib

     ssl / websockets work:
       libwebsockets uses openssl, but i have played a bit with optional ssl: wolfssl
         has streaming media support, including the HC-128 and RABBIT stream ciphers
         Standard ciphers are supported, including EDH on both the client and server side.  
         wolfSSL recently added support for BLAKE2b, one of the SHA-3 finalists as well. 
         wolfSSL’s underlying cryptography library is called wolfCrypt.
       i wouldn't want to stray from openssl unless there was a more compelling reason, since it gets so many eyeballs on it
       people don't like its depth of support for other algorithms, just stick with best-in-class
         Key RSA 2048 bits (e 65537)
         signature SHA256withRSA
         pki: rsa
     given a guid token, it uses that to generate ssl certs on the device
     then it runs 24/7 on the embedded device
     it has a tight loop with callbacks, C is gross but you can do pretty much anything
       in factthats the problem, you have to do everything!
       again, i heavily rely on reusable helpers
     so it has a single-threaded loop with callbacks
     poll:
       if !config configure client
       else poll and store meter data, buffered to memory then volatile then nonvolatile storage
       if ws not connected initiate connection
       service the connection callbacks (sending bi-directionally as needed)

   just added jwt to abettertrader
     uses HMAC-SHA256 (uses a secret during signature generation)
     client sends u/p
     server builds header+payload+HMAC-SHA256 signature with its own secret
     server sends back base64-encoded token to client
     client uses token on every API call
     when token times out, user must log in again
     server can almost instantly determine user's priviledges without a db hit
     that's why they call it stateless

   abettertrader c++ based webserver, gets A+ rating at ssllabs
   via haproxy!
     I serve up several domains from my home
     most of them use SNI with apache
       with SNI the hostname is sent outside of the encrypted traffic
       so you can serve up different apache sites based on the requested hostname
       it's fantastic - for years i had to serve up my different sites on different ports
       and it was hard to do https that way
     but! ... i'm running a C++ https server as well
     and i had to solve the problem of getting incoming https traffic to that server running on that port
     haproxy is THE BOMB for these kinds of things
     i configured haproxy to read the domain name and redirect traffic to the c++ http server and port
     but i am so excited about this, i got these bonuses with zero effort:
       ALL ssl handshaking is now done by haproxy!  i just give it ALL my certs, and it does the negotiations
         i was able to limit availabe ciphers to those listed as secure at ssllabs
           ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
           ssl-default-bind-ciphers AES128+EECDH:AES128+EDH
       ALSO i was able to turn on HSTS - this forces all http requests into https requests
         and that got me an A+ rating on ssllabs - for ALL My sites - in one fell swoop!
         i felt like that giant that killed 7 flies or whatever
     
   abettertrader uses a map of lambas and regexs
     when a url comes in, it plays it against all the registered regexs
     if it finds a match, it calls the lambda
     it's really fast and really fun
     
   i set up node.js scripting for my continuous integration
     i have an open source package called radscripts - it does an automatic semver bump on every commit
     i'm totally addicted to that
     you can turn it off and still get all the benefits - 
     i turned off auto-tagging at causam because they wanted to control the specific numbers of releases
     but semver dictates: ...
     
   i am always tinkering, i keep track of my projects in phabricator, an agile ticket tool that sprang out of facebook          
     do you want to see it?
     willcodeforcoffee.org moodboom/G

 write a c++ app that sorts an array then encrypts it then decrypts it
   int main() {
     return 0;
   }
   
 review c++11, c++14, interview questions
   RAII resource acquisition is initializaztion- constructor acquires, destructor releases

 c++ 
   c++11 features I love:
     automatic type detection - this is great esp for iterators so you don't have to type as much
     for loops
       if you don't need to walk forwards or backwards as you loop, these greatly simplify code profile
       but if you need the iterator as you loop, you can stick with the old way
     lambda expressions - really fast to write inline functions
     move semantics - you don't have to copy out results when you're done in a function, you can move them - and it's largely automatic, really nice
     initialization syntax - i love this for creating test data, you can easily initialize big arrays, whatever, right in code
     delegating constructors - this si great, so you don't have to rewrite all the base class constructors to be able to add a new one
     threading - a lot of this is available with boost - but it's nice to have the standard incorporate all the best boost work
   c++14 seems much more incremental than 11 was
     you can use auto for function return types - that was already how lambdas worked in c++11, i thought...
     lamdba parameters can be auto - kind of like templating, seems really crazy and cool - haven't played with this much yet
     and closures, how cool is that!!!  "lambda captures"  it carries along the scope from where it was called.  
       javascript of course makes us a huge fan of this.
       but i wonder about the performance penalty involved. - again, haven't played with it much
       deprecated keyword, binary literals
   and then c++17 is on the way - c++ has always made me happy, i find it incredibly elegant compared to lower C or higher java/C# arenas
     i think javascript actually hits a sweeter spot than those
     so i'm enjoying C++ and javascript more than anything these days
     i wrote some utilities in node so i can use node for scripting, which has been really productive
     but i have to say, python would be a welcome addition

 c++ containers
   
   i use hashmaps of pointers via unordered_map
   unordered set lets you contain pointers, and specify the hash and equals values for the object pointed to
   typedef std::unordered_set<AutotradeParameterSet*,PersistentIDObject_hash,PersistentIDObjects_equal > AutotradeParameterSets;
   then you can set up a second "index" into the object store
   you have to maintain all indexes as you add and remove, of course
   
   unordered_map uses the hash to find the right bucket O(1)
   map uses a binary tree and a comparison operator O(log(n))
   std::find() on vector uses quicksort O(N*log(n)) or insertsort which uses heapsort for worst case
     mergesort is good to preserve order of equal items (in-place)
   
   python has TimSort, pretty cool - looks for presorted sections, then merges those, COOL
     in use in python since about 2002
   
   i also use a sorted vector class i derived from the standard vector class
     it too can use pointers instead of objects, allowing for multiple indexes on a set of objects
     it has push_unsorted(), bSorted() and sort(sort_function) functions
     usually with vectors you use lower_bound to find things
     sorted vector has find helpers, and they always sort if unsorted
     it's really useful when you have a huge amount of objects and only sort on occasion

 - nagging question: how do you add functionality to a product that's new?  
     this was a very valuable question that I didn't answer well
     can i ammend my answer?
       i mentioned that I would diagram function flows - that would definitely be a key strategy
       and to read any and all available documentation on the software
     what should have also been part of my answer: 
       generate my own documentation as needed
       a fantastic tool for that is doxygen
       i ran it yesterday against a recent project, and it did a nice job creating class hierarchies etc.
 
     clang-tidy is suggested to be the best on reddit
       even has a -fix flag to fix in place, ha
       cmake can call it for you!!
     cppcheck
     coverity for Paid solutions

     jsonlint