{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

CSCI6268L14 - Foundations of Network and Computer Security...

Info icon This preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #14 Oct 1 2009 CSCI 6268/TLEN 5550, Fall 2009
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Next Up: SSL Next we’ll look at how to put all this together to form a network security protocol We will use SSL/TLS as our model since it’s ubiquitous But first, we’ll digress to talk about OpenSSL, and our first part of the project (a warm-up)
Image of page 2
OpenSSL Was SSLeay Open Source Has everything we’ve talked about and a lot more Most everything can be done on the command line Ungainly, awkward, inconsistent Mostly because of history Have fun, it’s the only game in town http://www.openssl.org/
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Brief Tutorial This is a grad class; you can figure it out from the man page, but… Syntax is % openssl <cmd> <parms> cmd can be ‘enc’, ‘rsautl’, ‘x509’, and more We’ll start with the ‘enc’ command (symmetric encryption) Let’s look at the enc command in more detail
Image of page 4
OpenSSL enc command openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [- a] [-K key] [-iv IV] [-p] [-P] -ciphername can be des-ecb (yuk!), des-cbc (hmm), des (same as des-cbc), des-ede3-cbc, des3 (same), aes-128-cbc, bf, cast, idea, rc5 Can omit the ‘enc’ command if specifying these… kind of hokey If you don’t specify filenames, reads from and writes to stdin/stdout Looks like garbage, of course If you don’t specify a password on the command line, it prompts you for one Why are command-line passwords bad? You can use environment variables but this is bad too You can point to a file on disk… less bad What does the password do? Password is converted to produce IV and blockcipher key
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
enc (cont) % openssl aes-128-cbc –P enter aes-128-cbc encryption password: salt is a random number generated for each encryption in order to make the key and iv different even with the same password Begins to get confusing… didn’t we just change the IV before? Use this mode only when deriving a new key for each encryption Eg, when encrypting a file on disk for our own use If key is fixed, we specify it and the iv explicitly % openssl aes-128-cbc –K FB7D6E2490318E5CFC113751C10402A4 –iv 6ED946AD35158A2BD3E7B5BAFC9A83EA salt=39A9CF66C733597E key=FB7D6E2490318E5CFC113751C10402A4 iv =6ED946AD35158A2BD3E7B5BAFC9A83EA
Image of page 6
Understanding Passwords vs. a Specified IV and Key So there are two modes you can use with enc 1) Specify the key and IV yourself This means YOU are in charge of ensuring the IV doesn’t repeat Use a good random number source or Use a counter (which you have to maintain… headache!) 2) Use a passphrase OpenSSL uses randomness for you by generating a salt along with the IV and AES key Passphrases are less secure (more guessable) in general Either way, we get non-deterministic encryption
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern