DEF CON 26 CRYPTO AND PRIVACY VILLAGE - Shi and Cai - Building a Cryptographic Backdoor in OpenSSL

DEF CON 26 CRYPTO AND PRIVACY VILLAGE – Shi and Cai – Building a Cryptographic Backdoor in OpenSSL

please give a warm welcome to thank you gotta learn Malayalam I'm not working for she was 360 in Beijing and today I'm so glad to be here to present a quick talk about cryptographic capital in open SSL and I'll show you how to build a battering open cell so before the presentation I'd like to introduce yourself briefly the idea of this presentation was considered by two people today at me and say is the main improvement published idea it's not only my is not only my colleague who is a keeper or mathematical also a viability hunter in the Intel CPU architecture kernel open SSL and now he had the fund about 10 10 offensive ability including the SSL test alerts and this is a picture of our team's office echo so we applaud – let's look at all now is topical in the first power our intertext introduced the Crippler cryptographic paddocks and something about the architecture of the open source coder in the second part I'll show how to build a new method of cryptographic path or you know parasol and then I will show you two demos in the first part we think this kind of a battle can be used in supply chain attack scenarios so firstly as we all know the most common example of a cryptographic capital is Union weekly rent them such as though you see the RPG and surrender nominal cherita harbour its rally to notice that that another kind of a path on which is called the path of amazement and security are you looking for my abilities Jim in prime encrypted graphic implementation instead of pay more attention to mathematics maybe because the fading mathematics needs a high level mathematics cure in fact a general-purpose do not have a saying lava mathematics skills as latinized album Messam path august so it is hard to detect the Mason petal lies well died a you know open sir is the Webster future – a cube for EOS and SSL protocol so let's do a little digging into the architecture of open source coder the open so how can technology from Wacha is made example of the three paths pío EVP and ssl the sakoda is mainly encrypt engine as illustrator accuracy directories and the application layer in the opposite direction the motor most important in our cryptid all the track array of krypton include includes sn1 code interface pseudo-random number generator engine mechanism EVP suffer algorithm interface value of a unified cryptographic algorithm that lambda operation interface private key information syntax a symmetric cryptographic algorithm and each server on the other hand the directory of SSR is the implementation of SSL TR TR protocol and today I will pure the path of yin I say algorithm because I same algorithm is quite clear I firstly staggered to prime numbers P and Q and computing and after that we can gather public key and private key the second step is the incubation we can gather sabot actor C and finally after decryption we can get aprender text so let's see a simple pair talk in I say algorithm in the key generation algorithm of I see it's easy deed to learn from several security papers that a difference between two primes lambda in Isis should not be too small otherwise you'll be I safer but this termination is to Vega in particular general purpose Katya know how small it is will be insecure as well how much insecure is there for a given difference therefore we can think the security as the reason of adding check person to check pet – cuter erase infection I cetera the key in the OpenSSL and first you to give unsaved a prime time mama is even possible to set the tank capacity during which we can crack her private key as we wish so let's the sill evil patch in this person by D between the range of a generative primer difference we can crack the private key as way in Wofford high capacity the picture is look too small too small and I will uploaded this example to see father in a Leila so let's look at Nara compare comparative que tiempo imagine are we can had a faster prime generation algorithm in order to generate primers with special attacks and special feature mathematic principles the party we are able to control difficulty for cracking the private key is referred generating primes now notice strongly known such as Jared generating a prime number of a particular family a prime time that generates a special range difference even if the difference is large in now in the Lupron pi doesn't seem to have any power now but will be unsafe after certain transformation so now it is our small conclusion as far as I'm considered a problem the problem comes from the lack of ah our understanding for a security principal of I say after Nam its tivity have not been Permian mathematically yeah the question is what kind of primes are safer and how to evaluate them so when we have no cameras restrict mathematically judgment for this situation and that's the Stila demos I will shoot to demo in the first demo I assure the material better Tory inspect inspection patches idea so rather difference between two prime numbers up to by the term ratification is the inner security boundary which allowed us to set high capacity to achieve equality in cracking so first I will direct a keypad and then we will get a double key after Iowa killed private key and then we will try to crack the private key right sir yeah we can printed the information of Apollo key and then we crikey there is a fire faster so that's rockin a second demo in the second demo you know all the generate Pakistan to up outputted two prints they appear to be okay but you will be became insecure after some transformation in our case we can apply one prime number P after 1826 the right orbit explanation let's say as last one we generate a keep high yeah we can crack you up to transformation yeah it's quite faster and easier if it can be control so as I said we sink this kind of battle can be uranium surprise surprise attacker imagiro many of us may have uses a public key charity in the SSL in the SSL private key management such as Excel if for the attacker such as him attacking the compare element of a target software company like Lakewood modify the generation other reasonably keep I which is how to toot tootsie packet her so this is what industry needs to reveal a lot as John numbers said the biggest problem with the network differences that defenders think in this and at a casting sinking crap is as long as them this is true attacks world and I asked here because it's a lotta attack methods related to a cryptographic Patos so it's less very fast pay more attention to such source code security and the cryptographic security and I all uploaded decoder to Ahava after this meeting so thanks for listening [Applause]


One thought on “DEF CON 26 CRYPTO AND PRIVACY VILLAGE – Shi and Cai – Building a Cryptographic Backdoor in OpenSSL”

  • Henrik Andersson says:

    It's not nice to complain about it, but at this level the poor english pronunciation makes it very hard to understand what he's saying.

Leave a Reply

Your email address will not be published. Required fields are marked *