https://missing.csail.mit.edu/2019/security/


Security and Cryptography Overview

  • Focus on security concepts relevant to tools like Git and SSH.
  • Emphasis on practical cryptography concepts.
  • Not a substitute for formal security training.

Entropy: Measuring Randomness

  • Entropy quantifies randomness, crucial for password strength.
  • Measured in bits; higher values indicate stronger passwords.
  • Example: correcthorsebatterystaple vs Tr0ub4dor&3

Understanding Hash Functions

  • Maps arbitrary data to fixed-size values.
hash(value: array<byte>) -> vector<byte, N>  (for some fixed N)
  • Properties:
    • Deterministic,
    • non-invertible,
    • collision-resistant.
  • Example: SHA1, although no longer considered strong.
printf 'hello' | sha1sum

Applications of Hash Functions

  • Used in Git for content storage.
  • Summarizes file contents; aids in data verification.
  • Commitment schemes in secure communications.

Key Derivation Functions (KDFs)

  • Produce keys from passphrases for cryptographic use.
  • Designed to be slow to resist brute-force attacks.
  • Applications:
    • Creating encryption keys
    • Storing login credentials.
passwd

Symmetric Cryptography

  • Uses a single key for both encryption and decryption.
  • Keygen produces a random key for secure communication.
  • Example:
    • AES (Advanced Encryption Standard).

Asymmetric Cryptography

  • Involves a public and a private key.
  • Public key for encryption, private key for decryption.
  • Used in PGP email, private messaging, and software signing.

Key Distribution Challenges

  • Distributing public keys and associating them with identities.
  • Methods vary: Signal’s trust on first use, PGP’s web of trust, Keybase’s social proof.

Practical Security Tools


Password Managers

  • Store high-entropy passwords securely.
  • Examples: KeePassXC, pass, 1Password.

Two-Factor Authentication

  • Enhances security by requiring an additional authentication factor.

Full Disk Encryption

  • Protects data on stolen laptops.
  • Tools:
    • Linux: cryptsetup + LUKS,
    • Windows: BitLocker,
    • macOS: FileVault.

Private Messaging Security

  • Signal and Keybase use asymmetric encryption for privacy.
  • Key exchange is crucial for secure communication.

SSH: Secure Shell

  • Asymmetric key pair generation with ssh-keygen.
  • Private key encrypted, public key shared for server access.
  • Uses challenge-response for identity verification.

Conclusion and Additional Resources