Learn how the good guys implement cryptography and how the bad guys exploit it. Everything we do in the digital world is protected by cryptography. But when pure math and algorithms are implemented in code, vulnerabilities emerge and can be exploited by hackers and bad actors. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them. In Hacking Cryptography you'll find unique guidance for understanding how cryptography has failed time and again, including: • DUAL_EC_DRBG random number generation using backdoored constants
• Exploiting the RC4 stream cipher, as used in WEP
• Block ciphers for padding oracle attacks and manipulation of initialization-vectors
• Exploiting hash functions by using length extension and rainbow table attacks
• Implementing RSA key generation vulnerable to short private exponents and exploiting it using the Weiner attack
• Exploiting PKCS1.5 padding by using Bleichenbacher's signature-forgery attack In Hacking Cryptography you'll learn the common attack principles used against cryptographic security, and how to spot the implementation errors that make cryptography unsecure. Throughout, you'll explore historical examples where popular cryptography has failed, such as the root key compromise for Sony PlayStation 3, and see what impact those failures have had on modern cryptography. About the technology Even the strongest cryptographic systems in code and hardware leave cracks and vulnerabilities a would-be attacker can exploit. In this book, you'll learn to write cryptographically secure code, sidestep common pitfalls, and assess new bugs and vulnerabilities as they are discovered. About the book Hacking Cryptography helps you secure your systems by revealing the "lockpicks" bad actors use to break cryptographic security. It dives deep into each exploit, explaining complex concepts through real-world analogies, annotated examples, and pseudo-code—no advanced mathematical knowledge required. As you read, authors Kamran Khan and Bill Cox demystify opaque cryptography concepts and techniques so you'll understand the "why" behind each best practice. What's inside • Random number generator and backdoor constants
• RC4 encryption and WiFi security
• Rainbow tables for cracking hashed passwords
• Length extension and padding oracle exploits About the reader For software and security engineers. Examples in Go. About the author Kamran Khan is a software engineer with more than a decade of experience at Salesforce, Google, and Microsoft. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google. Table of Contents 1 Introduction
2 Random number generators
3 Implementing and exploiting RNGs
4 Stream ciphers
5 Block ciphers
6 Hash functions
7 Message authentication codes
8 Public-key cryptography
9 Digital signatures
10 Guidelines and common pitfalls for cryptographic implementations