Daniela Matos de Carvalho
Software Engineer @Dashlane, mother, photographer amateur, former @requirelx organiser, prev @YLDio, @zpx_interactive
Daniela Matos de Carvalho @sericaia
Jan, 14th
(source https://media.giphy.com/media/14kqI3Y4urS3rG/giphy.gif)
"hidden" "to write"
ciphertext
"I want water"
"kudh123y43grfdsjh323jhrgs"
ciphertext
"I want water"
"kudh123y43grfdsjh323jhrgs"
"I want water"
encryption
decryption
"attack!"
"exxego!"
(Image source https://upload.wikimedia.org/wikipedia/commons/thumb/8/8f/Gaius_Iulius_Caesar_%28Vatican_Museum%29.jpg/440px-Gaius_Iulius_Caesar_%28Vatican_Museum%29.jpg)
Marcus Antonius
(Roman General)
(Image source https://upload.wikimedia.org/wikipedia/commons/thumb/8/8f/Gaius_Iulius_Caesar_%28Vatican_Museum%29.jpg/440px-Gaius_Iulius_Caesar_%28Vatican_Museum%29.jpg)
"attack!"
"exxego!"
Marcus Antonius
(Roman General)
?
(image source: https://www.flickr.com/photos/daquellamanera/206181168)
Example: code obfuscation
(image source: https://www.flickr.com/photos/wapster/4479756238)
Example: URL
will be turned into
Example: emoji
Example: Image encoding
(image source: https://jakearchibald.com/2020/avif-has-landed/)
(image source https://media.giphy.com/media/xT5LMO521BqYaz0TxS/giphy.gif)
Example: Subresource Integrity
<link
rel="stylesheet"
href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T"
crossorigin="anonymous"
/>
It works by allowing you to provide a cryptographic hash that a fetched resource must match. (MDN)
Example: password hashing
password
hash
pw2hbPj3
rrE89xF8
pw2hbPj3
...
azMYigjy46F7gAYm
CNoa6Cfe6KHd3L5B
azMYigjy46F7gAYm
Example: password hashing
salt
password
hash
pw2hbPj3
rrE89xF8
pw2hbPj3
...
g7Kkosc5HEeTnmgq
eJNmGYYj8z7SaFm5
aFCSdgAR55YBfxm8
ar8o8R7k
65kpfRMQ
L3GJS9gg
(image source https://www.flickr.com/photos/152175890@N03/35958764831)
(gif source https://giphy.com/gifs/americangrit-john-cena-fox-tv-l1J3vV5lCmv8qx16M/links)
Confidentiality can be obtained using encryption to render the information unintelligible except by an authorized entity who uses an appropriate key to decrypt the encrypted information.
National Institute of Standards and Technology (NIST)
ciphertext
"I want water"
"kudh123y43grfdsjh323jhrgs"
"I want water"
encryption
decryption
ciphertext
encryption
decryption
👩
👨
ciphertext
"I want water"
"kudh123y43grfdsjh323jhrgs"
"I want water"
encryption
decryption
public key
private key
👩
👨
John
private
public
public
private
Sara
👩
ciphertext
encryption
👩
John's
public
ciphertext
👩
👨
ciphertext
ciphertext
decryption
👩
👨
John's
private
ciphertext
👩
signed message
signing
Sara's
private
signed message
verifying
Sara's
public
👨
It was
Sara!
PGP
Webauthn
...
application layer
transport layer
TCP
HTTP
TLS
application layer
transport layer
TCP
HTTP
TLS
encryption layer
server
client
ClientHello
ServerHello
server
client
ClientHello
ServerHello
from asymmetric to
symmetric encryption
(image source https://victoria.dev/blog/what-is-tls-transport-layer-security-encryption-explained-in-plain-english/)
with Message Authentication Code (MAC)
Encrypted Message
MAC
Headers
PGP
Webauthn
...
(gif source https://media.giphy.com/media/FVAvmLbptzZpC/giphy.gif)
Daniela Matos de Carvalho @sericaia
Jan, 14th
By Daniela Matos de Carvalho
Software Engineer @Dashlane, mother, photographer amateur, former @requirelx organiser, prev @YLDio, @zpx_interactive