Introduction to CryptoTools - An Experiment in Design
scribdcom24
7 views
23 slides
May 31, 2024
Slide 1 of 23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
About This Presentation
Introduction to CryptoTools, and cryptography in general using storytelling in the style of Blade Runner.
Slide Content
Date DescriptionSlide Number
Wednesday, April 3, 2024Introduction to CryptoTools1
CryptoTools
An Experiment in Design
by Micah Henning
https://cryptotools.dev
Wednesday, April 3, 2024Introduction to CryptoTools1
CryptoTools
An Experiment in Design
by Micah Henning
https://cryptotools.dev
Date DescriptionSlide Number
Goals
•Learn about Cryptography
•Be entertained
•Possibly gain a newfound reverence for chickens
Wednesday, April 3, 2024Goals of Presentation2
Goals
•Learn about Cryptography
•Be entertained
•Possibly gain a newfound reverence for chickens
Wednesday, April 3, 2024Goals of Presentation2
Date DescriptionSlide Number
Disclaimer
Wednesday, April 3, 2024Disclaimer3
Disclaimer
Wednesday, April 3, 2024Disclaimer3
Date DescriptionSlide Number
Wednesday, April 3, 2024No really, who am I4
Who am I?
What Dall-E thinks I look like
Wednesday, April 3, 2024No really, who am I4
Who am I?
What Dall-E thinks I look like
Date DescriptionSlide Number
Wednesday, April 3, 2024Low-Key Farmer5
Wednesday, April 3, 2024Low-Key Farmer5
Date DescriptionSlide Number
Wednesday, April 3, 2024Motivation6
Cryptography is hard.
Wednesday, April 3, 2024Motivation6
Cryptography is hard.
Date DescriptionSlide Number
Existing Tools
•Few features, limited control
•Server-side processing
•Closed-source / proprietary
•Incorrect results
•Hard to use or lacked good design
Wednesday, April 3, 2024Existing Tools7
Existing Tools
•Few features, limited control
•Server-side processing
•Closed-source / proprietary
•Incorrect results
•Hard to use or lacked good design
Wednesday, April 3, 2024Existing Tools7
Date DescriptionSlide Number
Wednesday, April 3, 2024An Experiment in Design8
10 Principles of Good Design
1.Good design is innovative.
2.Good design makes a product useful.
3.Good design is aesthetic.
4.Good design makes a product understandable.
5.Good design is unobtrusive.
6.Good design is honest.
7.Good design is long-lasting.
8.Good design is thorough down to the last detail.
9.Good design is environmentally friendly.
10.Good design is as little design as possible.
Wednesday, April 3, 2024An Experiment in Design8
10 Principles of Good Design
1.Good design is innovative.
2.Good design makes a product useful.
3.Good design is aesthetic.
4.Good design makes a product understandable.
5.Good design is unobtrusive.
6.Good design is honest.
7.Good design is long-lasting.
8.Good design is thorough down to the last detail.
9.Good design is environmentally friendly.
10.Good design is as little design as possible.
Date DescriptionSlide Number
Wednesday, April 3, 2024Introduction to Cryptography9
Cryptography
Wednesday, April 3, 2024Introduction to Cryptography9
Cryptography
Date DescriptionSlide Number
Wednesday, April 3, 2024The Fight for Los Angeles10
AliceBob
Eve
Wednesday, April 3, 2024The Fight for Los Angeles10
AliceBob
Eve
Date DescriptionSlide Number
Wednesday, April 3, 2024Encryption11
Encryption
Caesar Cipher Example
1.Confusion
2.Diffusion
Essential Properties
1.Symmetric (one key)
2.Asymmetric / Public Key
Key Types
PlaintextPlaintextCiphertext
Secret Key
EncryptionDecryption
Numquam te derelinquam, numquam te decipiam.
Pwoswco vg fgtgnkpswco, pwoswco vg fgekrkco.
ABCDE…
Key: 2ABCDE…
Wednesday, April 3, 2024Encryption11
Encryption
Caesar Cipher Example
1.Confusion
2.Diffusion
Essential Properties
1.Symmetric (one key)
2.Asymmetric / Public Key
Key Types
PlaintextPlaintextCiphertext
Secret Key
EncryptionDecryption
Numquam te derelinquam, numquam te decipiam.
Pwoswco vg fgtgnkpswco, pwoswco vg fgekrkco.
ABCDE…
Key: 2ABCDE…
Date DescriptionSlide Number
Wednesday, April 3, 2024Encryption Symmetry12
Encryption1.Symmetric (one key)
2.Asymmetric / Public Key
Key Types
PlaintextPlaintextCiphertext
Secret Key
EncryptionDecryption
Symmetric Key Encryption
PlaintextPlaintextCiphertext
Public Key
EncryptionDecryption
Private Key
Public Key Encryption
Wednesday, April 3, 2024Encryption Symmetry12
Encryption1.Symmetric (one key)
2.Asymmetric / Public Key
Key Types
PlaintextPlaintextCiphertext
Secret Key
EncryptionDecryption
Symmetric Key Encryption
PlaintextPlaintextCiphertext
Public Key
EncryptionDecryption
Private Key
Public Key Encryption
Date DescriptionSlide Number
Wednesday, April 3, 2024The Secret13
nRp3WQkFI6j09RsQXc83QkSplfwtB/N7wzd1cyGC++A=
AES-256-GCM
7hhLFq9gN0HAKVir
FamBdpl+eLgzjNWWqmX7f7GSkA+VC33KNlrdw2v0X3K+0mE9DJ64JtCvhi/bfZO760
NToZfIYPj4Eh61BVPTd/o8g9D9Hl2GcKlg/pKf55ZHR6/06TZo4L708+00gKoaeXv9
egGkY3WhpMBlFa+v+dV9VO8Su/I6TuHjX3aqi0M6pvjgvGjhecM2JR3ctNsGZlhpU9
R0rHrC/igDhcKurT3ZN6MtrhrJW2uc6qhNNp24uH4aAsXzOkI1szMbUrG8APy4pmUM
3qehF9fTu80b65qIFS5DzreHZs3zC68SYNK+dEwqLi0VcVaNxWWVddZZjueVypMmmW
msiZPFM5QLw2RZ3cNGAPoo23VJ7hJNYJBzKCvuFQ8pbPTeEY75YVlqViO7aIjuuXWN
vaWzu73YHNj+1lfCwEI1mvrRsV568e/oakp39ME3u3MX09dJNin5uM+ijZ7cEJLgRd
/PZlB/nPc7DquXPN4HdBsgBVsg5e/fEDz7KaMnLJgSQ1Ept+a+NByEUWwx/EynJm6d
nnyZoLMIUM2tGjCwMSeVbMk3tpeRJcVv4S3Mmx9dAE1rk6JBPU7Dhd8Y4XeNr6v3XN
esbyF6Ca7DWoaoqsZ6gYzvi7yNHUJlCBXcInLagzF3PF3C+dLEGBDPU52lP97/DGqD
tGj6egXBIwZjyYHiG23Qw9QTpy+OlnVZZLqoImQObYDRXizZ6eQiJNVWPakSHySe9i
3ELkNLupLt6as0qt2UJovbM/YRYMwQgzeiZt7Ul8T/l8Aqcks04rsKvfm1UeURHiCD
22j9fWOUQ6p3JyfIUj8vKdJJ/KYVYY5TQpXyzuYAxAAlG6h2geuWDlfN67JaSPpWOk
sSsTFTnaBSsjqzCz1EpGvAYHQUR9xTKQJPaGK0aGc01qz2h2iacssdLU03VWwGOVc0
Fk68EyOd+d7/GQLw2zcZ2P1INk5iN14yLhEuow6rgoOayDWdmF0fnHkgUm+kPRI4aG
sGc3ICg0wFa/fcTXKIBHyzXs9ZHTRcTGEGxf4CGM3zvD0d0lWarfMhYiRu8owvcMxt
NmjcqQdZ5K2wLnTleUfg59ertrHYzp09Khy7E/f4puAyANaOSDYja2HnlG6Ny8LE0B
i0+yVBlz5dd3sA5laxWVgZJt3SymtB/NYI0U70HQpsePlQqgVEVKJe0cpuxKKPsNk=
Wednesday, April 3, 2024The Secret13
nRp3WQkFI6j09RsQXc83QkSplfwtB/N7wzd1cyGC++A=
AES-256-GCM
7hhLFq9gN0HAKVir
FamBdpl+eLgzjNWWqmX7f7GSkA+VC33KNlrdw2v0X3K+0mE9DJ64JtCvhi/bfZO760
NToZfIYPj4Eh61BVPTd/o8g9D9Hl2GcKlg/pKf55ZHR6/06TZo4L708+00gKoaeXv9
egGkY3WhpMBlFa+v+dV9VO8Su/I6TuHjX3aqi0M6pvjgvGjhecM2JR3ctNsGZlhpU9
R0rHrC/igDhcKurT3ZN6MtrhrJW2uc6qhNNp24uH4aAsXzOkI1szMbUrG8APy4pmUM
3qehF9fTu80b65qIFS5DzreHZs3zC68SYNK+dEwqLi0VcVaNxWWVddZZjueVypMmmW
msiZPFM5QLw2RZ3cNGAPoo23VJ7hJNYJBzKCvuFQ8pbPTeEY75YVlqViO7aIjuuXWN
vaWzu73YHNj+1lfCwEI1mvrRsV568e/oakp39ME3u3MX09dJNin5uM+ijZ7cEJLgRd
/PZlB/nPc7DquXPN4HdBsgBVsg5e/fEDz7KaMnLJgSQ1Ept+a+NByEUWwx/EynJm6d
nnyZoLMIUM2tGjCwMSeVbMk3tpeRJcVv4S3Mmx9dAE1rk6JBPU7Dhd8Y4XeNr6v3XN
esbyF6Ca7DWoaoqsZ6gYzvi7yNHUJlCBXcInLagzF3PF3C+dLEGBDPU52lP97/DGqD
tGj6egXBIwZjyYHiG23Qw9QTpy+OlnVZZLqoImQObYDRXizZ6eQiJNVWPakSHySe9i
3ELkNLupLt6as0qt2UJovbM/YRYMwQgzeiZt7Ul8T/l8Aqcks04rsKvfm1UeURHiCD
22j9fWOUQ6p3JyfIUj8vKdJJ/KYVYY5TQpXyzuYAxAAlG6h2geuWDlfN67JaSPpWOk
sSsTFTnaBSsjqzCz1EpGvAYHQUR9xTKQJPaGK0aGc01qz2h2iacssdLU03VWwGOVc0
Fk68EyOd+d7/GQLw2zcZ2P1INk5iN14yLhEuow6rgoOayDWdmF0fnHkgUm+kPRI4aG
sGc3ICg0wFa/fcTXKIBHyzXs9ZHTRcTGEGxf4CGM3zvD0d0lWarfMhYiRu8owvcMxt
NmjcqQdZ5K2wLnTleUfg59ertrHYzp09Khy7E/f4puAyANaOSDYja2HnlG6Ny8LE0B
i0+yVBlz5dd3sA5laxWVgZJt3SymtB/NYI0U70HQpsePlQqgVEVKJe0cpuxKKPsNk=
Date DescriptionSlide Number
Wednesday, April 3, 2024Cryptographic Hash Functions14
Never gonna
Never gonna give you up
Never gonna let you down
Never gonna let you chown
7cbf6ae11c11ea83571b259a0917da293a2c17b1
c157392770e70f58269186d1d8674f3f0b7981be
afefef58e74ff82cda6948fb41c8302444372223
ee0506072ca49980cf90063ea00408f3443f715d
1.Pre-image resistance
2.Second pre-image resistance
3.Collision resistance
Essential Properties
Cryptographic Hash Functions
1.NSA’s Secure Hash Algorithms (SHA-1, SHA-2)
2.Ronald Rivest’s MD2, MD4, MD5, and MD6
3.Keccak and its derivatives (SHA-3, KangarooTwelve)
Common CHF Algorithms
Message Digest
Wednesday, April 3, 2024Cryptographic Hash Functions14
Never gonna
Never gonna give you up
Never gonna let you down
Never gonna let you chown
7cbf6ae11c11ea83571b259a0917da293a2c17b1
c157392770e70f58269186d1d8674f3f0b7981be
afefef58e74ff82cda6948fb41c8302444372223
ee0506072ca49980cf90063ea00408f3443f715d
1.Pre-image resistance
2.Second pre-image resistance
3.Collision resistance
Essential Properties
Cryptographic Hash Functions
1.NSA’s Secure Hash Algorithms (SHA-1, SHA-2)
2.Ronald Rivest’s MD2, MD4, MD5, and MD6
3.Keccak and its derivatives (SHA-3, KangarooTwelve)
Common CHF Algorithms
Message Digest
Date DescriptionSlide Number
Wednesday, April 3, 2024The Payload15
820a585de241523f7da40c0dcbc42228f39460b
3f627d109873952c0e3c83e62
SHA-256
payload.gif
Wednesday, April 3, 2024The Payload15
820a585de241523f7da40c0dcbc42228f39460b
3f627d109873952c0e3c83e62
SHA-256
payload.gif
Date DescriptionSlide Number
Wednesday, April 3, 2024Digital Signatures16
Digital Signatures
PlaintextPlaintextCiphertext
Public Key
EncryptionDecryption
Private Key
Public Key Encryption
HashHashSignature
Private Key
SignVerify
Public Key
Public Key Digital Signing
Plaintext
CHF
Wednesday, April 3, 2024Digital Signatures16
Digital Signatures
PlaintextPlaintextCiphertext
Public Key
EncryptionDecryption
Private Key
Public Key Encryption
HashHashSignature
Private Key
SignVerify
Public Key
Public Key Digital Signing
Plaintext
CHF
Date DescriptionSlide Number
Wednesday, April 3, 2024The Command17
ECDSA P-256 SHA-256
DEPLOY THE PAYLOAD AT 0600
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExSNjMSf
ypOrTln5fdWXTI0iEdXzGlqzkclEE6jcxoPOSnF7ohh
DQ1DTei2I70K45B1mIENewvyRivKxZoNCiDw==
-----END PUBLIC KEY-----
iMmtNXnP+1fDFWwjmAN9C9glJvW3jPAyPLevm4dTksL
028sJ/RJ80HtHmVrOoVXP+fpWGx0n9rQzDdGxqySt6Q
==
Wednesday, April 3, 2024The Command17
ECDSA P-256 SHA-256
DEPLOY THE PAYLOAD AT 0600
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExSNjMSf
ypOrTln5fdWXTI0iEdXzGlqzkclEE6jcxoPOSnF7ohh
DQ1DTei2I70K45B1mIENewvyRivKxZoNCiDw==
-----END PUBLIC KEY-----
iMmtNXnP+1fDFWwjmAN9C9glJvW3jPAyPLevm4dTksL
028sJ/RJ80HtHmVrOoVXP+fpWGx0n9rQzDdGxqySt6Q
==
Date DescriptionSlide Number
Wednesday, April 3, 2024Official Payload Upload Footage18
Wednesday, April 3, 2024Official Payload Upload Footage18
Date DescriptionSlide Number
Wednesday, April 3, 2024Never gonna let you down19
Wednesday, April 3, 2024Never gonna let you down19
Date DescriptionSlide Number
What else can CryptoTools Do?
•SHA-1 and SHA-2 Digest Generation
•Pseudorandom Number Generation
•Crypto key generation, export, and import
•Encryption and Decryption (AES, RSA)
•Signing and Verifying (RSA, ECDSA, HMAC)
•Password Hashing
•Secure Remote Password Protocol
Wednesday, April 3, 2024Additional CryptoTools Features20
What else can CryptoTools Do?
•SHA-1 and SHA-2 Digest Generation
•Pseudorandom Number Generation
•Crypto key generation, export, and import
•Encryption and Decryption (AES, RSA)
•Signing and Verifying (RSA, ECDSA, HMAC)
•Password Hashing
•Secure Remote Password Protocol
Wednesday, April 3, 2024Additional CryptoTools Features20
Date DescriptionSlide Number
Safety
•All operations happen in the browser (there is no server)
•The code is open-source and auditable
•All commits are cryptographically signed
•All operations use the browser’s Web Crypto API when possible. Care was taken to select libraries with minimal dependencies
•There is a Software Bill of Materials
•Private/Secret keys are not accessible to scripts unless the key was generated or imported with the export option
•Storage of keys is in IndexedDB; the CryptoKey objects stored in the local DB only reference the secret/private key material. The
browser handles their secure storage
•IndexedDB follows Same Origin policy
•HSTS, DNSSEC, Content Security Policy, and security headers are all implemented (A+ rating in Mozilla Observatory)
Wednesday, April 3, 2024Cryptography Safety21
Safety
•All operations happen in the browser (there is no server)
•The code is open-source and auditable
•All commits are cryptographically signed
•All operations use the browser’s Web Crypto API when possible. Care was taken to select libraries with minimal dependencies
•There is a Software Bill of Materials
•Private/Secret keys are not accessible to scripts unless the key was generated or imported with the export option
•Storage of keys is in IndexedDB; the CryptoKey objects stored in the local DB only reference the secret/private key material. The
browser handles their secure storage
•IndexedDB follows Same Origin policy
•HSTS, DNSSEC, Content Security Policy, and security headers are all implemented (A+ rating in Mozilla Observatory)
Wednesday, April 3, 2024Cryptography Safety21
Date DescriptionSlide Number
What’s Next?
•PGP Support
•X.509 (Certificates)
•SHASUMS file generation
•Operation Time calculations
•Warnings for insecure operation/configuration
•CryptoKey Derivation
•Safe Prime Generation
•Yescrypt, scrypt, argon2 Password Hashing
Wednesday, April 3, 2024The Future22
What’s Next?
•PGP Support
•X.509 (Certificates)
•SHASUMS file generation
•Operation Time calculations
•Warnings for insecure operation/configuration
•CryptoKey Derivation
•Safe Prime Generation
•Yescrypt, scrypt, argon2 Password Hashing
Wednesday, April 3, 2024The Future22
Date DescriptionSlide Number
Thank you!
Wednesday, April 3, 2024Mission Complete23
https://cryptotools.dev
Thank you!
Wednesday, April 3, 2024Mission Complete23
https://cryptotools.dev
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 23
- Age 551 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views