PyCon 2014

Estado del arte y futuro de la criptografía para aplicaciones Python

Jarret Raim, Paul Kehrer  · 

Presentación

Vídeo

Transcripción

Extracto de la transcripción automática del vídeo realizada por YouTube.

so on make sure my clicker is working here alright so I'm jarem as we mentioned I'm the cloud security product manager at Rackspace so my job is to basically build products that our customers meet are used to meet various security needs as part of

the configurations and I'm Paul carer and I my software developer on barbican which is a key management service for OpenStack and in my spare time I unfortunately do a lot of crypto so well today we're gonna be talking about the the state of crypto

in Python so we put this talked in months and months and months ago and kind of since that point we've actually been working on a library that will talk about tonight that kind of does a little bit of trying to solve this problem but the running joke and

our communities we're working on this libraries that it's basically a library created by people who make poor life choices because working in crypto is something else for sure so as we kind of get started one of the things we want to talk about a little

bit as you know what do we actually want out of a cryptic library I don't know why the want is no longer on the slide but we'll pretend that it's there and so as we went out and looked at at the crypto libraries one of the products that I'm

working on at Rackspace is a product called barbican it's a key management service for OpenStack which is an open source cloud platform and so one of the things we're looking as well we're going to be doing a lot of crypto work and barbican so

we need to really understand what the crypto kind of landscape is in Python because everything in OpenStack is in python is we really went out there and we looked it all right well what do we what do we want out of a crypto library and so the first thing we

want to be able to do is kind of make sure that we have the standard set of algorithms that we need right and so whenever you're writing a library other people are going to use that are going to be part of a big open source kind of system that needs interoperability

and make sure that all the standard libraries are available for you know whatever use cases that your customers want in addition that we wanted to make sure that it was open source right so everything that that is in OpenStack is Apache to everything that

we work on everything at Rackspace but most of the things that we work on our rack space or open source and from a security standpoint you know it's always a little bit better if the code is open source and you can have access to it you take a look at

yourself audit yourself and kind of pay attention what's going on we wanted to have a pretty wide variety of Python support right so we didn't want something that was locked 227 we wanted to be able to do pi/3 we want to be able to do pie pie and some

of the various options that are out there and finally we wanted something that was maintained and strongly tested one of the things that we've noticed in a lot of the Python options that are out there now is that they're kind of a varying levels of

both of those things it's really what we were looking for in the grand scheme of things is a constellation of features for these libraries that would make something that we could build on for a long period of time right crypto code is not something you

want to go in and screw with on a day-to-day basis and so something that we could go in and build something on and provide other people that we could rely on for a while it's kind of something that we were looking for so we wanted to look at at what was

out there right so we looked at you know openssl in botan and crypto plus plus and the crypto API and NSS and common crypto and G krypton polar SSL and all these libraries that are out there I mean they're just dozens and dozens libraries that people put

together and one thing that you notice about all of these is that they're all written in C right and so why is that really the case and for those of you who probably already know the answer this it's that C allows a lot of low-level control that you

cannot get with managed languages such as Python specifically there are things like timing and memory attacks uninitialized memory it's but the timing is actually one of the most extensive problems when you do things in crypto it's very important to

do things constant time that means if you succeed if you fail what kind of bite you just processed all those things need to be they should be irrelevant from the standpoint of the amount of time and ideally the amount of power consumed by the process so those

are things that unfortunately Python for all its wonderful parts cannot offer us right now we obviously would like to have existing code well obviously we just talked about that and it turns out to be an extensive amount of existing code in crypto now whether

or not it's good well you guys can draw your own conclusions for the moment but it exists reviewed code now again some of the more recent things might imply that the reviews or maybe not as good as they should be over on the seaside but in general these

projects have seen a lot of use most of their code is well reviewed maybe not so much in the TLS extension component but in general and you can largely trust it especially a lot of symmetric primitives with things like a GCM allows you to do low-level behaviors

using actual Hardware extensions to guarantee constant time so these are things that have been developed over a long period of time and are very reliable in the future there there are some interesting languages that are very fast like rust and go that may

have some ways to get away from sea but at the moment if you want fi then the only game in town and see I think we managed to make it about a minute and a half before we made openssl jokes that's pretty that's better than I thought it's pretty

good all right so we kind of went looked at at the major libraries and see right so we were gonna look at all of them there are dozens and dozens and dozens and dozens but we decided to try to pick what we thought was a reasonable sample of what people actually

use right so open SSL is obviously the king daddy that's you know the the most common that you see it's it's the most widely deployed that used in all kinds of platforms all over the place NSS which was originally the netscape library which is

now mostly used by firefox to do all of its crypto although it's used in a couple of other areas yeah Red Hat uses a quintic steer it uses it quite extensively as well so that one's out there NaCl so which we're actually supposed to call salt but

no one ever does and then boat on which is actually a relatively interesting library it's one of the sea libraries that actually has a little bit better testing story than most which is why we kind of included it here that was kind of interesting in that

case we looked at common crypto from Apple we look at the the Microsoft side of things and then we looked at at lib decrypt which when we got into this neither of us had ever actually heard of and we were kind of shocked when we looked the download counts

and Lib g crypt was like super high up and it turns out that it's mostly i think a debian vendetta right yeah the debian has some strong views on free software of course and so lib she tripped and new TLS or something they push libraries to use or sorry

packages inside their repos you yeah so it ended up being quite widely deployed much wider than we thought and so we kind of spent a little time looking at that and so if you look at the top kind of the stuff that we cared about right we want to care that

it was open source we cared that it was cross-platform right we cared that it was maintained we did want to look at kind of ubiquitous is kind of a little bit of a subjective measure but like how likely is it that you as a developer or a consumer of your library

would have access to that particular piece we wanted to make sure that it had the standard algorithm so that you could go and actually you know ask for GCM and get GCM right and one thing that I'm not sure how much we care so much about but one thing that

does come up in crypto conversations especially with your larger enterprise customers is phipps compliance or Common Criteria compliance both of which are kind of granted by the US government these days so I'm not sure that we care as much anymore I cannot

stress enough you do not want phipps oh right yes if you were going to use openssl don't use the tips branch that stuff's messed up so anyway it's one of those things that like you do hear about it I think you know the NSA is pretty much screwed

that up for everybody at this point so I'm not sure that we care so much anymore but it was something that we looked at and and of course you know I mean openssl comes out on top which is not too much of a surprise I mean it was kind of what we expected

going into it but there were some other pieces that were interesting like nacl is really cool unfortunately it doesn't really have the standard algorithms that you need so that makes it kind of hard some of these things are really hard to build and they

don't necessarily work too well in certain environments obviously the apple stuff and the microsoft stuff you know reasonably good but some of its not open source it's obviously not available in a lot of different platforms and so having access to

it is is not super great and so we're looking at these these types of things open SSL was kind of where we'll spend most of our time talking but as we'll talk about a little bit later there is we've kind of allowed 4 ways for people to use

some of these other options and in some cases there are really good reasons if you're sitting on top of an Apple device or sitting on top of something running Windows to use those particular platforms rather than using a bundled openssl in fact all the

people that didn't have to patch for heart later probably happy about that at the moment although they might have had to patch for go to fail well yeah so kind of stepping up okay now we looked at the c libraries right so now we know what the state of

the world is in see those are our options right so now we can look at how like what how Python can actually use those libraries right and so there's a series of kind of Python libraries here we got em to crypto pi crypto pi openssl the pipe on SS guys

and then botan also has a a Python version of it and so what we cared about here was kind of what back-end that particular library used so what c library it was using to actually do its work again we care about maintenance and we care deeply about Python support

right so we wanted to make sure that we could do PI 3 and we could do pie pie and some of these other kind of options that are out there which tends to be somewhat of a problem for libraries that are dumping everything down into see we wanted to look at the

[ ... ]

Nota: se han omitido las otras 5.544 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.