old notes

cryptography

#cryptography

Intro to Crypto

Definitions

encryption: process of modifying a message or informationto prevent authorized access; plaintext to ciphertext w/ key

encoding: digital to binary; publicly available schemes for different circumstances

cypher: method of designing secret or hidden messages

Binary Encoding

  • 8 bits = 1 byte
  • 1 byte: 00000000 to 11111111
  • each byte can represent a number called a decimal

ASCII Encoding

  • convert decimal numbers to text encoding
  • Example: 84 = T, 118 = v, etc

Hex Encoding

  • numeric system made up of 16 symbols of A-F and 0-9
  • example: 52 = R, 7A = z

Octal Encoding

  • digits zero through seven.
  • octal value 042 represents the decimal 34.

https://www.rapidtables.com/

Goals of Cryptography

PAIN Model: Privacy, Authentication, Integrity, Non-Repudiation

  • privacy at rest & in motions
  • authentication: confirm the identities of the sender and receiver of data
  • integrity: not altering message
  • non-repudiation: cannot change history

Cryptography Cyphers

Stream cipher: algorithmn applied one bit (char) at a time

  • enigma
  • caesar cypher: shifting letters a set of number of positions from the original letter

Block cipher: applied in blocks of characters

  • transposition cypher: break input message into equal-sized blocks, rearrange letters of each block

OpenSSL: generate a random key and IV (init vector) to encrypt/decrypt terminal commands

  • create the key and initialization vector (IV) aka randomness
  • openssl enc -pbkdf2 -nosalt -aes-256-cbc -k mypassword -P > key_and_IV

  • enc stands for encryption.

  • -pbkdf2 specifies the encryption key type.

  • -nosalt specifies that salting will not be applied.

  • (Salting, which will be covered in more depth later, adds a random value.)

  • -aes-256-cbc is the name of the cipher used.

  • -k PASSWORD creates a key, with the password mypassword.

  • -P > key_and_IV prints out the key and IV to a file called key_and_IV.

  • For example: key=89E01536AC207279409D4DE1E5253E01F4A1769E696DB0D6062CA9B8F56767C8 iv =EE99333010B23C01E6364E035E97275C

decrypt openssl enc -pbkdf2 -nosalt -aes-256-cbc -in plainmessage.txt.enc -d -base64 -K 89E01536AC207279409D4DE1E5253E01F4A1769E696DB0D6062CA9B8F56767C8 -iv EE99333010B23C01E6364E035E97275C

  • The syntax is the same as the encryption except for -d

Modern Cryptography

key space = 2^bit size

  • key space: the possible range of numbers that can be used as a key for the encryption algo that is defined by the number of binary bits used in the key called bit size

Symmetric Key algos: single shared key

  • DES Data Encryption Standard – 56-bit from 70s
  • 3DES
  • AES Advanced Encryption Standard: 128, 192, 256-bits

Issues with SKE

  • offline exchange: you have to somehow exchange key yo
  • key management when too many

Asymmetric Key Encryptions

  • two-key pair: public & private
  • RSA from 70s = factorization of the product of two prime numbers to deliver encryption of 1024-bits and up to 2048-bit key length

GPG: GNU Privacy Guard

  • CLI tool to simplify creation, encryption, decryption of asymmetric key cryptography
  • see day 2

Hashing: SHA, SHA2, MD, LM, NTLM

  • irreversible/ one way
  • fixed lengths
  • used to store passwords verified against hash
  • see day 2

Encryption

  • bitlocker for Windows – symmetric disk encryption
  • Filevault for mac
  • S/MIME and PGP for emails
  • SSL Secure Socket Layer for web = public key cryp

Stenagraphy: hidden messages within files, images, or videos

SSL Certificates: X.509 is standard

  • data files that use public key cryp to secure connections between browser and web server
  • certificate authority (CA) to issue __ Steps to Issue SSL Cert__ (1) company documents to validate application authentic (2) unique IP address (3) CSR Certificate Signing Request: a block of encrypted data that is created on the web server where the SSL cert will be installed
  • when generating CSR, public key is sent to CA, private is on web server

root store: per-established list of trusted CAs for browsers; – root cert authorities top of trust chain, typically not org that issue SSL cert – intermediate cert authirities – issue cert, report to root auth

Steps to Access Web Traffic: (1) access a secure website, browser asks for cert details (2) server responds with copy of SSL cert and public key (3) browser validates cert by checking expiry and root CA (4) browser uses servers public key to create, encrypt and send a session key (5) server decrypts key, sends acknowledge, starts an encrypted session (6) secure web traffic begins w/ session key

Crytographic Attacks

Statistical Attack: exploits weakness in crypto algo by attemoting to determine in “random” values produced are actually predictable – mitigation: be sure algos use random values

Brute Force Attack: no shit

Birthday/Collision/Hashing Collusion Attack: exploit probability that two separate plaintexts that use the same hash algo will product the same ciphertext – based on probability theory called Birthday Paradox: for any given number of people, there will always be two that share a bday – mitigation: stronger hashing algo limit possibilities

Frequency Analysis for cracking substitution algos – analyze most frequently used letters and infer – mitigation: use a stronger encryption

Replay Attacks: attacker intercepts an encrypted message and replays it to the receiving party to get access, i.e. signal for garage door – mitigation: add an expiration time for data so it cant be used later

hashcat, steghide