Ethical Hacking
Ethical Hacking
Cryptography
Key terms
Cryptography
Symmetric – Same key to decrypt and encrypt
Asymmetric – different key ( in pairs)
Classic cipher – typically can be resolved without computer, otherwise called modern
Plaintext – text before encryption
Ciphertext – text after encryption
Key – secret string use to perform encryption/decryption operation
Cryptanalysis – attack against ciphertext try to recover plaintext or key
Hashing
Uniqueness : design to tell if two inputs are different
Comparability: Use fixed length output string to represent arbitrary length of input
Key terms
Properties of cryptography
Protection of CIA ( C – encryption, I – hashing , signature, A – none )
Deterministic – given a function, data and key, you should be able to get the result as expected
Reversible – there must exist some way to recover the original message
Elements of cryptography algorithm
Substitutions – replacement of symbol of character, encoding / decoding
Transposition – change the reading order of source data
Diffusion – number of total result bits (%) triggered by change of bit at source
Confusion – unable to easily find relationship between ciphertext and (key/plaintext)
Type Algorithm Key space Encryption key Decryption Key Attack by
Caesar Classic Substitution 1 letter Key1 Key1 Brute force
Vigenère Classic Substitution >= 1 letter Key1 Key1 Brute force + statistic
Transposition Classic Transposition Varies Key1 Key1 Statistical analysis
Hill Cipher Classic Matrix Ops >= 2 letter Key1 (key1)-1 Statistic
Encoding Classic Coding scheme None None None Coding detection
One-time pad Classic Substitution = len(plaintext) Key1 Key1 Repeated use
Steganography classic Unknown Unknown optional Depends Entropy, analysis
Type Algorithm Key space Encryption key Decryption Key Attack by
DES Modern Keyed-XOR
S-box
Permutation 56-bit Key1 key1 Brute-force
AES Modern Keyed-XOR
S-box
Mixing 128, 192, 256-bits Key1 Key1 Weak key
RSA encrypt Modern Modular, factoring 1024, 2048-bits key1(public) key1 (private) Weak n, e
RSA signature Modern Modular, factoring 1024, 2048-bits
key1 (private)
key1(public)
Weak n, e
elliptic curve (ECC) Modern Projective coordinates 128, 256-bits ~key1(public) ~key1(private) Weak curve
Diffie–Hellman modern Modular, factoring
Varies Key1(private) + key1 (public) + key2(public) Key2(private) + key1 (public) + key2(public) Host-based
Hashing
(MD5,SHA) Modern XOR, modular, bits operations None None None Weak key space, internal state
Symmetric cryptography
Common Encryption Algorithms
DES (Data Encryption Standard)
3DES ( improved version of DES)
AES (Advanced Encryption Standard)
AES128 = 10 rounds, AES256 = 14 rounds
DES AES
Developed 1977 2000
Key Length 56 bits 128, 192, or 256 bits
Rounds 16 10, 12, 14
Cipher Type Symmetric block cipher Symmetric block cipher
Block Size 64 bits 128 bits
Security Proven inadequate Considered secure
DES
Features:
Permutation (S-Box)
Key Scheduling
XOR mixing
Substitution
Output feedback
DES Animation
AES
AES Rijndael Cipher – Visualization
AES Explained (Advanced Encryption Standard) – Computerphile
Cryptohack
https://cryptohack.org/challenges/aes/
Cryptanalyses
Boomerang attack
Brute-force attack
Differential cryptanalysis
Integral cryptanalysis
Linear cryptanalysis
Meet-in-the-middle attack
Mod-n cryptanalysis
Related-key attack
Slide attack
/docProps/thumbnail.jpeg