Cryptopgraphy Flashcards
Cryptography
Hashing is used for
INTEGRITY
- Does not provide confidentiality or Availability
Cryptography
Hash collision is what
Hashing of 2 different sets of data, 2 different types of plaintext provide the same hash
Cryptography
What is a Hash function
VARIABLE LENGTH plaintext (input) is hased into FIXED LENGTH value (output) or Message Digest (MD)
Cryptography
MD5 fixed length hash
128 bit
Cryptography
8 Hash functions
SHA 1
SHA 2
SHA 3
HAVAL
RIPEMD
RIPEMD160
Salt (Salting)
Nonce
SHA - Secure Hash Algorithm
HAVAL - Hash of Variable Length
RIPEMD developed to ensure no government backdoors
Cryptography
HAVAL
Hash Digest length variable lengths
128 bits
169 bits
192 bits
224 bits
256 bits
Cryptography
Primary function and method of salting
Prevent dictionary attacks
Random data used as additional input to one way function
Cryptography
Primary function of Nonce
Random number issue in authentication protocol to ensure old communications cannot be reused in replay attacks
Nonce - Number Once
Cryptography
3 types of encryption
- Asymmetric
- Symmetric
- Hybrid Encryption
Asymmetric
* Does not need pre shared key. 2 keys per user i.e. 2 users, 4 keys. 10 users, 20 keys
* Slower, weaker per bit
Symmetric
* Faster, stronger per bit
* Needs pre-shared key.. Unmanagable with many users
Hybrid
* Uses Asymmetric encryption to share a symmetric key
Cryptography attacks
Steal the key
Recover the private key
Cryptography attacks
Brute force
Use entire key space and every possibly entry
Time consuming
Lots of false positives
Cryptography attacks
Key Stretching
Adds 1-2 seconds to password verification
Makes brute forcing unfeasible as time involved is to long
Cryptography attacks
Digraph attack
Looks for common pairs of letters
(TH, HE, IN, ER)
Similar to frequency analysis
Determine how often particular letters are used
Cryptography attacks
Man-in-the-middle (MITM)
Attack in middle, relays and may alter communication between 2 parties
Cryptography attacks
Session Hijacking
(TCP Session hijacking)
Attacker takes over web users session ID and masquerades as the authorised user
Session IDs are predictable
Cryptography attacks
Social Engineering
Convincing people to give up information by manipulating their trust
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity
Cryptography attacks
Social engineering Techniques
- Authority
- Intimidation
- Consensus
- Scarcity
- Urgency
- Familiarity
- Someone you believe you trust tells you to do something
- If you do not do something, then something bad will happen
- Following the crowd - everyone else was doing it
- Only a few things left available
- Do it now or under time constraints
- Common ground between you and the attacker to build trust
Cryptography attacks
Rainbow Table
List of plaintext and matching ciphertexts
Cryptography attacks
Known Plaintext
Knowing plaintext and cipher text allows you to try and figure out the key
Cryptography attacks
Adaptive Chosen Plaintext
Similar to chosen plaintext but attack “adapts” following rounds
Cryptography attacks
Meet in the middle
Attacker has to know some parts of the plaintext and ciphertext
Cryptography attacks
Known Key
Attacker knows “something” about the key
8 characters, first letter has to be a capital
Makes targeting brute force or alternative methods easier
Cryptography attacks
Differential Cryptananalysis
Trying to determine the difference between plaintexts
Tries to find the difference between the related plaintexsts; if the plaintext are only a few bits different, cant we discern anything
Cryptography attacks
Linear Cryptanalysis
Attacker has a lot of plaintext/ciphertext pairs created with the same key
Attacker studies the pairs to learn information to deipher the key used
Cryptography attacks
Differential Linear Cryptanalysis
Differential and Linear Cryptanalysis combined
Cryptography attacks
Side Channel Attack
Attackers use physical data to break a crypto system
CPU cycles
pwoer consumption while encrypting
Cryptography attacks
Implementation Attacks
Vulnerability left behind from poor or improper implementation
Easier to find a flaw in the system than break cryptography
Cryptography attacks
Key Clustering
2 different symmetric keys used to produce same ciphertext
When 2 different symmetric keys used on the same plaintext produce the same ciphertext, both can decrypt ciphertext from the other key
Cryptography attacks
Pass the hash
Attacker obtains a hased password and can pass it on to a system
Kerberos Exploitation
Overpass the Hash
Used when NTLM is disabled
NTLM = New Technology Lan Manager
* Suite of microsoft protocols for authentication
Kerberos Exploitation
Pass the Ticket
Attackets collect tickets held in the Isass.exe process
Inject tickets impersonating the user
Kerberos Exploitation
Silver Ticket
Uses NTLM hash of a service account to make a TGS ticket
TGS
* Ticket granting service
Kerberos Exploitation
Golden Ticket
Attacker gains access to the hash of the Kerberos service account and can create any tickets they want within AD
Kerberos Exploitation
Kerberos Brute Force
Attackers guess password and username as windows reports if a username is invalid
Kerberos Exploitation
ASREPRoast
Used to identify users who do not have Kerberos Pre-authentication enabled
Attacker sends auth request to KDC
KDC responds with clients encrypted password
Attacker can decrypt offline
KDC
* Key Distribution Center
Kerberos Exploitation
Kerberoasting
Attacker collects encrypted TGS tickets
Attempts to decrypt them offline
Looking for users that do not have Kerberos pre-authentication enabled
Kerberos Exploitation
Fault Injection
Attacker trying to compromise the integrity of cryptographic devices by introducing external faults
Active side channel attacks
Putting temperature up causing machine to use more power
Symmetric Encryption
Requires a pre-shared key
n(n-1) / 2
Formula helps detemine number of keys required
Data Encryption Standard: DES
5 different modes
Data Encryption Standard
(DES)
- Block
- Stream
- Initialisation Vector
- If encryption
Symmetric Encryption: DES
Electronic Code Book
(ECB)
Data Encryption Standard
(DES)
No initialisation vector or chaining
2 separate encryptions with the same plaintext woudl produce the identical ciphertext
Symmetric Encryption: DES
Ciper Block Chaining
(CBC)
Data Encryption Standard
(DES)
First block encrytped uses the initialising vector
Subsequent block uses XOR from the first block
If ther is an error in encryption, every encryption there after will have an error
Symmetric Encryption: DES
Cipher Feedback
(CFB)
Data Encryption Standard
(DES)
Uses stream cipher instead of block ciper like CBC
Symmetric Encryption: DES
Output Feedback
(OFB)
Data Encryption Standard
(DES)
Use a subkey before XOR’ing process
Symmetric Encryption: DES
Counter
(CTR)
Data Encryption Standard
(DES)
Uses feedback to apply XOR’ing
i.e. First block XOR’d with 1, second block with 2, third block with 3
Symmetric Encryption: DES
Triple DES
(3DES)
Data Encryption Standard
(DES)
3 rounds of DES encryption rather than 1
3 key modes
K1 - 3 different keys, 112 bit
K2 - 2 different keys, 80 bit
k3 - same key 3 times
Symmetric Encryption: DES
International Data Encryption Algorithm
(IDEA)
Data Encryption Standard
(DES)
128 bit, 64 bit block size
Patented and slower than AES
Symmetric Encryption: AES
Initial Round
Advanced Encryption Standard
(AES)
AddRoundKey
Each byte combined wiht block of the round key using bitwise XOR
Metric, Open Source, Secure
Symmetric Encryption: AES
Rounds;
SubBytes
Advanced Encryption Standard
(AES)
Non linear substitution step
each byte replaced with another according to lookup table
Symmetric Encryption: AES
Rounds;
ShiftRows
Advanced Encryption Standard
(AES)
Transposition Step
Last three rows of the state shifted a certain number of steps
Symmetric Encryption: AES
Rounds;
MixColumns
Advanced Encryption Standard
(AES)
Mixing operation
combines four btes in each column
Symmetric Encryption: AES
Number of cycles for;
128 bit key
192 bit key
256 bit key
Advanced Encryption Standard
(AES)
- 10 cycles
- 12 cycles
- 14 cycles
Symmetric Encryption: Blowfish
Blowfish
64 bit block
32 - 448 bit key length
No longer secure
Symmetric Encryption: Twofish
Twofish
128 bit block
128, 192, 256 bit key length
Secure
Symmetric Encryption: Feistel Cipher
Functional operation
Splits plaintext block into 2 halves
Process goes through several rounds of XOR’ing
4 bits on right do not change each round
Symmetric Encryption: RC4
RC4
Used by WEP/WPA/SSL/TLS
40-2048 bit key length
Not Secure
Symmetric Encryption: RC5
RC5
32, 64, 128 bit block
0-2040 bit key length
Uses Feistel cipher
Secure
Symmetric Encryption: RC6
RC5
128 bit blocks
128, 192, 256 bit key length
Secure
Asymmetric Encryption
2 Keys
Public Key
Private Key
Public Key
* Publically available
* Used by others to encrypt messages sent to you
* cipher text cannot be decrypted without the public key
Private Key
* Keep this safe
* Used to decrypt messages sent with your public key
Asymmetric Encryption
Confidentiality
Keep our secret secret
Asymmetric Encryption
Digital Signatures
Objective is authentcity and non repudiation
Prove that email or whom signed document came from who we expected it
Person sending a message uses their private key. They are the only person with their private key
Asymmetric Encryption
Prime Number Factorization
Factoring large prime numbers using one way factorisation
Hard to discern the 2 numbers multupled together to form a result
11095213 = 1373 x 8081
If you just had 11095213 = y X z what is Y and Z
Asymmetric Encryption
Discrete Logarithms
Add something to the nth power
5 to 12th power = 244140625
Asking the question 244140625 is nth to what power is very hard to reverse engineer
Asymmetric Encryption
RSA Cryptography
Creates public/private key pair
Asymmetric Encryption
Diffie-Hellman
(DH)
Securely exchange cryptographi keys over public channel
Earliest asymmetric key
Asymmetric Encryption
Elliptic Curve Cryptography
(ECC)
One way function
Patented - costs money to use
Asymmetric Encryption
EIGamal
Based on Diffie-Hellmen key exchange
Asymmetric Encryption
Digital Signature Algorithm
(DSA)
Key generation has 2 phases
Asymmetric Encryption
Knapsack
Public key only used for encryption
Private key used only for decryption
not secure
Implementing Cryptography
Public Key Infrastructure
(PKI)
Asymmetric and Symmetric Encryption
Hashing to manage digital certificates
Private key kept secret
If private key lost, anythng encrypted with the public key is inaccessible
Key Escrow - a 3rd party organisation keeps your keys
Implementing Cryptography
Digital Signatures
Provides Integrity and non-repudiation
Example in email system
* Person A creates email
* Email hashed
* Hased encrypted using private key
* Emailed sent to person B
* Person B receives email, generates hash and decrypts person A signature with public key
Implementing Cryptography
Digital Certificates
Public keys signed with digital signatures
Example
* Server based SSL - assigned to and stored on server
* Client based Digital signature - assigned to person and stored on PC
Implementing Cryptography
Digital Certificate Certificate Authority
(CA)
Issues and revokes certificates
Can be run internally on your own organisation network OR;
Can be public i.e. Verisign, godaddy etc..
Implementing Cryptography
Digital Certificate Organisation Registration Authorities
(ORA)
Within an orgnaisation
Authenticates certificate holder prior to certificate issuance
Implementing Cryptography
Digital Certificate Certification Revocation List
(CRL)
Maintained by CA
Certs revoked if private key compromised
Implementing Cryptography
Digital Certificate Online Certification Status Protocol
(OCSP)
Client/server hybrid
Keeps lists of revoked certificates
Implementing Cryptography
Message Authentication Code
(MAC)
Provides Integrity and Authentcity
Hash Function (using a key)
Implementing Cryptography
Hashed Message Authentication Code
(HMAC)
Pre-shared key exchanged
Sender uses XOR
Implementing Cryptography
Secure Socket Layer
(SSL)
Used for Web Traffic
Currently v3
Good to use in teh past when you wanted to ensure you were delivering secure web services
Implementing Cryptography
Transport Layer Security
(TLS)
Used for Web Traffic (more secure than SSL)
Used for internet chat and email client acccess
