T3

Question 1

What is the goal of the T3 tutorial?

Answer 1

To demonstrate how a dictionary attack can break symmetric encryption

• Using openSSL
• Knowing cipher and parameters used
• Assume attacker intercepted encryption message
• Assume password is word in italian dictionary

Question 2

What is the role of SHA-512 in the T3 tutorial?

Answer 2

It is used as the hashing algorithm to derive the encryption key from the password (key derivation).

Question 3

what does iter -1 imply for key derivation with SHA-512

Answer 3

encryption faster, but brute force attack is easier

Question 4

What does the -iter 1 flag do?

Answer 4

Specifies the number of iterations the key derivation function performs, in this case hashing, only once.

Question 5

What happens during a dictionary attack?

Answer 5

Each word in the dictionary is tested as a password to decrypt the ciphertext.

Question 6

Why do false positives occur during the attack?

Answer 6

OpenSSL doesn’t validate the decrypted plaintext’s meaning, but instead the length, so gibberish output may still be considered successful decryption.

Question 7

How can false positives be mitigated?

Answer 7

By using heuristics, such as checking for printable characters or specific patterns in the decrypted output.

Question 8

What us GNU Parallel used for in the T3 turorial

Answer 8

To split the dictionary file into chunks and tests passwords in parallel across multiple CPU cores, speeding up brute-force attack.

Question 9

How many scripts were tested in T3?

Answer 9

4

Question 10

How does the script check if a password is correct?

Answer 10

It uses OpenSSL to decrypt the ciphertext and checks for an error-free ouput.

Question 11

How can dictionary attacks be made more efficient (3)?

Answer 11

Heuristics to reduce false positives
running attack in parallel
leveraging hardware acceleration (clusters,gpu)

Question 12

What is a false negative in a dictionary attack?

Answer 12

When the correct password is in the dictionary but not identified.

Question 13

Why does this tutorial show the importance of strong passwords?

Answer 13

Weak passwords are easily guessed or brute-forced

Question 14

script 1 basic brute force attack result

Answer 14

many false positives returned because by default openssl only reports errors if decrypted message doesnt match length

Question 15

script 2 reduce false positives result

Answer 15

used heuristic algorithm that assumes message contains certain amount of consecutive letters. Reduces but doesn’t eliminate FP’s.

can u think of other contextual knowledge that could help???

This would not work for binary data

Question 16

script 3 speed up attack

Answer 16

use GNU parallel tool to run programs across cpu cores

modify script so there is main script controlloing satellite scripts

exploits “embarassingly parallel” nature of password trying attacks

Question 17

what further optimizations are possible?

Answer 17

hardware accelerated AES with modern cpus and gpus

deploy attack on cluster or cloud infrastructure