Professional Documents
Culture Documents
CEHv8 Module 19 Cryptography PDF
CEHv8 Module 19 Cryptography PDF
Module 19
Ethical Hacking and Countermeasures Exam 3 12 -5 0 Certified Ethical Hacker
Cryptography
C r y p to g r a p h y
M o d u le 19
CEH
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s v 8
M o d u le 19: C r y p t o g r a p h y
E x a m 3 1 2 -5 0
R a n so m M a lw a re H its A u s tr a lia a s
3 0 B u s in e s s e s A tta c k e d
01 October 2012
The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many
as 30 Australian businesses have now asked police for help coping with attacks in a matter of days.
According to local news, police in the state of Queensland have received reports from a dozen
businesses while many other are believed to have chosen to keep incidents to themselves.
Businesses affected included those in the medical, entertainment, retail and insurance sectors, the
news source said, with several dozen affected in total.
In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about
2,000) ransom via Western Union to get back access to important financial records, including credit
card data and debtor invoices. The attackers demanded the money within seven days or the sum would
increase by AUD $1,000 per week.
Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the
key has not been exposed during the attack.
"A lot of businesses can't afford the interruptions to their trade and will pay straight away," detective
superintendent Brian Hay of Queensland's fraud and corporate crime group told press.
http://news.techworld.com
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
S e c u r it y N e w s
.1* R a n s o m M a lw a r e H it s A u s t r a lia a s 30 B u s in e s s e s
A tta c k e d
Source: http://news.techworld.com
The 2012 epidemic of ransom malware appears to have turned even nastier with reports that
as many as 30 Australian businesses have now asked police for help coping with attacks in a
matter of days.
According to local news, police in the state of Queensland have received reports from a dozen
businesses while many other are believed to have chosen to keep incidents to themselves.
Businesses affected included those in the medical, entertainment, retail and insurance sectors,
the news source said, with several dozen affected in total.
In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000
(about 2,000) ransom via Western Union to get back access to important financial records,
including credit card data and debtor invoices. The attackers demanded the money within
seven days or the sum would increase by AUD $1,000 per week.
Worryingly, this attack used, to all intents and purposes impossible to crack if the key has not
been exposed during the attack.
"A lot of businesses can't afford the interruptions to their trade and will pay straight away/'
detective superintendent Brian Hay of Queensland's fraud and corporate crime group told
press.
Ransom malware has become a serious issue during 2012, although its effect on businesses is
rarely recorded. Most of the data that has become public has been in the form of police
warnings based on attacks against consumers.
Most attacks simply attempt to engineer users into believing their files are encrypted when
they are not or make more general threats, often to report victims to national police for non-
existent crimes.
The use of industrial-strength encryption is rare although this sort of technique is actually
where the form started as long ago in 2006 with a piece of malware called 'Cryzip.
In August, the FBI said it had been "inundated" with ransom malware reports from consumers,
not long after the UK's Police Central e-Crime Unit (PCeU) publicised an identical spate of
attacks that had affected over a thousand PCs in the UK.
In the past the few security companies that have investigated the issue have pinned the blame
on a single cabal of Russian criminals that seem able to operate with impunity. Now the same
tactics appear to have spread to gangs in nearby countries such as the Ukraine and Romania.
The suspicion is that some security vendors say little about the problem because not only is
their software unable to stop infections but they can't always unlock the files after the fact
either.
M o d u le O b je c tiv e s CEH
1
ft: M o d u le O b je c t iv e s
Having dealt with various security concerns and countermeasures in the preceding
modules, it is obvious that cryptography, as a security measure, is here to stay. This module will
familiarize you with:
M o d u le F lo w C EH
V
V M o d u le F lo w
X
To understand cryptography security measures, let's begin with cryptography and its
associated concepts.
C r y p t o g r a p h y C E H
C r y p t o g r a p h y is t h e c o n v e r s i o n o f d a t a i n t o a s c r a m b l e d
c o d e t h a t is d e c r y p t e d a n d s e n t a c r o s s a p r i v a t e o r
p u b lic n e tw o rk
J C onfidentiality J A uthentication
Objectives
J Integrity J N o n-R epudiation
Plaintext
E n c ry p tio n
Ciphertext
>*
Ciphertext
D e c ry p tio n
..............>
Plaintext
Process
W
C o p y rig h t b y EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
C ry p to g ra p h y
Everyone has secrets, and when it is necessary to transfer that secret information
from one person to another, it's very important to protect that information or data during the
transfer. Cryptography takes plaintext and transforms it into an unreadable form (ciphertext)
for the purpose of maintaining security of the data being transferred. It uses a key to transform
it back into readable data when the information reaches its destination. The word crypto is
derived from the Greek word kryptos. Kryptos was used to depict anything that was concealed,
hidden, veiled, secret, or mysterious. Graph is derived from graphia, which means writing;
hence, cryptography means the art of "the secret writing."
Cryptography is the study of mathematical techniques involved in information security such as
confidentiality, data integrity, entity authentication, and data origin authentication.
Cryptography transforms plaintext messages to ciphertext (encrypted messages) by means of
encryption. Modern cryptography techniques are virtually unbreakable, though it is possible to
break encrypted messages by means of cryptanalysis, also called code breaking. There are four
main objectives of cryptography:
In te g r ity
Integrity is ensuring that the information is accurate, complete, reliable, and is in its
original form/' Valuable information is stored on the computer. Any data
corruption/modification can reduce the value of the information. The damage that data
corruption/modification can do to an organization is unfathomable.
Integrity of the data is affected when an insider (employee) of an organization or an attacker
deletes/alters important files or when malware infects the computer.
Although it may be possible to restore the modified data to an extent, it is impossible to restore
the value and reliability of the information.
Examples of violating the data integrity include:
9 A frustrated employee deleting important files and modifying the payroll system
9 Vandalizing a website and so on
A u th e n t ic a t io n
N o n r e p u d ia tio n
9 Digital signatures: A digital signature functions as unique identifier for an individual, like
a written signature. It is used to ensure that a message or document is electronically
signed by the person.
9 Confirmation services: It is possible to indicate that messages are received and/or sent
by creating digital receipts. These digital receipts are generated by the message transfer
agent.
Encryption D e c ry p tio n ^
............ >
L j
C ip h e r te x t P la in te x t
T y p e s o f C r y p t o g r a p h y c E H
(rtifwd itkKJl
1----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
E n c ry p tio n D e c ry p tio n
Symmetric encryption (secret-key, DearJohn, Guuihifhofn DearJohn,
shared-key, and private-key) uses the kbifkfnnfk Thisismy
A/Cnumber Nklclmlm | .......... A/Cnumber
same key for encryption as it does for 7974392830 *_)_(}& 7974392830
decryption
P la in t e x t C ip h e rte x t P la in t e x t
E n c ry p tio n D e c ry p tio n
Asymmetric encryption (public-key)
DearJohn, Guuihifhofn DearJohn,
kbifkfnnfk Thisismy uses different encryption keys for
A/Cnumber Nklclmlm A/Cnumber
7974392830 A)&LL 7974392830 encryption and decryption. These keys
are known as public and private keys
P la in t e x t C ip h e rte x t P la in t e x t ^
'C m T y p e s o f C ry p to g ra p h y
'
"'The following are the two types of cryptography:
9 Symmetric encryption (secret key cryptography)
e Asymmetric encryption (public key cryptography)
' S y m m e tr ic E n c r y p t io n
The symmetric encryption method uses the same key for encryption and decryption.
As shown in the following figure, the sender uses a key to encrypt the plaintext and sends the
ciphertext to the receiver. The receiver decrypts the ciphertext with the same key that is used
for encryption and reads the message in plaintext. As a single secret key is used in this process
symmetric encryption is also known as secret key cryptography. This kind of cryptography
works well when you are communicating with only a few people.
S y m m e tr ic E n c r y p tio n
D e ar John,
This is m y
Encryption
f^ ) LkifW
K D IIK nnflr
nnTK
3
G u u ih ifh o fn
D ecryption
3
D e a rJ o h n ,
............
A /C n u m b e r N k lc lm lm A /C n u m b e r
7 9 7 439283 0 797 439283 0
A s y m m e t r ic E n c r y p tio n
A s y m m e t r ic E n c r y p tio n
D ear John,
This is m y
Encryption
\
G u u ih ifh o fn
k b ifk fn n fk
Decryption
D e arJo hn,
This is m y
\
A /C n u m b e r N klc lm lm A/C n u m b e r
7974392830 7974392830
G o v e rn m e n t A c c e s s to K e y s (G A K ) C E H
Government Access to
Keys means that software
companies will give copies of all
keys, (or at least enough of the
key that the remainder could m
be cracked) to the government
th\s \ssue
G o v e r n m e n t A c c e s s to K e y s (G A K )
The d a ta r e c o v e r y key s fo r e n c ry p tin g and d e c ry p tin g th e data are n o t sim ilar, but th e y in fo rm
a m e th o d t o d e te r m in e th e e n c r y p tio n and d e c r y p tio n keys. T h e y in clu d e a key e s c ro w (used to
refer th e sa fe g u ard th e data keys), key archive, key backup, and data r e c o v e r y system .
T h e k e y s a r e s p l i t b e t w e e n t w o g o v e r n m e n t e s c r o w a g e n c ie s . T h is h e l p s t h e g o v e r n m e n t in
a c c e s s in g p r i v a t e c o m m u n i c a t i o n c h a n n e l s . A d e v i c e c a l l e d C l i p p e r is u s e d t o e n c r y p t v o i c e
c o m m u n i c a t i o n s a n d a s i m i l a r d e v i c e c a l l e d C a p s t o n e is u s e d t o e n c r y p t t h e d a t a .
T h e N a t i o n a l S e c u r i t y A g e n c y (N S A ) is a s e c r e t US m i l i t a r y i n t e l l i g e n c e a g e n c y r e s p o n s i b l e f o r
c a p tu rin g fo re ig n g o ve rn m e n t c o m m u n ic a tio n s , and c ra c k in g th e codes o fp ro te c te d
t r a n s m i s s i o n s t h a t a r e d e v e l o p e d w i t h a n a l g o r i t h m k n o w n as S k i p j a c k .
F r o m t h e u s e r ' s v i e w p o i n t , a n y k e y e s c r o w s y s t e m d i m i n i s h e s s e c u r i t y . It p u t s t h e p o t e n t i a l f o r
access t o th e u s e r 's c o m m u n i c a t i o n s in t h e hands o f e scro w a g e n c ie s , w h o s e in te n tio n s ,
p o l ic i e s , s e c u r i t y c a p a b i l i t i e s , a n d f u t u r e c a n n o t b e k n o w n .
M o d u l e F l o w C E H
M o d u le F lo w
C ry p to g ra p h y C on ce p ts p i E n c ry p tio n A lg o rith m s
111:1111
^ C ry p to g ra p h y A tta c k s C ry p ta n a ly s is T ools
This s e ctio n describes cip he rs and v a rio u s e n c ry p tio n a lg o rith m s such as AES, DES, RC4, RC5,
RC6, DSA, RSA, M D 5 , and SSH.
C ip h e r s
Example:
The m essage can be e n co d e d based on th is e xam ple and can be d ecode d as w e ll. In a c ip h e r,
th e m essage a p pe a rs as p la in te x t b u t has been enco d e d th ro u g h a key. Based on th e
re q u ire m e n ts th e key co uld be a sym b o l o r som e o th e r fo rm o f te x t. If th e m essage is h ig h ly
c o n fid e n tia l, th e n th e key is re s tric te d to th e se n d e r and re c ip ie n t, b u t in som e cases in open
d o m ain s, som e keys a re shared w ith o u t a ffe c tin g th e m ain data.
C la s s ic a l C ip h e r s
vv (!
IT O W j Classical ciphers are th e m o st basic ty p e o f cip h e rs th a t o p e ra te on a lp h a b e t le tte rs ,
such as A-Z. These are usually im p le m e n te d e ith e r by hand o r w ith sim p le m e ch a n ica l
d e vice s. These are n o t v e ry re lia b le . T here are tw o typ e s o f classical ciphers:
9 S u b s titu tio n c ip h e r: The u n its o f p la in te x t are replaced w ith c ip h e rte x t. It replaces bits,
cha ra cters, o r blocks o f ch a ra c te rs w ith d iffe re n t bits, ch a ra cte rs, o r blocks.
Jjy M o d e r n C ip h e r s
Based on th e ty p e o f k e y used
R L
Based on th e ty p e o f in p u t d a ta
C H *)-
D a ta E n c r y p tio n S ta n d a r d (D E S ) C E H
S
The algorithm is designed to encipher and
decipher blocks of data consisting of 64 bits
under control of a 56-bit key
H3
1 Hm U
D a ta E n c r y p tio n S ta n d a r d (D E S )
- rrY =r |*
--------- DES is th e nam e o f th e Federal in fo rm a tio n Processing S tandard (FIPS) 4 6 -3 th a t
describes th e data e n c ry p tio n a lg o rith m (DEA). It is a s y m m e tric c ry p to s y s te m d e sig n e d fo r
im p le m e n ta tio n in h a rd w a re and used fo r sin g le -u se r e n c ry p tio n , such as to s to re file s on a
hard disk in e n c ry p te d fo rm .
DES gives 72 q u a d rillio n o r m o re possible e n c ry p tio n keys and choses a ra n d o m key fo r each
m essage to be e n c ry p te d . T ho u g h DES is co n sid e re d to be s tro n g e n c ry p tio n , a t p re se n t, trip le
DES is used by m any o rg a n iz a tio n s . T rip le DES applies th re e keys successively.
A d v a n c e d E n c r y p tio n S ta n d a rd _
t t H
X l U l J I UrtifW4 ttfciul lUchM
b y te s t a t e [ 4 , Nb]
AES is an iterated block cipher, which
s ta te = in
works by repeating the same operation
A d d R o u n d K e y ( s t a t e , w)
multiple times
fo r ro u n d = 1 s te p 1 to N r-1
S u b B y te s (s ta te )
S h if tR o w s ( s ta te )
S u b B y te s (s ta te )
S h if tR o w s ( s ta te )
A d d R o u n d K e y ( s ta te , w + N r*N b )
out = s ta te
A d v a n c e d E n c r y p tio n S ta n d a rd (A E S )
AES P seudo co de
AddR oundKey (s ta te , w)
f o r ro u n d = 1 s t e p 1 t o N r - 1
S u b B y te s ( s t a t e )
S h if t R o w s ( s t a t e )
M ix C o lu m n s ( s t a t e )
A d dR o u n d K e y( s t a t e , w + ro u n d *N b )
e nd f o r
S u b B y te s ( s ta te )
S h if t R o w s ( s t a t e )
A d d R o un d K ey( s t a t e , w+N r*N b)
o u t = s ta te
e nd
R C 4 , R C 5 , R C 6 A lg o r it h m s C E H
R C 4 , R C 5 , a n d R C 6 A lg o r ith m s
RC4
RC5
RC5 is a b lo c k c ip h e r k n o w n fo r its s im p lic ity . Ronald Rivest designed it. This a lg o rith m
has a v a ria b le b lo ck size and key size and a v a ria b le n u m b e r o f ro u n d s. The choices fo r
th e block-size are 32 bits, 64 bits, and 128 bits. The ite ra tio n s range fr o m 0 to 255;
w h erea s th e key sizes have a range fro m 0 to 2040 bits. It has th re e ro u tin e s : key e xpansio n,
e n c ry p tio n , and d e c ry p tio n .
RC6
It is a block c ip h e r th a t is based on RC5. Like in RC5, th e block size, th e key size, and th e n u m b e r
o f ro u n d s are v a ria b le in th e RC6 a lg o rith m . The key-size ranges fro m 0 b its to 2040. In a d d itio n
to RC5, RC6 has tw o m o re fe a tu re s , w h ic h are th e a d d itio n o f in te g e r m u ltip lic a tio n and th e
usage o f fo u r 4 - b it w o rk in g re g iste rs as an a lte rn a tiv e to RC5 s tw o 2 -b it registers.
T h e D S A a n d R e la te d S ig n a tu r e
C E H
S c h e m e s
T h e D S A a n d R e la te d S ig n a tu r e S c h e m e s
A d ig ita l s ig n a tu re is a m a th e m a tic a l schem e used fo r th e a u th e n tic a tio n o f a d ig ita l
m essage. D ig ital S ignature A lg o rith m (DSA) is in te n d e d fo r its use in th e U.S. Federal
In fo rm a tio n Processing S tandard (FIPS 186) called th e D ig ita l S ig n a tu re S ta n d a rd (DSS). DSA
w as a c tu a lly p ro p o s e d by th e N a tio n a l In s titu te o f S tandards and T e ch n o lo g y (NIST) in A ugust
1991. NIST m ade th e U.S. P a te nt 5 ,2 31,6 68 th a t covers DSA a va ila b le w o rld w id e fre e ly . It is th e
fir s t d ig ita l s ig n a tu re schem e reco gn ized by any g o v e rn m e n t.
A d ig ita l s ig n a tu re a lg o rith m includes a sig n a tu re g e n e ra tio n process and a s ig n a tu re
v e rific a tio n process.
S ig n a tu re G e n e ra tio n Process: The p riv a te key is used to k n o w w h o has signed it.
S ig n a tu re V e rific a tio n Process: T he p u b lic key is used to v e rify w h e th e r th e g iven d ig ita l
s ig n a tu re is g e n u in e o r n o t.
As to th e p o p u la rity o f o n lin e sh o p p in g g row s, e -p a y m e n t system s and va rio u s o th e r e le c tro n ic
p a y m e n t m odes re ly on v a rio u s system s like DSA.
B e n e fits o f DSA:
Less chances o f fo rg e ry as it is in th e case o f w r itte n s ig n a tu re ,
e Q uick and easy m e th o d o f business tra n s a c tio n s ,
e Fake c u rre n c y p ro b le m can be d ra s tic a lly reduced.
DSA, w ith its uses and b e n e fits , m ay b rin g re v o lu tio n a ry changes in th e fu tu re .
R S A ( R iv e s t S h a m ir A d le m a n )
Ron Rivest, Adi S ham ir, and Leona rd A d le m a n fo rm u la te d RSA, a p u b lic key c ry p to s y s te m fo r
e n c ry p tio n and a u th e n tic a tio n . It is usu a lly used w ith a se cre t key c ry p to s y s te m , like DES. The
RSA system is w id e ly used in a v a rie ty o f p ro d u cts, p la tfo rm s , and in d u s trie s . M a n y o p e ra tin g
system s like M ic ro s o ft, A p p le , Sun, and N ovell bu ild th e RSA a lg o rith m s in to th e existing
versions. It can also be fo u n d on h a rd w a re secured te le p h o n e s , on E th e rn e t n e tw o rk cards, and
on s m a rt cards. C o nsid er th a t A lice uses th e RSA te c h n iq u e to send Bob a message. If A lice
d e sire s to c o m m u n ic a te w ith B ob , she e n cryp ts th e m essage using a ra n d o m ly chosen DES key
and sends it to Bob. Then she w ill lo o k up Bob's p u b lic key and use it to e n c ry p t th e DES key.
The RSA d ig ita l e n ve lo p e , w h ic h is se n t to Bob by A lice, consists o f a D E S -encrypted message
and R S A -encrypted DES key. W he n Bob receives th e d ig ita l en ve lo p e , he w ill d e c ry p t th e DES
key w ith his p riv a te key, and th e n use th e DES key to d e c ry p t th e m essage itse lf. This system
c o m b in e s th e high s pe ed o f DES w ith th e ke y m a n a g e m e n t c o n v e n ie n c e o f th e RSA s y s te m .
The w o rk in g o f RSA is as fo llo w s : T w o large p rim e n u m b e rs are ta ke n (say "a " and " b " ), and
th e ir p ro d u c t is d e te rm in e d (c = ab, w h e re "c " is called th e m o d u lu s). A n u m b e r " e " is chosen
such th a t it is less th a n "c " and re la tiv e ly p rim e to ( a - l) ( b - l) , w h ic h m eans th a t " e " and ( a - l) ( b -
E x a m p le o f R S A A lg o r it h m C E H
Y o u r p u b lic key is (E ,P Q ).
Y o u r p r iv a t e key is D.
To e n c ry p t th e p la in te x t v a lu e 123, do t h is :
e n c r y p t (1 2 3 ) = ( 1 2 3 A1 7 ) m od 3 2 3 3
= 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 32 3 3
= 855
To d e c ry p t th e c ip h e r te x t v a lu e 855, do t h is :
d e c r y p t (8 5 5 ) = (8 5 5 *2 7 5 3 ) m od 3 2 3 3
= 123
I
C o p y rig h t b y EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
E x a m p le o f R S A A lg o r ith m
= (TA17) m od 3233
= (CA2753) m od 3233
To e n c ry p t th e p la in te x t va lu e 123, do th is :
= 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 3233
= 855
To d e c ry p t th e c ip h e r te x t valu e 855, do th is :
d e c ry p t(8 5 5 ) = (8 5 5 *2 7 5 3 ) m o d 3233
= 123
T h e R S A S ig n a t u r e S c h e m e C E H
Urtifwd tfe
M J
l N
mIm
A lg o rith m K e y g e n e ra tio n fo r th e R S A s ig n a tu re s c h e m e
S U M M A R Y : e a c h e n t it y c r e a te s a il R S A p u b lic k e y a n d a c o r r e s p o n d in g p r iv a t e k e y .
E a c h e n t it y A s h o u ld d o th e f o l lo w in g :
1 . G e n e r a te t w o la r g e d is tin c t r a n d o m p r im e s p and q. e a c h r o u g h ly th e s a m e s iz e .
2 . C o m p u te n = pq and<j> = {p l ) ( q 1 ).
3 . S e le c t a r a n d o m in t e g e r e, 1 < e < <f>. s u c h th a t g c d ( e , ^ ) = 1.
4 . U s e th e e x t e n d e d E u c lid e a n a l g o r it h m ( A l g o r it h m 2 . 10 ) t o c o m p u t e t lie u n iq u e in -
te g e r d. 1 < d < <p. s u c h t lia t ed = 1 (m o d 0 ) .
5. A 's p u b lic k e y is ( f t , c ) . A 's p r iv a t e k e y is d.
|p S |\ T h e R S A S ig n a tu r e S c h e m e
------ RSA is used fo r b o th p u b lic key e n c ry p tio n and fo r a d ig ita l sig n a tu re (to sign a
m essage). The RSA s ig n a tu re schem e is th e firs t te c h n iq u e used to g e n e ra te d ig ita l s ig n a tu re s .
It is a d e te rm in is tic d ig ita l sig n a tu re schem e th a t p ro vid e s m essage re c o v e ry fro m th e s ig n a tu re
its e lf. It is th e m o s t p ra c tic a l and v e rs a tile te c h n iq u e a va ilable .
RSA in volve s b o th a p u b lic key and a p riv a te key. The p u b lic key, as th e nam e in d ica te s, m eans
any person can use it fo r e n c ry p tin g m essages. The messages th a t are e n c ry p te d w ith th e
p u b lic key can o n ly be d e c ry p te d w ith th e help o f th e p riv a te key.
C onsider th a t John e n c ry p ts his d o c u m e n t M using his p riv a te key SA, th e re b y cre a tin g a
s ig n a tu re Sj0hn(M ). John sends M along w ith th e sig n a tu re Sj0hn(M ) to A lice. A lice d e cryp ts th e
d o c u m e n t using A lic e 's p u b lic key, th e re b y v e rify in g J o h n 's s ig n a tu re .
RSA ke y g e n e ra tio n
9 Use the extended Euclidean algorithm in order to compute the unique integer d, l<d< (j)
such that ed= 1 (mod <j>
)
9 The public key of A is (n, e) and private key is d
Destroy p and q at the end of the key generation
The RSA signature is generated and verified in the following way.
S ig n a tu re g e n e ra tio n
S ig n a tu re v e rific a tio n
9 C o m p u te m * = se m od n
9 V e rify th a t m * is in M r; if n o t, re je c t th e s ig n a tu re
9 R ecover m = R 1(m *)
M e s s a g e D ig e s t ( O n e - w a y H a s h ) r g u
F u n c tio n s Urtm |
w tillml N
mIm
c
1a rtf*
rV1
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
M e s s a g e D ig e st F u n c tio n
Note: Message digests are also called one-way bash functions because they cannot be reversed
C o p y rig h t b y EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
M e s s a g e D ig e s t ( O n e - w a y H a s h ) F u n c tio n s
I I
L M essage d ig e s t fu n c tio n s d is till th e in fo rm a tio n c o n ta in e d in a file (sm all o r large) in to
a single large n u m b e r, ty p ic a lly b e tw e e n 128- and 2 5 6 -b its in le n g th . M essage d igest fu n c tio n s
c a lcu la te a u n iq u e fix e d -s iz e b it s trin g re p re s e n ta tio n called hash v a lu e o f any a rb itra ry block o f
in fo rm a tio n . The best m essage dig est fu n c tio n s c o m b in e th e s e m a th e m a tic a l p ro p e rtie s . Every
b it o f th e message d ig e s t fu n c tio n is in flu e n c e d by e ve ry b it o f th e fu n c tio n 's in p u t. If any given
b it o f th e fu n c tio n 's in p u t is chan ge d, e v e ry o u tp u t b it has a 50 p e rc e n t chance o f changing.
G iven an in p u t file and its c o rre s p o n d in g m essage digest, it sh o u ld be in fe a sib le to fin d a n o th e r
file w ith th e sam e m essage d ig est value.
M essage digests are also called o n e -w a y bash fu n c tio n s because th e y p ro d u ce values th a t are
d iffic u lt to in v e rt, re s is ta n t to a tta c k , m o s tly u n iq u e , and w id e ly d is trib u te d .
M essage d ig e s t fu n c tio n s :
e HMAC
e MD2
e MD4
9 MD5
9 SHA
SHA-1
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
M e s s a g e D ig e s t F u n c tio n : M D 5
9 In p u t o f any le n g th
9 O u tp u t o f a fix e d le n g th
signed w ith th e p riv a te key. The a lg o rith m s m e n tio n e d here can be o f v a ria b le le n g th b u t w ith
th e re s u lta n t m essage d ig est o f 1 2 8 -b it.
B ru te F o rc e o f M D 5
t_ 3 )
The e ffe c tiv e n e s s o f th e hash fu n c tio n can be d e fin e d by checking th e o u tp u t
p ro d u c e d w h e n an a rb itra ry in p u t m essage is ra n d o m ize d . T here are tw o types o f b ru te -fo rc e
a tta c k s fo r o n e -w a y hash fu n c tio n : N orm al b ru te fo rc e and b irth d a y a tta ck.
FIGURE 1 9 .6 : C h e ck su m v e rifie r
S e c u re H a s h in g A lg o r ith m (S H A ) C E H
0 0
It is an algorithm for generating cryptographically secure one-way hash,
published by the National Institute of Standards and Technology as a
U.S. Federal Information Processing Standard
0 0
0 0 0 0 0 0
SHA1 SHA2 SHA3
/ --------------------------------------- \ r \
0 0 0 0 0
S e c u re H a s h in g A lg o r ith m (S H A )
The Secure Hash A lg o rith m (SHA), sp e cifie d in th e Secure Hash S ta n d a rd (SHS), was
d e v e lo p e d by NIST, and p u b lishe d as a fe d e ra l in fo rm a tio n -p ro c e s s in g sta n d a rd (FIPS PUB 180).
It is an a lg o rith m fo r g e n e ra tin g a c ry p to g ra p h ic a lly secure o n e -w a y hash. SHA is p a rt o f th e
C apstone P ro je ct. C apstone is th e U.S. g o v e rn m e n t's lo n g -te rm p ro je c t to d e v e lo p a set o f
s ta nd a rd s fo r p u b lic ly a v a ila b le c ry p to g ra p h y , as a u th o riz e d by th e C o m p u te r S e cu rity A ct o f
1987. The basic o rg a n iz a tio n s th a t are re sp o n sib le fo r C apstone are NIST and th e NSA. SHA is
s im ila r to th e M D 4 m essage-dig est a lg o rith m fa m ily o f hash fu n c tio n s , w h ic h w as de ve lo p e d by
Rivest.
SHA1
n n P s h a 2
SHA3
Algorithm and O utput Interna Size o f M axim um Size of Roun Operations Collision
variant size (bits) 1 hash block size of w ord ds found
sum (bits) message (bits)
(bits) (bits)
,x o r, r o t
W h a t I s S S H ( S e c u r e S h e ll) ? C E H
Note: SSH2 is a m ore secure, e ffic ie n t, and p o rta b le v e rsion o f SSH th a t includes SFTP, an SSH2 tu n n e le d FTP
W h a t Is S S H (S e c u re S h e ll) ?
M S o r U N IX c lie n t SSH T u n n e l U N IX s e r v e r
M o d u le F lo w
M D 5 H a s h C a lc u la t o r s : H a s h C a lc ,
C E H
M D 5 C a lc u la to r a n d H a s h M y F ile s
HashCalc l- l" l M D 5 C a lc u la to r 1- 1
Data Focmat: Data:____________________________________________
| F ie ~^\ |C .\Pf 0flfam Files (x86)\Ha$hCalc\HashCalc.chm
MP5Pgeat Compare To
R M D5 |2ae58ce465094805e474d7f29afcc5a2 |4S8764dd3Sdf7cba3acb3b9&8Gb371c4
I
r M D4 Upper Zcse
P SHA1
17 SHA256 Ia00bc7f604c8810068ece4fa743ld8ab747246da?f2e7fc1
r SHA384 |
r SHA512 | h t t p : / / w w w .b u llz ip .c o m
9 R IP E M 0 16 0 |cc36f3c53ec530l6cde4aded58f9ldd4288aadb
H ashM yliies *
r PANAMA | L=J
ffc Ed* V.M. Opium* Hrfp
T TIGER |
3 -1 * 1 0 U j] etf * ) J|
P M D2 1313434191573c907bedfec6clefldG8d F4rn*m* MOS SHA1 CRC32 SHA-2S6 SHA-512
6dl45e2c3lbc23128. U ib M W X & x .. I3WC9I9 61677dWfcb3C34f J - cMSWZc:
r AOLER32
3 r : 1 t c MS-wi Ie7c2*faf0l0237... 68* 9071047812... blc6a3S3 5fc23c:35!e49355e..
W CRC32
&9i?cUcN21Srac v9.. 4b1*c27S4868.. bf(76bcO 901b80c4ft449&db3&1 .
' WnOurrp^xe 7b50683722d9dd3<k... dMb<5472l95L. 2M6M21 2525041dci2ba372^0 . c9H3T2fa9
eOonkey/ 0iMc70dc7b30ac6... 26WBeef8b1a4 .. 4bfdc0e1 bc3H4a?93*f6dl6c6 . OS6lOJcbd
eMule
M D 5 H a s h C a lc u la t o r s : H a s h C a lc , M D 5 C a lc u la to r ,
" 1 h J a n d H a s h M y F ile s
H a s h C a lc
The HashCalc u tility a llo w s y o u to c o m p u te message digests, checksum s, and HMACs fo r file s,
as w e ll as fo r te x t and hex strings. It a llo w s yo u to ca lc u la te hash values using d iffe re n t typ e s o f
hashing a lg o rith m s such as M D 2 , M D 4 , M D 5 , SHA-1, SHA-2 (256, 384, 512), RIPEM D -160,
P A N A M A , TIGER, ADLER32, and CRC32. You ju s t need to se lect th e file and hash a lg o rith m fo r
c a lc u la tin g th e hash v a lu e o f a p a rtic u la r file .
HashCalc
Data Format: Data
File 311 C:\ProgramFiles (x86)\HashCalc\HashCalc.chm
Key Format: Key:
r HMAC Text string3 J I
W MD5 2ae58ce4G5094805e474d7f29alcc5a2
r MD4
W SHA1 2207aa578b207b5d80574ad8b3a5d59a3d885be2
W SHA256 a00bc7f604c8810068ece4fa743fd6ab74724Gda7f2e7fc1
r SHA384
r 9HA512
W RIPEMD160 cc3Gf3c53ec530f6cde4acfed56f9fdd4288aadb
r PANAMA
r TIGER
17 MD2 313434(91573c907bedfec6cfeffd88d
r ADLER32
W CRC32 9d988947
! eDonkey/
eMule
M D 5 C a lc u la to r
H a s h M y F ile s
a Source: h ttp ://w w w .n ir s o ft.n e t
The H ashM yFiles u tility a llo w s you to ca lcu la te th e M D 5 and SHA1 hashes o f one o r m o re files.
You can co p y th e M D 5 /S H A 1 hashes lis t in to th e c lip b o a rd , o r save it in to a te x t/h tm l/x m l file . It
can also be la u nch e d fro m th e c o n te x t m enu o f W in d o w s E xplorer, and d isp la y th e M D 5/S H A 1
hashes o f th e se le cted file o r fo ld e r.
J HashMyFiles
File Edit View O ptions Help
_S _ l AJ 0 n J b es5 j -n
------------------------ 1 >
<
6 file(s), 1 Selected HirSoft Freew are, h ttp ://w w w .
C r y p to g r a p h y T o o l: A d v a n c e d
C E H
E n c r y p tio n P a c k a g e
: a-C : L J
^9 a CEMTaxs ^ CEn-Toob 1 ** 1
t- CBKS Modiie 02 Fooqpma^g and Re t ^ CE-/8 Maauie 02 Footarkitng andR*camakerK
P CB*.3 MoAJe 03 Scdnnrxj r*et>Y0fk C t A, CE*vS Module 03 5c3mna Netvwles
Delete I E-wJ
CB*8 MoAJe04&xMraeon t ^ Stoaiie 04 Emwraton O Erojplon
{ ,. C&IxS MoAieOS Syttrra H*dang ! , CE:v8 Module 05 SystemHacktto
C&*SMo&Je07Wusesdnd Worns t- i, C&vS Mnajie 07 vrjaes and v/orrre Mods: P=aa>ord
a C&K8 MoAie 18Cryptography 11 Pubk<* a i. CEH-/8 MocWe 18 Crvptocraph | PisCACrd ) =UJ.e, |
of6(1 16( 4 . Advance Enaybton Package
# espO*Ei
60 6
P*dC f l )
--------
lijjJ Sarnpie He.dooc I ft f.e.deot _ ]3
>SR3c------1 | < Sc Fie.dctx.a-pl Aaah:
> J HD5 Cakddtsr J| ttttcJc
^ i, WSCBlQJator
.........
1
: t- t J| New Slder
sdete:
3* 3 :
ataoiith*:
DCSx uebtLer J
T Pad % , ** r , Purt ftp, erypt
ta r a N it Souftehto
[ D*!* ^W X7tpton I Ddcte arxrvsfen
Svrr*y S Swurty M r*
SiitCttpjtMdci
r 9ndKm . ?Cuwtfddtr
Q <*a v * i . . Q CiBttm:
r **1 1
u
^soro:
D O-.VC&Tocfe'iCCMv* Module :8 Cryptoarsph!WJvdnoe &1crypttonPadages
l r dx> [13 KB] 5>S4r-fteFie.docx.p [18KBJ
0 :)one Froceatd 1 fie:. Succeeded: L Paled: 0
0 :aniK 1SKB.A.nagr sprrd: :8KB,*
http://www.aeppro.com
C r y p t o g r a p h y T o o l: A d v a n c e d E n c r y p tio n P a c k a g e
A dva nce d E n cryp tio n Package is file e n c ry p tio n s o ftw a re th a t helps yo u m a in ta in th e priva cy o f
y o u r in fo rm a tio n by a llo w in g yo u to p a s s w o rd -p ro te c t files. It is able to p e rfo rm e n c ry p tio n ,
d e c ry p tio n , and s e lf-d e c ry p tin g file c re a tio n , file D e le te /W ip e , Zip m a n a g e m e n t, e n c ry p tio n key
m a n a g e m e n t, and file e m a ilin g .
Its fe a tu re in c lu d e s :
9 It can e n c ry p t file s as w e ll as te x t
Ad/anced Erxry^or Packag 2012 FWanwnal v7&5 Tm IVw CnoffW aon P lcto oa l A 67 TiiiJV^nicw
flpiona loan tfa *> l- M Of10 . * Urtp
t O .C : Cnoypt | Ocorpt
s^O t
4 CfH Tooh
>, CD.3 ModJe 02 Foafennana and fteconnaiiaence
Odetc Ca<
> C tH ^ Ho&M 03 Scamng Meteor**
C9*/6 MQdLie 04 (tuner adan
> COt. 3 rtxXJ* OSSnlen Madang
> CBM H odie 07 Wuees and Warns
J ik CH.SModL* UOyptorac*> I
a J ( x3vr<e enaypoen Package
|^Wtfic.d0o1 | -1L1
0 i , *CSGHcUaa
> > Nn> fc*de
C r y p to g r a p h y T o o l: r c u
B C T e x tE n c o d e r --------------
BCTextEncoder encrypts
confidential text in your
message
P ta n * x t : 2 B
It uses strong and ----------------------------------------------- Cneafeby: casswd 1 ------------- :
is s tz s s g r -
C r y p t o g r a p h y T o o l: B C T e x tE n c o d e r
\M >/* v
Source: h ttp ://w w w .je tic o .c o m
Cryptography is the converson o f data n to a scrairWed code that 5 decrypted and sent across a private or pubfc n et* a
6 8 7 3
vy<CQMCFp +xNnjMtgK QXeyfay bXGj F>WMsVWr*)nv<yvnltf>+voOMEi 1
QpS&eGOxlohC 3IZdwcT6H lTXggla83r fVh9n XrbVc *qVft^LTTU IraUyOeXO
0r1dtZlvlX5zgyg8Np9H0u90tYH lFC]M0evWe02UI-FgTTBAy/sXl2Hnh3Se lu 1
6 .53 2 8
u Aa 5qA vx/2T NpVtM Q + a H +.100 x
TORI 50 /fri IScsCL Sit /[*,ytxJJw23v>
AowEv8RI6dnr>8EFOS2Rt 1WU-
B ENC00ED MESSAGE
C r y p t o g r a p h y T o o ls C E H
CommuniCrypt File
NCrypt XL
Encryption Tools http://w w w .littlelite.net
http://www.communicrypt.com
^ Steganos LockNote
https://www.steganos.com
r ccrypt
http://ccrypt.sou reef orge. net
AxCrypt WinAES
h ttp://w w w .axantum.com http://fatlyz.com
AutoKrypt EncryptOnClick
h ttp://w w w .hiteksoftware.com
& http://www.2brightsparks.com
bF3 CryptoForge
h ttp://w w w .cryptoforge.com
GNU Privacy Guard
http://w w w .gnupg. org
C r y p t o g r a p h y T o o ls
M o d u l e F l o w C E H
tr M o d u le F lo w
This s e ctio n pro vid e s in fo rm a tio n a b o u t Public Key In fra s tru c tu re (PKI) and th e ro le o f each
c o m p o n e n ts o f PKI in th e s e c u rity p u b lic key e n c ry p tio n . Let's s ta rt w ith w h a t is Public Key
In fra s tru c tu re (PKI)?
P u b lic K e y In fr a s tr u c tu r e ( P K I) C E H
J Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures required to create, manage, distribute, use, store, and revoke digital certificates
End User
R e quests, m a n a g e s , a n d uses c e r tific a te s
P u b lic K e y In fr a s tr u c tu r e ( P K I)
C E H
(Contd)
C e rtific a tio n pq
A u th o rity (CA)
R egistration
A u th o rity (RA)
The fig u re th a t fo llo w s show s h o w a message gets d ig ita lly signed by th e o rg a n iz a tio n in v o lv e d
in a u th e n tic a tio n and c e rtific a tio n by m eans of PKI. In p u b lic key cryp to syste m s, th e
co rre s p o n d e n c e b e tw e e n a p u b lic key and th e p riv a te key is ta k e n care by th e c e rtific a tio n
a u th o r ity (CA), i.e., based on th e p u b lic key th e CA d e te rm in e s th e o w n e r o f th e re s p e c tiv e
p riv a te key. In itia lly , th e user requests th e c e rtific a tio n a u th o rity fo r b in d in g his o r her p u blic
key; a c e rtific a tio n a u th o r ity d ig ita lly signs it and issues a p u b lic key c e rtific a te to th e user. It
binds th e user's id e n tity w ith th e user's p u b lic key. In b e tw e e n th e user and th e CA, th e re exists
an o rg a n iz a tio n , th e R e g istra tio n A u th o rity (RA). The jo b o f th e RA is to v e rify th e id e n tity o f th e
user re q u e s tin g th e c e rtific a te fa c e -to -fa c e . T here exists a n o th e r a u th o rity in PKI, i.e., th e
v a lid a tio n a u th o rity (VA). The jo b o f th e VA is to check w h e th e r th e c e rtific a te w as issued by
t r u s tw o r th y a CA o r n o t, i.e., is it v a lid o r n o t. The sen d e r and re c e iv e r can th e n e xchang e a
secret m essage using p u b lic key c ry p to g ra p h y .
V a lid a tio n
Updates Inform ation A u th o r ity (VA)
R e q u e s t f o r is s u in g - ;
~ c e rtific a te .* ^
w
< P u b lic K ey
P u b lic K ey
D e te r m i n e d
H C e r tif ic a te
C e r tif ic a te
R e s u lt
U se r a p p lie s fo r
is s u in g c e r t i f i c a t e
u H "
M e s s a g e in p u b lic k e y c e r t i f i c a t e
User
s ig n e d w i t h d ig ita l s ig n a t u r e
r
/ ---------------------------
> V a lid a tio n o f e le c tro n ic s ig n a tu r e
P u b lic K e y 1
> E n q u ire s a b o u t p u b lic k e y c e r tific a te
P r iv a te K ey ^ J 1 v a lid ity t o v a l i d a t i o n a u t h o r i t y
C e r t if ic a t io n A u t h o r it ie s C E H
Crt1fW4 itfciul Nm Im
Q th a M te
se curity trusted by
is around the w orld
The First To Bring You a Full
Line of 2048-bit Certificates
ThUidSMSui m
BUYCERTFICATES
th e m o s t v is ib le w e b s ite s e c u r ity
http://www.comodo.com http://www.thawte.com
SSymantec
http://www.verisign.com http://www.entrust.net
C o p y rig h t b y EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
C e rtific a tio n a u th o ritie s are th e e n titie s th a t issue d ig ita l ce rtific a te s . The fo llo w in g
are som e o f th e c e rtific a te a u th o ritie s :
C om odo
C o m o do o ffe rs a c o m p le te range o f PKI d ig ita l c e rtific a te s w ith stro n g SSL e n c ry p tio n a va ilable .
It ensures s ta n d a rd s o f c o n fid e n tia lity , system re lia b ility , and p e rtin e n t business practices as
ju d g e d th ro u g h q u a lifie d in d e p e n d e n t a u d its. The PKI (P ublic Key In fra s tru c tu re ) m a n a g e m e n t
s o lu tio n s o ffe re d by C o m o d o in c lu d e C o m o d o C e rtific a te M a n a g e r and C o m o d o EPKI M a n a g e r.
9 M u lti-d o m a in EV SSL
9 W ild c a rd SSL
9 G eneral p u rp o se SSL
9 Secure Email - S /M IM E
9 C o d e s ig n in g
COMODO
Creating Trust Online* I Resources I newsroom I Careers I ContactUs I Support I Loflm I
Product* Home&HomeOffice E-Commerce SmalloUM
eOm
aim
dBu
usies!
Mkess LargeEaterpiise PartaeisSocialMeOa
I Mil I I
th w a te
th a w te is a C e rtific a tio n A u th o rity , th w a te o ffe rs SSL and code signing d ig ita l c e rtific a te s to
secure servers, p ro vid e s data e n c ry p tio n , a u th e n tic a te s users, p ro te c ts privacy, and assures
o n lin e id e n tifie s th ro u g h s trin g e n t a u th e n tic a tio n and v e rific a tio n processes. The SSL
c e rtific a te s o ffe re d by th w a te in clu d e W ild c a rd SSL C e rtifica te s, SAN /U C C e rtifica te s, SGC
SuperC erts, and E xtended V a lid a tio n SSL C e rtifica te s.
( t) th a w te
urity trusted by
ound the world
G e t s ta rte d In s p ire S im p lify SSL
w ith S S L T r u s t O n lin e S e c u rity
Oncoswrwhat SSI * ShooUmcsDmDim JustoneSANcertAcate
andwhyyouneedt TrustedS*eSeal and cansecuremultiple
BUY CERTIFICATES
SSICertificates
th e m o s t v is ib le w e b s ite s e c u r ity j
CodeSigningCertificates **wtjhmmgraewWLxam AMsmaaeetyTnenrte Cj X J
V e r is ig n
SSL C e rtific a te s :
0 Secure Site
0 SSL fo r th e E n te rp rise
S a m e ch e ck . New nam e.
S t ill th e g o ld s t a n d a r d .
v/^ N o rto n Th same security, services and support youve come to trust
V J SECURED
from VeriSign are now brought to you by Symantec.
pow ered by VeriSign
wnat it mean* for you >
E n tru s t
EVUulti-Oomain
SSLC*rw>cat*
fto $ 1 8 6 HH ^ 1
$725/ year $373... $249 StandardSSLCrtMcatM *
Q3Q) LocJtia ra n C*11fc*WD*v*r
Q 3 ua t IT W
$155...
M o d u l e F l o w
M o d u le F lo w
C ry p to g ra p h y A tta c k s C ry p ta n a ly s is T ools
This s e ctio n focuses on v a rio u s e m a il s e c u rity m echanism s such as d ig ita l s ig n a tu re s , SSL, and
TLS.
D i g i t a l S i g n a t u r e C E H
Digital signature used asymmetric cryptography to simulate the security properties of a signature in digital,
rather than written form
A digital signature may be further protected, by encrypting the signed email for confidentiality
Ml
Decrypt message using
OPEN one-tim e symmetric key
V
j r . /...................
D i g i t a l S ig n a tu r e
The c e rtific a tio n a u th o rity d ig ita lly signs th e c e rtific a te to assure th e a u th e n tic ity o f b o th th e
p u b lic key and th e s u b scrib e r's id e n tity . The a u th o rity 's d ig ita l sig n a tu re on th e c e rtific a te can
be v e rifie d w ith th e help o f th e p u b lic key o f th e c e rtific a tio n a u th o rity re co rd e d in a n o th e r
c e rtific a te , w h ic h belongs to a n o th e r c e r tific a tio n 's a u th o rity . This c e rtific a te can be
a u th e n tic a te d w ith th e he lp o f a n o th e r p u b lic key re c o rd e d in a n o th e r c e rtific a te and so on.
The re p o s ito ry can be m ade to pu b lish th e c e rtific a te ; th e p u b lic key and its id e n tity are
a va ila b le fo r v e rific a tio n o f th e c e rtific a te . The re trie v a l and v e rific a tio n o f th e d ig ita l sig n a tu re
is m ade w ith th e h e lp o f an o n lin e database called re p o s ito rie s , w h ic h h olds th e c e rtific a te s and
o th e r in fo rm a tio n . The c e rtific a tio n a u th o rity m ay suspend o r re vo ke th e c e rtific a te .
C o n fid e n tia l
P11 noL 01,
0 1001110
1100 001
1 111 oo
1U
- unn
f
00 k
SEAL O P EN
D e c ry p t m essage using
o n e -tim e s y m m e tric k ey
V
R e c ip ie n t d e c ry p t o n e -tim e
s y m m e tric k e y using his PRIV ATE key
DELIVER VERIFY
11 n o 01 :
P H
11 -V..
v a lu e a t t a c h e d
M a il ele c tro n ic e n v e lo p e s U n lo ck th e hash v a lu e using w ith t h e m ail
to t h e re cip ie n t se n d er's PUBLIC k e y
S S L ( S e c u r e S o c k e ts L a y e r ) C E H
B SSL is an application layer protocol developed by Netscape for managing the security of a
message transmission on the Internet
B It uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections
S e n d s a S e rv e r H ello D o n e m e s s a g e
S e n d s a C h a n g e C ip h e r S p e c m e s s a g e a n d a ls o s e n d s F in is h e d m e s s a g e ( h a s h o f h a n d s h a k e m e s s a g e )
H ash v a lu e is c a lc u la te d f o r t h e e x c h a n g e d h a n d s h a k e m e s s a g e s a n d t h e n c o m p a r e d t o t h e h a s h v a lu e
r e c e iv e d f r o m t h e c lie n t; If t h e t w o m a tc h , t h e k e y a n d c ip h e r s u ite n e g o tia tio n s u c c e e d s . S e n d s a C h a n g e
C ip h e r S p e c m e s s a g e a n d a ls o s e n d s F in ish e d m e s s a g e ( h a s h o f h a n d s h a k e m e s s a g e )
S S L (S e c u re S o c k e ts L a y e r )
A ny a p p lic a tio n -la y e r p ro to c o l th a t is h ig h e r th a n SSL, such as HTTP, FTP, and TELNET, can be
layered on to p o f SSL tra n s p a re n tly . The SSL acts as an a rb itr a to r b e tw e e n th e e n c ry p tio n
a lg o rith m and session key, and also v e rifie s th e d e s tin a tio n se rve r b e fo re th e tra n s m is s io n and
re c e p tio n o f data. The c o m p le te data o f th e a p p lic a tio n p ro to c o l is e n c ry p te d , to ensure
s e cu rity. It also o ffe rs cha nn e l s e c u rity w h ic h has th re e basic p ro p e rtie s :
S e s s io n I d e n t i f i e r
9 Server w r ite MAC secre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e
server.
9 C lie nt w r ite MAC se cre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e
c lie n t.
9 In itia liz a tio n v e c to rs - In CBC (C ipher Block Chain) m o d e w h e n th e block cip h e r is used,
an in itia liz a tio n v e c to r is m anaged fo r e ve ry key. It is s ta rte d by th e SSL handshake
p ro to c o l and is used to m ake th e fir s t c ip h e r te x t. The last c ip h e r te x t b lo c k o f e ve ry
te x t is used w ith th e s u b s e q u e n t re c o rd .
9 Sequence numbers - Every party maintains a different and unique sequence of numbers
for the transmission and reception of messages for every connection. The appropriate
sequence is set to zero depending on the party that sends and receives cipher spec.
S S L H a n d s h a k e P r o to c o l F lo w
The SSL handshake protocol works on top of the SSL record layer. These processes
that are executed in the three handshake protocol are summarized as follows:
9 The client sends a hello message to the server and the server must respond to the hello
message with a hello message, or else the connection will fail due to the occurrence of a
fatal error. The attributes that are established due to the server and client hello are:
protocol version, session ID, cipher suite, and compression method.
9 After the connection is established, the server sends a certificate to the client for
authentication. In addition, a server-key exchange message might be sent. Ifthe server
is authenticated, the client may be requested for the certificate, if that is appropriate to
the cipher suite selected.
9 The server sends a hello done message, to inform that the handshake phase is complete
and waits for the client's response.
9 If the client receives a certificate request message, the client must respond to the
message by sending a certificate message or "no certificate" alert.The client-key
exchange message is sent and the content of the message depends on the public-key
algorithm between the server hello and client hello. If the certificate sent by the client
has signing ability, a digitally signed certificate verifies the message, and is transmitted.
9 The client transmits the changed cipher spec message and copies the pending cipher
spec into the current cipher spec. The client sends a message to initiate the completion
of the message under the new algorithm, keys, and secrets. In response the server
replies by sending its own changed cipher spec message, transfers the pending cipher
spec to the current cipher spec, and initiates the completion of the message under the
new cipher spec. This is the point of completion of the handshake and the server starts
to exchange the application layer data.
The message of the previous session or the replica of an existing session is as follows:
The client initiates the communication by sending a hello message with the session I of the
session that is to be resumed. The server checks its cache to look for the match of the session
ID; if it finds a match it re-establishes the session under the specified session state with same
session ID. This is the point where both the server and the client exchange the changed spec
messages and proceed directly to the finished messages. After re-establishment, the server and
the client exchange the data at the application layer. If the session I is not found, the server
creates a new session ID, and the SSL client and server carry out a complete handshake.
Client Hello message (includes SSI version, encryption algorithms, key exchange algorithms, and MAC algorithms)
Determines the SSLversion and cipher suite to be used for the communication;
sends Server Hello message (Session ID) and Certificate message (local certificate)
........ Verifies the Digital certificate; generates a random premaster secret (Encrypted with
tv A i
server's public key) and sends Client Key Exchange message with the premaster secret
Sends aChange Cipher Spec message and also sends Finished message (hash of handshake message)
Computes the hash value of the exchanged handshake messages and compares the hash value with that
received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends aChange
Cipher Spec message and also sends Finished message (hash of handshake message)
T r a n s p o r t L a y e r S e c u r ity (T L S ) C E H
H a n d s h a k e P ro to c o l
R e c o rd P ro to c o l
T r a n s p o r t L a y e r S e c u r ity (T L S )
Q TLS re c o rd p ro to c o l
9 TLS handshake p ro to c o l
T L S R e c o rd P ro to c o l
Hit -251
T L S H a n d s h a k e P ro to c o l
Hello Server
Server Certificate
Server key Exchange
Client Certificate Certificate Request
Client key exchange Server Hello Done
Certification verify
[Change Cipher Spec]
Client Finished [Change Cipher Spec]
Message Server Finished
Message
H an d sh ak e P ro to c o l
R e c o rd P ro to c o l
M o d u le F lo w
D i s k E n c r y p t i o n C E H
Confidentiality Encryption
a rotection
* *
1 1
------------------------j.---------------------- ............................ 1 .........................
1 |
4 1 # ^ 4 4 * + m
Priv acy Passphrase Hidden Volumes Volume Encryption Blue Ray DVD Backup
(it 111
D is k E n c r y p tio n
- 3
Disk e n c ry p tio n is th e process o f securing data by tra n s fe rrin g it in to un re a d a b le code
th a t c a n n o t be d e c ip h e re d by u n a u th o riz e d persons. You can use d is k e n c ry p tio n s o ftw a re or
h a rd w a re to e n c ry p t e ve ry b it o f in fo rm a tio n th a t is w r itte n on th e disk.
D is k E n c r y p tio n T o o l: T r u e C r y p t C E H
Urti*W itkHil lUckw
D is k E n c r y p tio n T o o l: T r u e C r y p t
M a in F e atures:
9 Creates a virtual encrypted disk within a file and mounts it as a real disk
9 Encrypts an entire partition or storage device such as USB flash drive or hard drive
9 Encrypts a partition or drive where Windows is installed (pre-boot authentication)
9 E n cryp tio n can be h a rd w a re -a c c e le ra te d on m o d e rn processors
fnerypt thesystempartitionorentiresystemdrive
Encrypts the paratwnAfr** inhere Windows s n s 'jtfd Anyone f' Midden TrueCrypt volume
who wants to oan access and use the system, read and write It may happen mat you are forced by somebody to reveal the
Wes, etc., w# need to erter lie correct password each awe password to an encrypted volume. There are many situations
before Wndows boots. Optunrfy, creates 0 hdden system. /here you cannot refuse to reseal the p a ssw d (for example,
rte t1tfK g a s s a g a gg*B993 due to extortion). Llano a 90<aled hidden volume alows you to
sotve such otuasons wthout reveairg the pacsworc to y&s
m Jh m .
D i s k E n c r y p t io n T o o l: G iliS o f t
F u l l D i s k E n c r y p t io n
u c40 * * ---------------------
dako
Jifeii. /1
**WWWI D is k E n c r y p tio n T o o l: G iliS o ft F u ll D is k E n c r y p tio n
=//==
S ource: h tt p :/ /w w w .g ilis o ft .c o m
, OtiSod Gason
Full Disk Encryption 4 *< ^ Full Disk Encryption u
U c i CWo [ Rx>vable01* UalD^ii I
Enayptngthecomputer'sw* <Mcanensurethat thedata notteakafter thedsfco>
computera Jdtct thelocaldakyouwanttoenayptfromthefolowngtot.
I Encryptionportion 1 Drives 1Encryptionportion 1
f: 0C:\ [System] 4,83800%
0 C:C5rttor) _JL*700s_ F:\ 1 0%
0: t*\ 1 0% 1
If youwanttochangethepasswordp*easecomptetetheencryption. If vouwanttochangethepasswod.p1easecorrpletetheencryption.
D i s k E n c r y p t i o n T o o l s C E H
(rtifWd ItkNjI Nm Im
ShareCrypt
h ttp ://w w w .s e c u rs ta r.c o m
H DiskCryptor
h t t p : / / d is k c r y p t o r .n e t
PocketCrypt
h t t p : / / w w w . s e c u rs t a r . c o m
D alertsec
h t tp : //w w w . a le r ts e c .c o m
1-----------
-ta
f D is k E n c r y p tio n T o o ls
m In a d d i t i o n t o T r u e C r y p t a n d G i l i S o f t F u ll D is k E n c r y p t i o n , t h e r e a r e m a n y o t h e r d is k
e n c r y p t i o n t o o l s t h a t a l l o w y o u t o f u l l y e n c r y p t a ll d a t a . A l is t o f d i s k e n c r y p t i o n to o ls is
m e n tio n e d b e lo w as f o l l o w s . A ll t h e s e t o o l s have a c o m m o n g o a l , i.e., e n c r y p t i n g a d is k
p a r t i t i o n . B u t e n v i r o n m e n t o r p u r p o s e m a y c h a n g e . If o n e t o o l is i n t e n d e d t o c r e a t e a v i r t u a l
e n c r y p t e d d is k o f t h e t a r g e t d is k p a r t i t i o n , th e n th e o t h e r m a y be i n t e n d e d t o e n c r y p t d a ta on
P o c k e t PCs r u n n i n g W i n d o w s M o b i l e a n d s o o n :
9 D r iv e C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m
9 S h a r e C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m
9 P o c k e t C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m
9 R -C ry p to a v a ila b le a t h t t p : / / w w w . r - t t . c o m
9 S a f e B it D isk E n c r y p t i o n a v a i l a b l e a t h t t p : / / w w w . s a f e b i t . n e t
9 D is k C r y p t o r a v a ila b le a t h t t p : / / d i s k c r y p t o r . n e t
9 a le rts e c a v a ila b le a t h t t p : / / w w w . a l e r t s e c . c o m
M o d u le F lo w
So fa r, w e h a v e discu ssed c r y p t o g r a p h y c o n c e p ts , v a r io u s c r y p t o g r a p h y m e c h a n is m s ,
a n d e n c r y p t i o n a lg o r i t h m s . N o w it's t i m e t o discuss h o w c r y p t o g r a p h y s y s te m s c a n be e x p l o i t e d
by a n e x te r n a l user.
C ry p to g ra p h y A tta c k s C ry p ta n a ly s is T ools
CryptographyAttacks CEH
J Cryptography attacks are based on the assumption that the cryptanalyst has access to
the encrypted info rm ation
r
C h o s e n -k e y a tta c k
9 #- C h o s e n - c ip h e r te x t
a tta c k
C r y p to g r a p h y A tta c k s
)J)
C r y p t o g r a p h i c a tta c k s a re t h e m e a n s by w h i c h t h e a t t a c k e r d e c r y p t s t h e c i p h e r t e t
(b re a k s t h e c i p h e r t e x t ) w i t h o u t t h e k n o w le d g e o f th e key. In th e s e a tta c k s , t h e a t t a c k e r
s u b v e r ts t h e c y r p t o g r a p h ic s y s te m 's s e c u r it y by e x p l o i t i n g th e lo o p h o le s in co d e , c ip h e r ,
c r y p t o g r a p h ic p r o t o c o l o r k e y m a n a g e m e n t s c h e m e . C r y p t o g r a p h y a t t a c k s a re b ase d o n t h e
a s s u m p t i o n t h a t t h e c r y p t a n a l y s t has k n o w l e d g e o f t h e i n f o r m a t i o n e n c r y p t e d . A t t a c k e r s h a v e
f o u n d v a r io u s a tta c k s f o r d e f e a t in g t h e c r y p t o s y s t e m a n d t h e y a r e c a te g o r iz e d i n t o e ig h t ty p e s :
9 C i p h e r t e x t o n l y a t ta c k
9 K n o w n -p la in te x t a tta ck
9 C h o s e n -p la in te x t
9 C h o s e n - c ip h e r t e x t a t t a c k
9 C h o sen key a t ta c k
9 A d a p t i v e c h o s e n - p l a in t e x t a tta c k
9 T i m in g a t ta c k
9 R u b b e r h ose a tta c k
CryptographyAttacks ( C o n t d )
CEH
Ciphertext-only Attack Adaptive Chosen-plaintext Attack
Attacker has access to the cipher text; Attacker makes a series of interactive
goal of this attack to recover encryption queries, choosing subsequent plaintexts
key from the ciphertext based on the information from the
previous encryptions
M
Chosen-plaintext Attack L* Known-plaintext Attack
Attacker defines his own plaintext, Attacker has knowledge of some part of
feeds it into the cipher, and analyzes the the plain text; using this information the
resulting ciphertext key used to generate ciphertext is deduced
so as to decipher other messages
GO C r y p to g r a p h y A tta c k s ( C o n td )
y C ip h e rte x t o n ly a tta c k
A d a p tiv e c h o s e n - p la in te x t a tta c k
A n a d a p t i v e c h o s e n - c i p h e r t e x t is t h e c o l l a b o r a t i v e v e r s i o n o f t h e c h o s e n - p l a i n t e x t
a tta c k . In t h i s t y p e o f a tta c k , t h e a t t a c k e r ch o se s f u r t h e r c i p h e r t e x t s b ase d o n p r i o r
re s u lts . H e r e t h e c r y p t a n a l y s t n o t o n l y c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d b u t can also
m o d i f y his o r h e r c h o ic e b ase d o n t h e r e s u lts o f t h e p r e v io u s e n c r y p t i o n .
C h o s e n - c ip h e r te x t a tta c k
In a c h o s e n - c i p h e r t e x t a tta c k , t h e a t t a c k e r c h o o s e s s o m e p a r t o f c i p h e r t e x t t o be
d e c r y p t e d a n d tr i e s t o f i n d o u t t h e c o r r e s p o n d i n g d e c r y p t e d p la i n t e x t . T his is u s u a lly d o n e w i t h
t h e h e lp o f a d e c r y p t i o n o r a c le (a m a c h in e t h a t d e c o d e d t h e t e x t w i t h o u t d is c lo s in g t h e key).
Basically, th is t y p e o f a t ta c k is a p p lic a b le t o p u b l i c - k e y c r y p t o s y s t e m s . T his a t ta c k is h a r d e r t o
p e r f o r m w h e n c o m p a r e d t o o t h e r a tta c k s , a n d t h e a t t a c k e r n e e d s t o h a v e c o m p l e t e c o n t r o l o f
s y s te m c o n t a i n i n g c r y p t o s y s t e m in o r d e r t o c a r r y o u t t h i s a tta c k .
R u b b e r h o se a tta c k
CryptographyAttacks ( C o n t d ) I
^g
Urtifwd |
\\
ilkitjl IlMhM
A g e n e r a liz a tio n o f t h e c h o s e n - te x t
a tta c k
It is b a se d o n re p e a te d ly m e a s u rin g
th e exact e x e cu tio n tim e s o f m o d u la r
e x p o n e n tia tio n o p e ra tio n s
C r y p to g r a p h y A tta c k s ( C o n td )
C h o s e n - p la in te x t
(L cJ
^ _ This is m o r e p o w e r f u l t h a n a p la i n t e x t a t ta c k . In t h i s t y p e o f a tta c k e r , t h e a t t a c k e r n o t
o n ly has access t o t h e c i p h e r t e x t a n d a s s o c ia te d p l a i n t e x t f o r s e v e ra l m essages, b u t
also c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d , a n d o b t a in s t h e r e s u lt in g c i p h e r t e x t .
K n o w n -p la in te x t a tta c k
In g e n e r a l, m o s t p e o p le s t a r t t h e i r m e ssa g e s w i t h t h e s a m e t y p e o f b e g in n in g n o te s such as
g re e tin g s a nd clo se w i t h th e same ty p e o f e n d in g su ch as s p e c ific s a lu ta tio n s , c o n ta c t
i n f o r m a t i o n , n a m e , etc. A t t a c k e r s can use t h is as an a d v a n t a g e t o la u n c h k n o w n - p l a i n t e x t
a tta c k s . H e re t h e a t t a c k e r has s o m e p la i n t e x t (i.e., t h e d a ta t h a t a re t h e s a m e o n e a ch m ess a ge )
a n d can c a p t u r e an e n c r y p t e d m essa ge , a n d t h e r e f o r e c a p t u r e t h e c i p h e r t e x t . O n c e t h e f e w
p a r ts o f t h e m essa ge re d is c o v e r e d , t h e r e m a i n in g ca n e a s ily be a c c o m p lis h e d w i t h t h e h e lp o f
re v e rs e e n g in e e r in g , f r e q u e n c y a na lysis , o r b r u t e f o r c e a t t e m p t s .
C h o s e n k e y a tta c k
cLi
L A c h o s e n key a t t a c k is a g e n e r a liz a t io n o f t h e c h o s e n - t e x t a t t a c k . In th is a tta c k , t h e
a t t a c k e r has s o m e k n o w l e d g e a b o u t t h e r e l a t io n s h i p b e t w e e n t h e d i f f e r e n t keys, b u t
c a n n o t c h o o s e t h e key.
T im in g A tta c k
C o d e B r e a k i n g M e t h o d o l o g i e s C E H
I t in v o lv e s t h e u s e o f s o c ia l C r y p t o g r a p h y k e y s a r e d is c o v e r e d b y
e n g in e e r in g t e c h n iq u e s t o e x tr a c t t r y in g e v e r y p o s s ib le c o m b in a t io n
c ry p to g ra p h y ke ys
O n e-T im e Pad
& eSl Frequency Analysis
I t is t h e s t u d y o f t h e f r e q u e n c y o f le t t e r s
A o n e - t im e p a d c o n ta in s m a n y n o n - o r g r o u p s o f le t t e r s in a c ip h e r t e x t
r e p e a tin g g r o u p s o f le tte r s o r n u m b e r
I t w o r k s o n t h e f a c t t h a t , in a n y g iv e n
k e y s , w h ic h a r e c h o s e n r a n d o m ly
s t r e t c h o f w r i t t e n la n g u a g e , c e r t a i n
l e t t e r s a n d c o m b i n a t i o n s o f le t t e r s o c c u r
w i t h v a r y in g f r e q u e n c ie s
C o d e B r e a k in g M e th o d o lo g ie s
T he s t r e n g t h o f an e n c r y p t i o n a l g o r i t h m is m e a s u r e d , in la rg e p a r t by c r y p ta n a ly s ts , by
u sin g v a r io u s code b r e a k in g te c h n i q u e s . T h e v a r io u s c o d e -b re a k in g te c h n iq u e s th a t a re
a v a ila b le are:
0 B r u te - F o r c e
0 F re q u e n c y A n aly sis
0 T r ic k e r y a n d D e c e it
0 O n e - T im e Pad
B ru te -F o rc e
C o d e - b re a k e rs , o r c r y p ta n a ly s ts , w a n t t o r e c o v e r t h e p la i n t e x t o f a m e s s a g e w i t h o u t
k n o w i n g t h e r e q u i r e d k e y in a d v a n c e . T h e y m a y f i r s t t r y t o r e c o v e r t h e key, o r g o a f t e r t h e
m e s s a g e its e lf. O n e o f t h e f a m i l i a r w a y s o f t h e c r y p t a n a l y t i c t e c h n i q u e is b r u t e - f o r c e a t ta c k o r
an e x h a u s tiv e s e a rch , ( w h e r e t h e keys a re g u e s s e d by t r y i n g e v e r y p o s s ib le c o m b in a t i o n ) .
T h e e f fic ie n c y o f t h e b r u t e - f o r c e d e p e n d s o n t h e h a r d w a r e c o n f i g u r a t io n . U sag e o f f a s te r
p ro c e s s o rs m e a n s t e s t i n g m o r e keys p e r s e c o n d . M ic h a e l W e i n e r , p u t f o r t h a b r u t e - f o r c e a tta c k
o n t h e DES w i t h t h e h e lp o f s p e c ia lly d e s ig n e d c o m p u t e r s w i t h c r y p t o g r a p h e r s s o u n d in g t h e o ld
s t a n d a r d 's d e a t h kn e ll.
M o r e o v e r , t h e c o m b i n a t i o n o f a d v a n c e d f a c t o r i n g a nd t h e f a s t e r c o m p u t e r s used in t h e r e c e n t
a tta c k s o n R SA -129, m a k e s a lg o r i t h m s a p p e a r w e a k . T h e NSA t h a t has t o p c o m p u t i n g p o w e r is
t h e c e n t e r o f t h e b r u t e - f o r c e a tta c k .
F re q u e n c y A n a ly s is
F re q u e n c y a na lys is o f t h e l e t te r s m a k e s t h e b r u t e - f o r c e m e t h o d n o t a s u it a b le m e t h o d
f o r a t t a c k in g t h e c ip h e r . For e x a m p le t h e l e t t e r " e " is t h e c o m m o n w o r d in th e English la n g u a g e
a n d t h e l e t t e r " k " a p p e a rs c o m m o n l y in t h e c ip h e r t e x t , it can b e c o n c l u d e d r e a s o n a b ly t h a t k=e,
a n d so o n.
fe jj T r ic k e r y a n d D e c e it
T h e r e has a lw a y s b e e n a n e e d f o r a h ig h level o f m a t h e m a t i c a l a nd c r y p t o g r a p h ic
skills, b u t t r i c k e r y a n d d e c e it h a v e a lo n g h is t o r y in c o d e - b r e a k i n g as w e l l t h e v a lu e o f t h e
e n c r y p t e d d a ta m u s t be b e l o w t h e c o s t e n t i t l e d t o b re a k t h e a l g o r i t h m . In t h e m o d e r n w o r l d ,
c o m p u t e r s a re f a s t e r a n d c h e a p e r , t h e r e f o r e it w o u l d be b e t t e r t o c h e c k t h e lim i t s o f t h e s e t w o
p aram eters.
_ O n e -tim e P a d
It is c o n s id e r e d t h a t a n y c i p h e r can be c r a c k e d if s u f f i c i e n t t i m e a n d r e s o u rc e s a re
p r o v id e d . But th e re is an e x c e p tio n c a lle d a o n e -tim e pad, w h ic h is c o n s id e r e d to be
u n b r e a k a b l e e v e n a f t e r i n f i n i t e re s o u r c e s a re p r o v id e d .
Brute-ForceAttack C E H
D e f e a t in g a c r y p t o g r a p h ic B r u t e - f o r c e a t t a c k is a h ig h S u c c e s s o f b r u te fo r c e a tta c k
s c h e m e b y t r y i n g a la r g e r e s o u r c e a n d t i m e in t e n s i v e d e p e n d s o n le n g t h o f t h e
n u m b e r o f p o s s ib le k e y s p ro c e s s , h o w e v e r, m o re k e y , t im e c o n s t r a in t , a n d
u n t il t h e c o r r e c t e n c r y p t io n c e r t a i n t o a c h ie v e r e s u lt s s y s t e m s e c u r i t y m e c h a n is m s
k e y is d is c o v e r e d
P o w e r/C o s t 4 0 b it s (5 c h a r ) 5 6 b i t (7 c h a r ) 6 4 b i t (8 c h a r ) 1 2 8 b i t (1 6 c h a r )
$ IM (Achieved by a huge
0.2 sec 3.5 hours 37 days 10* 18 years
organization or a state)
E s t im a t e T im e f o r S u c c e s s f u l B r u t e f o r c e A t t a c k
B ru te -fo rc e A tta c k
It is v e r y d i f f i c u l t t o c ra c k c r y p t o g r a p h ic s y s te m s as t h e y h a v e n o p ra c tic a l w e a k n e s s e s
t o e x p lo it . Bu t, it is n o t im p o s s ib le . C r y p t o g r a p h i c s y s te m s use c r y p t o g r a p h i c a l g o r i t h m s t o
e n c r y p t a m essa ge . T h e s e c r y p t o g r a p h ic a l g o r i t h m s use a key t o e n c r y p t o r d e c r y p t m essages.
In c y r p t o g r a p h y , t h is ke y is t h e i m p o r t a n t p a r a m e t e r t h a t s p e c ifie s t h e t r a n s f o r m a t i o n o f
p la in te x t o c i p h e r t e x t a n d v ic e v e rsa . If y o u a re a b le t o guess o r f i n d t h e k e y used f o r d e c r y p t i o n
t h e n y o u ca n d e c r y p t t h e m essa ge s a n d re a d it in c le a r t e x t ; 1 2 8 - b i t k e y s a re c o m m o n l y used
and c o n s id e r e d s tr o n g . F ro m s e c u r it y p e r s p e c tiv e s t o a v o id th e key b e in g g ue ssed , t h e
c r y p t o g r a p h ic s y s te m s use r a n d o m l y g e n e r a t e d keys. T h is m a ke s y o u p u t a l o t o f e f f o r t in
g u e ssin g t h e key. B u t y o u s till h ave a c h o ic e t o d e t e r m i n e t h e key used f o r e n c r y p t i o n o r
d e c r y p t i o n . A t t e m p t t o d e c r y p t t h e m e s s a g e w i t h all p o s s ib le keys u n til y o u d is c o v e r t h e key
used f o r e n c r y p t i o n . This m e t h o d o f d is c o v e r in g a key is u s u a lly ca lle d a b r u t e - f o r c e a tta c k . In a
b r u t e - f o r c e a tta c k , t h e a t t a c k e r tr i e s e v e r y p o s s ib le k e y u n til t h e m e s s a g e can b e d e c r y p t e d .
B u t t h is n e e d s a h u g e a m o u n t o f p ro c e s s in g p o w e r f o r d e t e r m i n i n g t h e key used t o s e c u re
c r y p t o g r a p h ic c o m m u n i c a t i o n s . For a n y n o n - f l a w e d p r o t o c o l , t h e a v e r a g e t i m e n e e d e d t o f i n d
t h e key in a b r u t e - f o r c e a t t a c k d e p e n d s o n t h e le n g t h o f t h e key. If t h e ke y le n g t h is s m a ll, t h e n
it w ill t a k e less t i m e t o fin d t h e key. If k e y le n g t h is la rg e r, th e n it w ill t a k e m o r e t i m e t o
d is c o v e r t h e key. A b r u t e - f o r c e a t t a c k w i ll be su ccessfu l if a n d o n l y i f e n o u g h t i m e is g iv e n f o r
d is c o v e r in g t h e ke y. H o w e v e r , t h e t i m e is r e l a t iv e t o t h e le n g t h o f t h e key.
9 L e n g th o f t h e k e y
9 T he n u m b e r s o f p o s s ib le v a lu e s e a ch c o m p o n e n t o f t h e k e y ca n h ave
9 T he t i m e it ta k e s t o a t t e m p t each key
9 If t h e r e is a n y m e c h a n i s m , w h i c h locks t h e a t t a c k e r o u t a f t e r a c e r t a i n n u m b e r o f fa ile d
a tte m p ts
A b r u t e - f o r c e a t t a c k is, h o w e v e r , m o r e c e r t a i n t o a c h ie v e re s u lts .
4 0 b it s (5 5 6 b i t (7 6 4 b i t (8 1 2 8 b it (1 6
P o w e r/C o s t
ch a r) ch a r) ch a r) ch a r)
$ 2 K ( 1 PC. C a n b e
a c h ie v e d b y a n 1.4 m in 73 Days 5 0 Years 1 0 A2 0 Years
in d iv id u a l)
$ 1 0 0 K (th is can
b e a c h ie v e d b y a 2 Sec 35 H o u rs 1 Year 1 0 A19 Years
com pany)
$ 1 M (A c h ie v e d b y
a huge
0.2 Sec 3.5 H o u rs 3 7 Days 1 0 A18 Years
o rg a n iz a tio n o r a
s ta te )
M e e t - in - t h e - M id d le A t t a c k o n r
c E H
D i g i t a l S ig n a t u r e S c h e m e s (trW M IU kjI H.k
J The attack works by encrypting from one end and decrypting from
the other end, thus meeting in the middle
J It can be used for forging signatures even on digital signatures that
use multiple-encryption scheme
E n c ry p te d w it h I n t e r m e d ia t e D e c ry p te d w it h
John" " A v B r ;
1* keyl
P C ip h e r te x t 1 1 ke y 2
I n t e r m e d ia t e D e c ry p te d w it h
"A v B r"
P C ip h e r te x t 2 2 nd k e y 2
I n t e r m e d ia t e D e c ry p te d w it h
2s6,h k e y 2 "A v B r"
C ip h e r te x t 2
P la in t e x t C ip h e r te x t
M e e t i n t h e M i d d l e A tta c k o n D ig it a l S ig n a tu re
S c h e m e s
A m e e t - i n - t h e - m i d d l e a t t a c k is t h e b e s t a t t a c k m e t h o d f o r c r y p t o g r a p h ic a lg o r i t h m s using
m u l t i p l e keys f o r e n c r y p t i o n . T his a t t a c k re d u c e s t h e n u m b e r o f b r u t e fo r c e p e r m u t a t i o n s
n e e d e d t o d e c o d e t e x t t h a t has b e e n e n c r y p t e d by m o r e t h a n o n e key a n d is c o n d u c t e d m a i n l y
f o r f o r g i n g s ig n a t u r e s o n m ix e d t y p e d ig ita l s ig n a tu r e s . A m e e t - i n - t h e - m i d d l e a t t a c k uses sp ace -
t i m e t r a d e - o f f ; it is also k n o w n as b i r t h d a y a t t a c k b e c a u s e it e x p lo its t h e m a t h e m a t i c s b e h in d
t h e b i r t h d a y p a r a d o x . It ta k e s less t i m e t h a n an e x h a u s tiv e a tta c k . It is ca lle d a m e e t - i n - t h e -
M i d d l e a t ta c k b e c a u s e th is a t t a c k w o r k s by e n c r y p t i n g f r o m o n e e n d a n d d e c r y p t i n g f r o m t h e
o t h e r e n d , t h u s m e e t i n g in t h e m id d le .
In t h e m e e t - i n - t h e - m i d d l e a tta c k , t h e a t t a c k e r uses a k n o w n p la i n t e x t m es sa g e . T h e a t t a c k e r
has access t o b o t h t h e p la i n t e x t as w e l l as t h e r e s p e c tiv e e n c r y p t e d te x t .
i n t e r m e d i a t e c i p h e r t e x t p r e s e n t in t h e c i p h e r t e x t t a b l e a f t e r f i r s t b r u t e - f o r c e a t t a c k . O n c e t h e
m a tc h is f o u n d , b o t h keys can b e d e t e r m i n e d a n d t h e a t t a c k is c o m p le t e . T his a t t a c k a t m o s t
ta k e s 2 J" p lu s o r m a x i m u m 2 57 t o t a l o p e r a t i o n s . T h is e n a b le s t h e a t t a c k e r t o g a in access t o t h e
d a ta e a s ily w h e n c o m p a r e d w i t h t h e D o u b le DES.
John
E n c r y p t e d w it h
I s' k e y l
"AvBr"
]
John
E n c r y p t e d w it h
2 nd k e y l
D e c r y p t e d w it h
2 " key2 "AvBr"
}
E n c r y p t e d w it h D e c r y p t e d w it h
John" 2 5 d k e y l 2 s6 1 < k e y 2 "AvBr"
Plaintext Ciphertext
Public Key
Email
Infrastructure
Encryption
(PKI)
y .\ t
Cryptography
Attacks
|<ar Cryptanalysis
Tools %
C o p y r ig h t b y i C - G 0 H C i l. A ll R ig h ts R e se rv e d . R e p ro d u c tio n is S tr ic tly P ro h ib ite d .
M o d u le F lo w
C r y p t a n a l y s i s T o o l: C r y p T o o l E H
c tt*H4i IlMbM
ItiVM
!CrypTool 1 .4 .3 1 B e ta 5 [V S 2 0 1 0 ] - U n n a m e d l 3 C r y p T o o l is a !f r e e e -_le ax r n in g
File E dit View D ig ital S ig n atu fe s/P K I In d iv. P r o c e d u re s A nalysts O p tio n s W in d o w H elp p r o g r a m in t h e a r e a o f
S y m m e tric (classic)
c ry p to g ra p h y a n d
S y m m e tric ( m o d e rn ) IDEA...
c r y p t o a n a ly s i s
A sy m m e tric
Hybrid RC4... S u b p r o j e c t s o f C r y p T o o l:
T h e C ry p T o o l p o r ta l is a c e n t r a l i z e d p l a c e for DES (ECB).
e C ry p T o o l 1 (C T 1 )
DES (C B Q ...
00000000 E- 55 4F 23 16 IB A4 72 E4 67 D4 IB U O X .. r g A
0300030c 43 73 6E 09 A2 3A 9D FI 24 El CE A7 Q sn . : . $. .
030C 0318 AD 49 3D B7 23 B5 36 28 43 6D 2F BC I - $ 6 (C /
ODOCOD24 93 C8 CS 4B 57 87 E2 96 71 48 46 E3 KW cH F
03000330 6B 4F 41 1? AE 2k 2B 42 57 CC 09 43 VO A 4-BV C
0 3 0C 0 33 C DD 62 FB 9C E4A4 C2 6C 98 6B 0B 71 b . . 1 k.q 5
E n cry p tio n / d e c ry p tio n w ith RC2 1:1 C:227 ?227 03000348 96 $8 78 57 4BA6 E6 B7 99 94 38 7A . . xVK. .82
03000354 BE A9 7A CE 2B81 58 50 A0 94 8C F4 . . r + .X P . . .
03 0C 0 36 C DA E6 8B DA 57SA IB B2 88 EC 78 A1 . . . VZ. x
http://www.cryptool.org 0300036C 2k 97 BA Da D6 B2 62 24 4F 40 49 FC b*09I
00000076 F3 30 02 6F SB 03 3D 77 B9 76 41 4E 0 . _ [ . . vAH
00000384 96 OA 72 31 U C7 30 6A BB F8 E-J 08 . . r . : .0 j...
00000390 C8 00 FO 8B EA B9 84 C8 BE 2A FB 9D ..................... *.
0 3 0C 0 39 C 63 IE' 3C 91 B9 bE DD SD ID F8 C3 DF k -< n . ]...
n n n n n ru p F3 P4 1 7 9 IF 1? nn pn 9 r ^ J
- C r y p ta n a ly s is T o o l: C ry p T o o l
1 il
S o u rce : h t t p : / / w w w . c r y p t o o l . o r R
The CrypTool project develops e-learning programs in the area of cryptography and
cryptanalysis. It consists of four different subprojects: They are (CT1, CT2, JCT. CTO) related to
the CrypTool software in various facets for different purposes.
9 CrypTool 1 (CT1) was the first version of CrypTool. It was released in 1998 and allows to
experiment with different cryptographic algorithms. CT 1 has two successors.
9 CrypTool 2 (CT2) supports visual programming and execution of cascades of
cryptographic procedures.
9 JC ry p T o o l (JCT) w h i c h is p l a t f o r m - i n d e p e n d e n t .
9 CrypTool-Online (CTO) was released in spring 2009. This tool allows trying out different
algorithms in a browser/smartphone.
9 Another subproject is the international crypto cipher challenge "IV1TC3," offering
cryptographic riddles of different levels.
C r y p T o o l 1.4.31 B e ta 5 [V S 2 0 1 0 ] - U n n a m e d !
D [B # |rf' U t S y m m e tn c (classic)
0000009C 6B 2D 3C 91 B9 6E DD 5D ID F8 C3 DF k ; ; < n ; i ; .
nnnnnrufi F9 R4 R9 17 39 5n 1R 3R 7? ?9 nr> fin 91 r
mediggo
h t t p : / / c o d e , g o o g le , c o m
EverCrack SubCyphe
h ttp ://e v e r c ra c k .s o u r c e fo r g e .n e t . . - - J h t t po ::////ww w w
w . .eesscc le p iu s llc . c o m
C r y p ta n a ly s is T o o ls
In a d d i t i o n t o C ry p T o o l, m a n y t o o l s t h a t a l l o w y o u t o p e r f o r m c r y p ta n a ly s is a re
a v a ila b le :
9 C r y p to B e n c h a v a ila b le a t h t t p : / / w w w . a d d a r i o . o r g
9 JC ry p T o o l a v a ila b le a t h t t p : / / w w w . c r y p t o o l . o r g
9 Ganzua a v a ila b le a t h t t p : / / g a n z u a . s o u r c e f o r g e . n e t
9 C ra n k a v a ila b le a t h t t p : / / c r a n k . s o u r c e f o r g e . n e t
9 Ev e rC rack a v a ila b le a t h t t p : / / e v e r c r a c k . s o u r c e f o r g e . n e t
9 A lp h a P e e le r a v a ila b le a t h t t p : / / a l p h a p e e l e r . s o u r c e f o r g e . n e t
9 D r a ft C r y p t o A n a ly z e r a v a ila b le a t h t t p : / / w w w . l i t e r a t e c o d e . c o m
9 M e d ig g o a v a ila b le a t h t t p : / / c o d e . g o o g l e . c o m
9 S u b C y p h e r a v a ila b le a t h t t p : / / w w w . e s c l e p i u s l l c . c o m
O n l i n e M D 5 D e c r y p t i o n T o o ls C E H
MD5Cracker
h ttp ://m d 5 c ra c k .com
MD5Decrypter.co.uk
h ttp ://w w w .m d 5 d e c ry p te r.c o .u k
MD5Decrypter
h ttp ://w w w .m d 5 d e c ry p te r.c o m
!I Crypt and Decrypt Online
Tool Conversion
h ttp ://m y e a s y w w w .a p p s p o t.c o m
N|p|
rW Jn
O n lin e M D 5 D e c r y p tio n T o o ls
O n lin e M D 5 d e c r y p t i o n t o o l s a l l o w y o u t o re a d t h e e n c r y p t e d m essages in c le a r t e x t .
All y o u n e e d t o d o is s u m b i t th e M D 5 hash o f t h e m e s s a g e t h a t y o u w a n t t o rea d t o an o n l i n e
M D 5 d e c r y p t o r . It d e c r y p ts t h e M D 5 hash v a lu e a n d s im p ly g ive s y o u t h e o r ig in a l m essa ge t h a t
has b e e n e n c r y p t e d . T h e s e t o o l s e l i m in a t e t h e n e e d f o r in s t a llin g M D 5 d e c r y p t o r s . M a n y o n l i n e
M D 5 d e c r y p t i o n t o o l s a re r e a d ily a v a ila b le :
9 M D 5 D e c r y p t a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t . o r g
9 M D 5 C r a c k e r a v a ila b le a t h t t p : / / m d 5 c r a c k . c o m
9 M D 5 Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . t m t o . o r g
9 Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . h a s h - c r a c k e r . c o m
Q IV ID 5 D e c rv p te r a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o m
9 O n lie H a s h C r a c k .c o m a v a ila b le a t h t t p : / / w w w . o n l i n e h a s h c r a c k . c o m
Q M D 5 D e c r y p t e r . c o . u k a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o . u k
e M d 5 . M y - A d d r . c o m a v a ila b le a t h t t p : / / m d 5 . m y - a d d r . c o m
c m d 5 . o r g a v a ila b le a t h t t p : / / w w w . c m d 5 . o r g
C r y p t a n d D e c r y p t O n lin e T o o l C o n v e r s io n a v a ila b le a t h t t p : / / m y e a s y w w w . a p p s p o t . c o m
M o d u le S u m m a ry
9 C r y p t o g r a p h y is t h e c o n v e r s io n o f d a ta i n t o a s c r a m b le d c o d e t h a t is d e c r y p t e d a nd s e n t
across a p r i v a t e o r p u b lic n e t w o r k .
9 RSA e n c r y p t i o n is w i d e l y used a n d is a d e - f a c t o e n c r y p t i o n s ta n d a r d .
9 T he SH A a l g o r i t h m ta k e s a m e ssa g e o f a r b i t r a r y le n g t h as i n p u t a n d o u t p u t s a 1 6 0 - b i t
m e s s a g e d ig e s t o f t h e in p u t .