Scribd Logo
Upload

Welcome to Scribd!

  • Project 3: Crypto - All Things Cryptography CS6035: Prof. Wenke Lee

    Uploaded by

    Onehappy Fellow
    10 views4 pages

    Original Title

    40502524

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views4 pages

    Project 3: Crypto - All Things Cryptography CS6035: Prof. Wenke Lee

    Uploaded by

    Onehappy Fellow

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    gcotton6

    Project 3: Crypto – All Things Cryptography


    CS6035: Prof. Wenke Lee
    Gene Cotton
    gcotton6

    1
    gcotton6

    Task 2:

    Is the hash of the salted password still vulnerable? Why or why not?

    The hash of the salted password is still vulnerable because passwords should be long enough
    that searching through all possible character strings to find it would take forever. There is no
    way to prevent brute force attacks. They can be made less practical, but there isn't a way to
    stop them altogether. If your password hashing scheme is secure, the only way to crack the
    hashes will be to try a dictionary or brute-force attack for every hash.

    What steps could be taken to enhance security in this situation?

    One method would be to use a longer Salt. If the salt is too short, an attacker can develop a
    lookup table for every possible salt. Another solution would be to implement
    alphanumeric 8-character password. Using an alphanumeric 8-character password would take a
    hacker many years to try a brute force attack. This is due to the hundred-trillions of
    combinations if would take to crack. Password complexity is highly recommended. The more
    complex of the password then the longer it takes to hack.

    Task 3:

    What steps did you follow to get the private key?

    First, we must identify what p, q and e are. Once we have p, q and e. We know that p & q are
    prime so subtract one from there. Then we implement the modular inverse of the public key
    and phi of n. From here we also had to be mindful that Hex doesn't do floats. So, we had to
    account for that as well. In the RSA algorithm, encrypting and decrypting a message is done
    using a pair of numbers that are multiplicative inverses that are known to have a unique
    modulus. One of these keys is created public and can be used in a speedy encryption process,
    while the other, used in the decryption procedure, is kept silent.

    Task 4:

    What makes the key generated in this situation vulnerable?


    We knew the associated encrypted messages and the three different public keys.

    What steps did you follow to get the private key?

    2
    gcotton6

    First, we need to understand what GCD (Greatest Common Divisor) meant. From there we
    found the GCD of the two different public keys. Then we multiplied the public keys by two
    primes. Then we determined two people shared a key that have the common GCD. If a hacker
    can spot two distinct RSA moduli N1 and N2 that share a prime factor p but have a unique
    second prime factors q1 and q2, then the hacker can quickly factor both moduli by processing
    their GCD, p, and dividing to find q1 and q2. The hacker can then determine both private keys
    as explained above

    Task 5:

    How does this attack work?

    When a low encryption exponent such as e=3 is selected and if M < N1/3. The Ciphertext C =
    Me mod N because M < N1/3 mod N has no effect. C = Me = M3 M = 3√C (cube root of
    Ciphertext will provide the message).

    What steps did you follow to recover the message?

    Multiple two mod tools, then multiply the encrypted message, multiplied by X, is congruent to
    encrypted message mod tool. X is different for each public tool. Add all those up to make up
    the Chinese Remainder Theorem. This theorem was used to help reverse engineer the message.
    In addition, we used Chinese Remainder Theorem as it helps separate the equation to calculate
    two values whose equations have smaller moduli and exponent value, which helps reduce
    computing time.

    3
    gcotton6

    References:

    • Python pow(). (n.d.). Retrieved from https://www.programiz.com/python-


    programming/methods/built-in/pow

    • Pollard's rho algorithm. (2019, March 23). Retrieved from


    https://en.wikipedia.org/wiki/Pollard's_rho_algorithm

    • (n.d.). Modular multiplicative inverse function in Python. Retrieved from


    https://stackoverflow.com/questions/4798654/modular-multiplicative-inverse-
    function-in-python

    • (n.d.). Retrieved from https://factorable.net/weakkeys12.extended. pdf

    • Chinese remainder theorem. (n.d.). Retrieved from


    https://rosettacode.org/wiki/Chinese_remainder_theorem#Python

    • Govind22. (n.d.). Govind22/Broadcasting---Low-Exponent-RSA-Attack. Retrieved from


    https://github.com/govind22/Broadcasting---Low-Exponent-RSA-
    Attack/blob/master/README.md

    You might also like