Basic presentation of cryptography mechanisms
•
0 gostou•16 visualizações
A brief introduction to cryptography and some methods of attacks against encrypted protocols.
Recomendados
Recomendados
Mais conteúdo relacionado
Semelhante a Basic presentation of cryptography mechanisms
Semelhante a Basic presentation of cryptography mechanisms (20)
Mais de Marian Marinov
Mais de Marian Marinov (20)
Último
Último (20)
Basic presentation of cryptography mechanisms
- 2. Who am I? ➢ Director of Engineering at Web Hosting Canada ➢ Previously partner and Head of DevOps at SiteGround ➢ A SysAdmin and System Architect ➢ A hacker at heart
- 3. We will be talking ➢ passwd ➢ Enigma ➢ Password cracking ➢ Abusing cryptography
- 4. passwd root:x:0:1:System Operator:/:/bin/ksh daemon:x:1:1::/tmp: rachel:x:181:100:Rachel Cohen:/u/rachel:/bin/ksh arlin:x.:182:100:Arlin Steinberg:/u/arlin:/bin/csh Fields: username x uid gid GECOS
- 5. passwd root:x:0:1:System Operator:/:/bin/ksh Fields: username - account username x - password uid - user ID gid - group ID GECOS - Real name and additional info home - home folder shell - system shell for this account
- 6. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh clear text password
- 7. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh root:aagvpfwLMsDfE:0:1:System Operator:/:/bin/ksh hashed password (using crypt(3))
- 8. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh root:aagvpfwLMsDfE:0:1:System Operator:/:/bin/ksh perl -e ‘printf “%sn”, crypt(“myVerySecurePassword”,”aa”)’ aagvpfwLMsDfE
- 9. passwd - cracking hackman@possum:~/john-1.9.0/run$ cat pass2 00xQPHYlVDIw6 hackman@possum:~/john-1.9.0/run$ ./john pass2 Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status password (?) 1g 0:00:00:00 100% 2/3 33.33g/s 8533p/s 8533c/s 8533C/s 123456..horses Use the "--show" option to display all of the cracked passwords reliably Session completed
- 10. passwd - cracking hackman@possum:~/john-1.9.0/run$ cat pass2 00xQPHYlVDIw6 hackman@possum:~/john-1.9.0/run$ ./john pass2 Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status password (?) 1g 0:00:00:00 100% 2/3 33.33g/s 8533p/s 8533c/s 8533C/s 123456..horses Use the "--show" option to display all of the cracked passwords reliably Session completed
- 11. passwd - cracking hackman@possum:~/john-1.9.0/run$ tail -n3 password.lst notused sss myVerySecurePassword hackman@possum:~/john-1.9.0/run$ ./john pass Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status myVerySe (?) 1g 0:00:00:00 100% 2/3 50.00g/s 179200p/s 179200c/s 179200C/s snowski..internet Use the "--show" option to display all of the cracked passwords reliably Session completed
- 12. John the Ripper $ ./john John the Ripper password cracker, version 1.9.0 Copyright (c) 1996-2019 by Solar Designer Homepage: http://www.openwall.com/john/
- 14. shadow /etc/shadow root:x:0:1:System Operator:/:/bin/ksh root:$5$k3hX$s3yjzLfMKt2zgiMbJk.:18151:0:99999:7::: $5$ - hash function used k3hX$ - salt s3yjzLf... - hashed password
- 15. Movies to watch
- 16. The Enigma How did the Enigma Machine work?
- 18. Language Frequency Analysis LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEMVEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIM WQLMGLMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITREWHEXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJ GSTVRIEYVIEXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQIVIXQSVSTWHKPEGARCSXRWIEVSWIIBXV IZMXFSJXLIKEGAEWHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVIIBGIIHMWYPFLEVHEWHYPSRRFQMXLE PPXLIECCIEVEWGISJKTVWMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQEROIVFVIZEVAEKPIEWHXEAMWYEPP XLMWYRMWXSGSWRMHIVEXMSWMGSTPHLEVHPFKPEZINTCMXIVJSVLMRSCMWMSWVIRCIGXMWYMX I is the most common letter in the ciphertext, ergo I~e XL is the most common bigram in the ciphertext, ergo XL ~ th I~e E~a X~t L~h th - the most common bigram the - the most common trigram Wikipedia: Frequency Analysis
- 20. Language Frequency Analysis hereTCSWPeYraWHarSseQithaYraOeaWHstatePFairaWHKrSTYhtmetheKeetPeJrSmaYPassGasei WQhiGhitQaseWGPSseHitQasaKeaTtiJTPsGaraKaeTsaWHatthattimeTWAWSQWtSWatTraPistsSJ GSTrseaYreatCriUeiWasGieWtiJiGCSiWtSJOieQthereQeretQSrSTWHKPaGAsCStsWearSWeeBtr emitFSJtheKaGAaWHaPSWYSWeWeartheStherthesGaPesQereeBGeeHiWYPFharHaWHYPSssFQitha PPtheaCCearaWGeSJKTrWisheHYSPHtheQeiYhtSJtheiWseGtQasOerFremarAaKPeaWHtaAiWYaPP thiWYsiWtSGSWsiHeratiSWiGSTPHharHPFKPameNTCiterJSrhisSCiWiSWresCeGtiWYit hereuponlegrandarosewithagraveandstatelyairandbroughtmethebeetlefromaglasscasei nwhichitwasencloseditwasabeautifulscarabaeusandatthattimeunknowntonaturalistsof courseagreatprizeinascientificpointofviewthereweretworoundblackspotsnearoneextr emityofthebackandalongoneneartheotherthescaleswereexceedinglyhardandglossywitha lltheappearanceofburnishedgoldtheweightoftheinsectwasveryremarkableandtakingall thingsintoconsiderationicouldhardlyblamejupiterforhisopinionrespectingit Hereupon Legrand arose, with a grave and stately air, and brought me the beetle from a glass case in which it was enclosed. It was a beautiful scarabaeus, and, at that time, unknown to naturalists—of course a great prize in a scientific point of view. There were two round black spots near one extremity of the back, and a long one near the other. The scales were exceedingly hard and glossy, with all the appearance of burnished gold. The weight of the insect was very
- 21. Chosen plaintext ➢ Attacker sends a predefined plaintext ➢ Victim sends back encrypted message ➢ Essentially every crypto handshake Wikipedia: Chosen plaintext attack
- 22. Chosen ciphertext Wikipedia: Chosen ciphertext attack ➢ The attacker selects the ciphertext ➢ Sends it to the victim ➢ Victim returns the corresponding plaintext or some part of it ➢ Adaptive? ➢ if the attacker can chose the ciphertext based on previous outcomes
- 23. Known plaintext ➢ Attacker has access to the plain text ➢ Attacker has access to the original or parts of the original ciphertext
- 24. Known plaintext ➢ Attacker has access to the plain text ➢ Attacker has access to the original or parts of the original ciphertext ➢ AND THIS IS HOW Enigma got cracked Wikipedia: Known plaintext attack
- 25. Enigma - cracking Wetterbericht -> weather report
- 26. SSL Attacks Block cipher mode of operation
- 27. SSL Attacks 1998 Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 2014 Bleichenbacher SSL ➢ SSL/TLS uses public key cryptography ➢ public key ➢ private key ➢ You always have the public key ➢ You can execute chosen cihpertext attacks ➢ You have an oracle to work with (web servers)
- 28. SSL Attack ➢ BEAST 2011 ➢ an attacker observing 2 consecutive ciphertext blocks C0, C1 can test if the plaintext block P1 is equal to x by choosing the next plaintext block P2 = x C0 C1; as per CBC ⊕ ⊕ operation ➢ CRIME 2012 ➢ chosen plaintext attack where the attacker observes the size of the message, when chosen plaintext controlled by attacker is provided ➢ BREACH 2013 ➢ POODLE 2014
- 29. SSL Attack ➢ BEAST 2011 ➢ CRIME 2012 ➢ BREACH 2013 ➢ similar to CRIME but uses the well defined structure of gzip or deflate compression algorithms ➢ POODLE 2014 ➢ injecting data in the HTTP response’s padding
- 30. Cracking WiFi ➢ Start by identifying the Wifi network ➢ if hidden, use Kismet to find it ➢ Use aircrack-ng to capture the Wifi traffic ➢ Use aircrack-ng to crack the password ➢ You would need a good dictionary to be successful Aircrack-ng - cracking WPA
- 31. Books