Basics of Cryptography

[Nytro]

Hi, this is a guide about the basics of encryption and all that stuff.

I am not an expert in this, I don't know much and as I said, this is only a basic introduction to cryptology in general.

First, we need to define what's cryptology and what cryptography.

Cryptology is the study of cryptography.

Cryptography is the process/skill of encrypting /decrypting ciphers. They are not the same thing.

Easy enough. But it's way more complicated than it sounds. There are over 10k encryption methods, each of them different and unique. Some are obsolete, some are damn hard to crack, some are irreversable.

As time passes and the decrypters' brain evolves, day by day encryptions are becoming obsolete. But then again, at the same time, the encrypters' brain evolves as well. Stupid example, I know.

I'm sure you've heard of md5 (Message Digest algorithm 5, will explain about it later), some consider it uncrackable, irreversable etc. An algorithm created for encrypting sensitive data, such as passwords in a database.

Slowly, more and more weaknesses are found in md5 and it's becoming obsolete, so experts started recommending SHA1. (it's slower, and personally I wouldn't recommend it. But, I'm not an expert, what can I say)

Enough about md5, let's get back to cryptography in general.

Cipher(Cypher) is an algorithm for performing encryption.

Encryption has had a major role in history.

Key components of an encryption are plaintext (your word, call it whatever you like) and a key (password) that are put through a reversable process named algorithm. The result is ciphertext, which is usually a string which makes no sense whatsoever.

There are two methods of cryptography, transposition and substitution. Transposition is where numbers, letters and characters are the same but with different positions. Substitution is where they're replaced with new ones.

There are two main types of cryptography, asymmetric and symmetric (also known as public and private keys). I'll explain about those later.

All encryption is about, is security. To know if your encryption system is secure, you need to know the vulnerabilities and holes of the previous encryption systems.

Encryption systems can be insecure in several ways. One of them being your algorithm being too simple, or the most common weakness in cryptosystems, limited number of possible keys. An attacker can crack it by trying every possible combination there is. Such an attack is known as brute-force.

-=[Attack types]=-

1. Bruteforcing: Probably the simpliest way, where the attacker guesses every possible combination till he gets a plaintext result, assuming that the attacker has the key and sufficient resources.

2. Rainbow Table: I don't know much about this. It's the fastest method to use, but it takes some time to create the table and sort it. Rainbow table attack is something like bruteforcing, but in this case, we trade memory for speed. Would compare it with process forking (uhm, don't judge me).

3. Dictionary Attack: All you need is a wordlist with common passwords. This is why I do not recommend using common words as passwords, it's easy to crack. Basically, every word on the wordlist is encrypted till you get a matching hash.

-=[The difference between encrypting, encoding and hashes]=-

1. Encryption: The most common of all. Simple, a plaintext and a key are put through an algorithm to produce a ciphertext. Encryptions are reversable, everyone with the ciphertext, key and algorithm can produce the plaintext.

Encrypting a plaintext with a different key will result in a different ciphertext, as well as encrypting different messages will result in different ciphertext.

2. Encoding: Almost the same as encryption, except that the key is missing. A plaintext is put through an algorithm, and you get a ciphertext. It's the least used of all three. The key is the MOST important thing.

This is not used for security. An example would be mp3 encoding. Your mp3 player decodes the bits and produces the appropriate sound.

3. Hashes: The most complicated of all. Due to the fact that hashes are of a finite size and there is an infinite number of strings you could input into the algorithm there are an infinite number of strings that could produce the same hash. There is not only one possible result and different plaintexts can and will produce the same result, these are called 'collisions'. Hashes are irreversable, with or without the algorithm, there is no way to reverse it. For example, passwords in vBulletin are encrypted in md5. How does the forum know that it's the true password then? It doesn't. As soon as you enter it, it's encrypted in md5, and the forum reads the md5, not the plaintext. As I said, every plaintext will result in it's own hash. When you enter the password, it compares the md5 hash to the one stored in the database. It doesn't have to be the same password as you're using, as long as the ciphertext matches (read above, collision).

-=[Examples]=-

All ciphertexts are encryptions, encodings or hashes of the word uNkn0wn.

1. MD5: There's a whole paragraph on MD5 later in this article.

5b65e9d92c14d3ca940c7c57db1c19d0 - uNkn0wn

dd0896ca696f7d2d50b94aeb1c896a1f - unkn0wn.(case sensitive)

2. Base64: I don't know how to explain it. Base64 is just an encoding algorithm, not an encryption algorithm, it's main use is to send binaries via email and usenet, it turns crazy ASCII codes that you have in binaries into normal text, so it's in a form that can be transmitted via email. Don't expect it to provide any form of security.

dU5rbjB3bg== - uNkn0wn.

3. Binary: Made of 1s and 0s in groups of eight.

01110101 01001110 01101011 01101110 00110000 01110111 01101110 - uNkn0wn.

4. Hex: Letters A-Z and numbers 0-9 together. This is not an encryption. Not going to talk about it.

75 4e 6b 6e 30 77 6e 65 64 - uNkn0wn (this is the web way of hex, the "correct" would be 0x75 0x4e 0x6e etc)

5. ROT13: Rotates 13 letters backwards.

haxa0ja - uNkn0wn.

6. DES: Data Encryption Standard. Kinda insecure now a days. 56-bit values based on Data Encryption Algorithm.

CRJ4GGqMoYx1w - uNkn0wn.

7. SHA1: Sort of like MD5, just with a 160-bit value.

45E252668E0B735E697B1DC21139EE6A3C9CB391 - uNkn0wn.

FD11CE37EDC92D41D990AE666EAC00F1EAE8AD7C - unkn0wn. (case sensitive)

8. WHIRLPOOL: Cryptographic hash function that given a message less than 2256 bits in length, it returns a 512-bit message digest represented as 128-digit hexadecimal numbers. Like SHA and MD5, a single character change in the plaintext will result in a completely different cipher.

202DD91B4F1FE7F42388371F91CEE6180B3A1111ACD1167B296CADF3F016D759

8BD93A6211666EDD577F9CF9F25D473215A7E6D69CA7D53EC1ADCB1BF65E3800 - uNkn0wn (it's long)

That would be enough encryptions/encodings/hashes for now.

-=[MD5 - Message Digest Algorithm 5]=-

The famous MD5, widely used. Most people consider it irreversable, but no encryption method is irreversable.

Well, sorta. Once you encrypt something in md5 you can't get it back the same way you encrypted it. Attack types explained above.

MD5 hashes are used for encrypting sensitive data, as well as a digital signature. If anything is changed, including case, the whole hash twists.

The only known way to crack an MD5, is collision (read bruteforcing and dictionary attacks) where a number of possible passwords are encrypted and compared with the MD5 hash being cracked.

A MD5 hash will always be 32 characters in length (128-bit value) and only consists of the characters (charset) a-f and 0-9 (hex).

When bruteforcing an MD5 hash, we need to define a charset and possible length which we believe the plaintext would be. But keep in mind that using a wordlist is much faster than bruteforcing since there is a set number of hashes possible. The larger the wordlist is, the higher the chance of cracking the hash is, but it will also take longer.

For a more successful attack, you can try capitalizing the words, reversing order, adding chars etc etc.

MD5 is becoming easier and easier to crack, which means that a new, more secure method of encryption would be needed.

A salt is made up of random bits that are used as inputs to a KDF. Think of it like this, if a user's key is stolen and he is known to have a pass of an english word. Because of the salt, pre-calculated hashes have no value. So this increases the amount of hashes that have to be computed from 200,000 to 800 trillion.

Salt should always be applied, no matter the security of the algorithm.

Any md5 hash is vulnerable to BF/Rainbow tables unless the hash incorporates a salt, (MySQL MD5 encryption does not use salts which really makes it easy to crack)

If someone was to gain access to the database ..

Average timetables for BF attacks on MD5 would be something like this

Note: the 1,8 means testing all possible passwords 1-8 chars in length.. (if the forum requires say 4 letters min then they would do 4-8 cutting the time in basically half)

8 Chars

[a-zA-Z0-9]{1,8} ... about 497 days

[a-z0-9]{1,8} ...... about 6 days

[a-zA-Z]{1,8} ...... about 6 days

[A-Z0-9]{1,8} ...... about 6 days

-=[symetric/Asymmetric Keys]=-

One of the main components of an encryption is the key.

In all cases, we must assume that the attacker has the cryptographic algorithm and the ciphertext. It's just a matter of time before he cracks it.

In order to prevent him from getting the plaintext, we use keys.

How does this work, well...keys are simply just small pieces of data, metadata even, that will keep the information safe.

In other words, this is just a password.

Anyone with the key and the algorithm can get the plaintext. There's public and private keys, symetric and asymmetric.

I'll explain the difference in short, when our algorithm uses one key for both encryption and decryption, then we got a symetric key. When we have an encryption which uses a different key for encrypting and a different key for decrypting, this is asymmetric.

Let's see how it would look in the "real" world.

User A encrypts a message using a public key. Message is sent to user B in an encrypted form. User B has the private key, only he can decrypt it. Everyone can encrypt using the public key, only you can decrypt it using the private key.

In some cases, you will need to fetch the private key from your targets. This is the part where social engineering comes in handy.

Another example would be a mailbox. Everyone can leave a letter, only you can unlock the mailbox and read it.

There's plenty of keys used around, one of the most used being RSA which includes both public and private key.

Keys should be random nonsense for security. Usually KDF (key derivation function) is used in this case which adds a salt and compresses the key to a fixed length.

This is used for digital signatures as well.

Conclusion tip: Never use a password which can be found in the dictionary. Thank you.

I hope you enjoyed this article, even though I doubt it.

It's for educational purposes.

Please let me know if you see any grammatical errors.

Or, let me know if I missed punctuation somewhere.

~FxM

[begood]

completari pentru hashuri :

Reversing Cryptographic hash

[Tutorial] Hash functions: MD5, SHA etc.