Basic presentation of cryptography mechanisms
•
0 recomendaciones•17 vistas
This document summarizes Marian Marinov's presentation on cryptography. It discusses password cracking using John the Ripper, analyzing languages using frequency analysis to crack codes like the Enigma machine. It also covers chosen plaintext/ciphertext attacks, known plaintext attacks, and how these were used to crack protocols like SSL. Common attacks on SSL like BEAST, CRIME, and POODLE are outlined. Finally, cracking WiFi passwords using tools like Aircrack-ng is briefly discussed.
Recomendados
Más contenido relacionado
Similar a Basic presentation of cryptography mechanisms
Similar a Basic presentation of cryptography mechanisms (20)
Más de Marian Marinov
Más de Marian Marinov (20)
Último
Último (20)
Basic presentation of cryptography mechanisms
- 2. Who am I? ➢ Director of Engineering at Web Hosting Canada ➢ Previously partner and Head of DevOps at SiteGround ➢ A SysAdmin and System Architect ➢ A hacker at heart
- 3. We will be talking ➢ passwd ➢ Enigma ➢ Password cracking ➢ Abusing cryptography
- 4. passwd root:x:0:1:System Operator:/:/bin/ksh daemon:x:1:1::/tmp: rachel:x:181:100:Rachel Cohen:/u/rachel:/bin/ksh arlin:x.:182:100:Arlin Steinberg:/u/arlin:/bin/csh Fields: username x uid gid GECOS
- 5. passwd root:x:0:1:System Operator:/:/bin/ksh Fields: username - account username x - password uid - user ID gid - group ID GECOS - Real name and additional info home - home folder shell - system shell for this account
- 6. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh clear text password
- 7. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh root:aagvpfwLMsDfE:0:1:System Operator:/:/bin/ksh hashed password (using crypt(3))
- 8. passwd /etc/passwd root:x:0:1:System Operator:/:/bin/ksh root:myVerySecurePassword:0:1:System Operator:/:/bin/ksh root:aagvpfwLMsDfE:0:1:System Operator:/:/bin/ksh perl -e ‘printf “%sn”, crypt(“myVerySecurePassword”,”aa”)’ aagvpfwLMsDfE
- 9. passwd - cracking hackman@possum:~/john-1.9.0/run$ cat pass2 00xQPHYlVDIw6 hackman@possum:~/john-1.9.0/run$ ./john pass2 Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status password (?) 1g 0:00:00:00 100% 2/3 33.33g/s 8533p/s 8533c/s 8533C/s 123456..horses Use the "--show" option to display all of the cracked passwords reliably Session completed
- 10. passwd - cracking hackman@possum:~/john-1.9.0/run$ cat pass2 00xQPHYlVDIw6 hackman@possum:~/john-1.9.0/run$ ./john pass2 Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status password (?) 1g 0:00:00:00 100% 2/3 33.33g/s 8533p/s 8533c/s 8533C/s 123456..horses Use the "--show" option to display all of the cracked passwords reliably Session completed
- 11. passwd - cracking hackman@possum:~/john-1.9.0/run$ tail -n3 password.lst notused sss myVerySecurePassword hackman@possum:~/john-1.9.0/run$ ./john pass Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2]) Press 'q' or Ctrl-C to abort, almost any other key for status myVerySe (?) 1g 0:00:00:00 100% 2/3 50.00g/s 179200p/s 179200c/s 179200C/s snowski..internet Use the "--show" option to display all of the cracked passwords reliably Session completed
- 12. John the Ripper $ ./john John the Ripper password cracker, version 1.9.0 Copyright (c) 1996-2019 by Solar Designer Homepage: http://www.openwall.com/john/
- 14. shadow /etc/shadow root:x:0:1:System Operator:/:/bin/ksh root:$5$k3hX$s3yjzLfMKt2zgiMbJk.:18151:0:99999:7::: $5$ - hash function used k3hX$ - salt s3yjzLf... - hashed password
- 15. Movies to watch
- 16. The Enigma How did the Enigma Machine work?
- 18. Language Frequency Analysis LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEMVEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIM WQLMGLMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITREWHEXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJ GSTVRIEYVIEXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQIVIXQSVSTWHKPEGARCSXRWIEVSWIIBXV IZMXFSJXLIKEGAEWHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVIIBGIIHMWYPFLEVHEWHYPSRRFQMXLE PPXLIECCIEVEWGISJKTVWMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQEROIVFVIZEVAEKPIEWHXEAMWYEPP XLMWYRMWXSGSWRMHIVEXMSWMGSTPHLEVHPFKPEZINTCMXIVJSVLMRSCMWMSWVIRCIGXMWYMX I is the most common letter in the ciphertext, ergo I~e XL is the most common bigram in the ciphertext, ergo XL ~ th I~e E~a X~t L~h th - the most common bigram the - the most common trigram Wikipedia: Frequency Analysis
- 20. Language Frequency Analysis hereTCSWPeYraWHarSseQithaYraOeaWHstatePFairaWHKrSTYhtmetheKeetPeJrSmaYPassGasei WQhiGhitQaseWGPSseHitQasaKeaTtiJTPsGaraKaeTsaWHatthattimeTWAWSQWtSWatTraPistsSJ GSTrseaYreatCriUeiWasGieWtiJiGCSiWtSJOieQthereQeretQSrSTWHKPaGAsCStsWearSWeeBtr emitFSJtheKaGAaWHaPSWYSWeWeartheStherthesGaPesQereeBGeeHiWYPFharHaWHYPSssFQitha PPtheaCCearaWGeSJKTrWisheHYSPHtheQeiYhtSJtheiWseGtQasOerFremarAaKPeaWHtaAiWYaPP thiWYsiWtSGSWsiHeratiSWiGSTPHharHPFKPameNTCiterJSrhisSCiWiSWresCeGtiWYit hereuponlegrandarosewithagraveandstatelyairandbroughtmethebeetlefromaglasscasei nwhichitwasencloseditwasabeautifulscarabaeusandatthattimeunknowntonaturalistsof courseagreatprizeinascientificpointofviewthereweretworoundblackspotsnearoneextr emityofthebackandalongoneneartheotherthescaleswereexceedinglyhardandglossywitha lltheappearanceofburnishedgoldtheweightoftheinsectwasveryremarkableandtakingall thingsintoconsiderationicouldhardlyblamejupiterforhisopinionrespectingit Hereupon Legrand arose, with a grave and stately air, and brought me the beetle from a glass case in which it was enclosed. It was a beautiful scarabaeus, and, at that time, unknown to naturalists—of course a great prize in a scientific point of view. There were two round black spots near one extremity of the back, and a long one near the other. The scales were exceedingly hard and glossy, with all the appearance of burnished gold. The weight of the insect was very
- 21. Chosen plaintext ➢ Attacker sends a predefined plaintext ➢ Victim sends back encrypted message ➢ Essentially every crypto handshake Wikipedia: Chosen plaintext attack
- 22. Chosen ciphertext Wikipedia: Chosen ciphertext attack ➢ The attacker selects the ciphertext ➢ Sends it to the victim ➢ Victim returns the corresponding plaintext or some part of it ➢ Adaptive? ➢ if the attacker can chose the ciphertext based on previous outcomes
- 23. Known plaintext ➢ Attacker has access to the plain text ➢ Attacker has access to the original or parts of the original ciphertext
- 24. Known plaintext ➢ Attacker has access to the plain text ➢ Attacker has access to the original or parts of the original ciphertext ➢ AND THIS IS HOW Enigma got cracked Wikipedia: Known plaintext attack
- 25. Enigma - cracking Wetterbericht -> weather report
- 26. SSL Attacks Block cipher mode of operation
- 27. SSL Attacks 1998 Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 2014 Bleichenbacher SSL ➢ SSL/TLS uses public key cryptography ➢ public key ➢ private key ➢ You always have the public key ➢ You can execute chosen cihpertext attacks ➢ You have an oracle to work with (web servers)
- 28. SSL Attack ➢ BEAST 2011 ➢ an attacker observing 2 consecutive ciphertext blocks C0, C1 can test if the plaintext block P1 is equal to x by choosing the next plaintext block P2 = x C0 C1; as per CBC ⊕ ⊕ operation ➢ CRIME 2012 ➢ chosen plaintext attack where the attacker observes the size of the message, when chosen plaintext controlled by attacker is provided ➢ BREACH 2013 ➢ POODLE 2014
- 29. SSL Attack ➢ BEAST 2011 ➢ CRIME 2012 ➢ BREACH 2013 ➢ similar to CRIME but uses the well defined structure of gzip or deflate compression algorithms ➢ POODLE 2014 ➢ injecting data in the HTTP response’s padding
- 30. Cracking WiFi ➢ Start by identifying the Wifi network ➢ if hidden, use Kismet to find it ➢ Use aircrack-ng to capture the Wifi traffic ➢ Use aircrack-ng to crack the password ➢ You would need a good dictionary to be successful Aircrack-ng - cracking WPA
- 31. Books