Skip to main content

What is Cryptography? The Use Of Cryptography In Hacking.

Introduction to Cryptography:-

Cryptography is the science of protecting secrets. As a result, it’s designed to make it impossible for an unauthorized party (like a hacker) to gain access to the protected data. While early encryption algorithms had significant flaws and were easily broken, the state of the art in encryption has gotten a lot better.

That being said, cryptography can be broken under the right circumstances. The first step in breaking cryptography is identifying the cryptographic algorithm in use. Cryptography is the art of converting text into another form for secret transmission and reception. It works by converting plain text into cipher text using some encryption algorithm at the sender’s side and converting ciphertext into plain text at the receiver’s. Cryptography is used to provide confidentiality, integrity, authenticity and non-repudiation.

With this information in hand, it’s time to start looking for an exploitable vulnerability. This can be accomplished in a number of ways including:
  • Manual reverse-engineering
  • Keyword searches for algorithm names
  • Analysis of an executable’s dependencies
  • Ciphertext analysis (e.g., observing block lengths)

Key terms:-
Plain text: Message to be encrypted
Ciphertext: Encrypted message
Encryption: Process of converting plain text into cipher text.
Decryption: Process of converting ciphertext into plain text.
Algorithm: The method used to encrypt/decrypt the plain text.
Key: The data used for encrypting/decrypting.


Symmetric cryptography:- Here one single key is used for encryption and same key is used for decryption. DES and AES are examples of symmetric key cryptography. Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process. This encryption method differs from asymmetric encryption where a pair of keys, one public and one private, is used to encrypt and decrypt messages.

By using symmetric encryption algorithms, data is converted to a form that cannot be understood by anyone who does not possess the secret key to decrypt it. Once the intended recipient who possesses the key has the message, the algorithm reverses its action so that the message is returned to its original and understandable form. The secret key that the sender and recipient both use could be a specific password/code or it can be random string of letters or numbers that have been generated by a secure random number generator (RNG). For banking-grade encryption, the symmetric keys must be created using an RNG that is certified according to industry standards, such as FIPS 140-2.

Asymmetric cryptography/Public key cryptography:- Here two keys are used, Public key is used for encryption and Private key is used for decryption; e.g. RSA. Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use. A public key is a cryptographic key that can be used by any person to encrypt a message so that it can only be deciphered by the intended recipient with their private key. A private key -- also known as a secret key -- is shared only with key's initiator.     

When someone wants to send an encrypted message, they can pull the intended recipient's public key from a public directory and use it to encrypt the message before sending it. The recipient of the message can then decrypt the message using their related private key. On the other hand, if the sender encrypts the message using their private key, then the message can be decrypted only using that sender's public key, thus authenticating the sender. These encryption and decryption processes happen automatically; users do not need to physically lock and unlock the message.


Block Cipher:- The input plain text is broken into fixed size blocks and they are encrypted /decrypted as a block; e.g. DES, AES.A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. For example, a common block cipher, AES, encrypts 128 bit blocks with a key of predetermined length: 128, 192, or 256 bits. Block ciphers are pseudorandom permutation (PRP) families that operate on the fixed size block of bits. PRPs are functions that cannot be differentiated from completely random permutations and thus, are considered reliable, until proven unreliable.

Block cipher modes of operation have been developed to eliminate the chance of encrypting identical blocks of text the same way, the ciphertext formed from the previous encrypted block is applied to the next block. A block of bits called an initialization vector (IV) is also used by modes of operation to ensure ciphertexts remain distinct even when the same plaintext message is encrypted a number of times

Stream cipher:- The incoming data is encrypted or decrypted byte by byte; e.g. RC4. stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).

Digital Signatures:- Digital signatures are used to identify the genuinily of the source; the sender signs with his private key, and at the receiver’s end it can be decrypted only with the public key of the sender. This enables the receiver to know who has sent the message. Digital signatures, like handwritten signatures, are unique to each signer. Digital signature solution providers, such as DocuSign, follow a specific protocol, called PKI. PKI requires the provider to use a mathematical algorithm to generate two long numbers, called keys. One key is public, and one key is private.

When a signer electronically signs a document, the signature is created using the signer’s private key, which is always securely kept by the signer. The mathematical algorithm acts like a cipher, creating data matching the signed document, called a hash, and encrypting that data. The resulting encrypted data is the digital signature. The signature is also marked with the time that the document was signed. If the document changes after signing, the digital signature is invalidated.

Hash Algorithms:- Hash algorithms are used to maintain the integrity of the data by finding a definite number for the file and verifying it at the receiver’s end. At the sender’s side, the hash algorithm generates a fixed size number for any-sized file. This number or hash value is sent along with the cipher text to the receiver. At the receiver’s end, the cipher text is first decrypted, and then using hash algorithm a hash value is generated. If the hash value matches with the hash value that came with the cipher text, then the message was not corrupted. If it is different, then we can understand that the message has been intercepted and modified.

There are various hash algorithms, Cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network. Data is encrypted at the source, i.e. sender’s end and decrypted at the destination, i.e. receiver’s end. The initial unencrypted data is referred to as plain text. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.

Algorithm misuse:-

Another common mistake made by developers is misusing algorithms. For example, encryption of traffic between a server and a client should always use asymmetric cryptography. Otherwise, the encryption key is embedded in the client code somewhere. If you think that the code in question is using symmetric encryption for communications, it’s time to go hunting through the executable for that key.

Algorithm misuse also covers a lot of other mistakes. Key reuse can be a significant issue for certain algorithms, so look for a function that generates a shared key between the client and the server. If there isn’t one, the algorithm may be vulnerable to attack. If there is one, it’s possible that a man-in-the-middle attack can allow traffic decryption.

Algorithms can also be misused by failing to properly use certain values. If an encryption algorithm:

  • Hashes a password without a unique salt
  • Uses a non-random or non-unique initialization vector

Then it’s probably vulnerable to attack. Looking up the specific algorithm and how this affects its security can be the key to breaking it.

Stream cipher vulnerabilities:-

Encryption algorithms come in two main flavors: block and stream ciphers. In general, block ciphers are more intuitive and easier to use, but less efficient (since you need to work in set block sizes). As a result, developers occasionally use stream ciphers.

While stream ciphers can definitely be secure, they also have their shortcomings. One potential issue is the fact that stream ciphers perform encryption at the bit level. If the developer isn’t performing integrity checks, a hacker may not be able to read the protected data, but they can modify it without detection.

Weak/broken encryption algorithms:-

Another major issue that exists with stream ciphers (and block ciphers as well) is the use of insecure encryption algorithms. RC4 is probably the stream cipher with the highest name recognition, and that name recognition means that it gets used.

However, those developers using it don’t always know how to use it properly. RC4 has a serious cryptographic weakness where the first bits of its output bitstream are strongly correlated to the secret key. If a developer fails to use RC4 (i.e., discarding these bits) and the attacker can guess the output bitstream (i.e., if they can choose the input to the cipher), they may be able to derive the encryption key or at least enough bits to make it vulnerable to a brute-force attack.

Despite its flaws, RC4 is still considered a usable cipher if it is used correctly. Other encryption algorithms (like DES) are known to be vulnerable. Researching encryption algorithm vulnerabilities may allow a hacker to defeat the cryptography.

 Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption

Some Cryptography tools are as follow:

  • PWGen: Generator Of Cryptographically-Strong Passwords  
  • BeeCrypt: Cryptography Library Toolkit
  • Retter That Can Easily Promote And Develop Cryptography
  • Combination of VPN, Tor And Proxy Chain For More Anonymity

Authentication : The process of proving one’s identity.
> Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
> Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
> Non-repudiation : A mechanism to prove that the sender really sent this message.

The general practices and required minimum key length depending on the scenario listed below.

  • Key exchange: Diffie–Hellman key exchange with minimum 2048 bits
  • Message Integrity: HMAC-SHA2
  • Message Hash: SHA2 256 bits
  • Asymmetric encryption: RSA 2048 bits
  • Symmetric encryption: AES 128 bits
  • Password Hashing: Argon2, PBKDF2, Scrypt, Bcrypt

In general, cryptographic algorithms are classified into three categories as follows:

1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3)Hash Function: Uses a mathematical transformation to irreversibly “encrypt” information.

Secret Key Cryptography :-

With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography algorithms that are in use today include :

1) Data Encryption Standard (DES):- DES is a block cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to “brute force” attacks. Triple-DES (3DES) and DESX are the two important variants that strengthen DES.

2) Advanced Encryption Standard (AES ):- The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

3) International Data Encryption Algorithm (IDEA):- Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.

4) Rivest Ciphers:- Named for Ron Rivest, a series of SKC algorithms.

  • RC1 : Designed on paper but never implemented.
  • RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It’s code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
  • RC3 : Found to be breakable during development.
  • RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
  • RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
  • RC6 :An improvement over RC5, RC6 was one of the AES Round 2 algorithms.

5) Blowfish:- A symmetric 64-bit block cipher invented by Bruce Schneier; optimised for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.

Public-Key Cryptography :-

Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.

In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :

RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman).

The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.

Hash Functions :-

Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered.

Hash algorithms are typically used to provide a digital fingerprint of a file’s contents, often used to ensure that the file has not been altered by an intruder or virus. It is also commonly employed by many operating systems to encrypt passwords and then, provide a measure of the integrity of a file.

Hash algorithms that are in common use include:

1) Message Digest (MD) algorithms:- A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.

MD2 : Designed for systems with limited memory, such as smart cards.
MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.
MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.

One interesting and important aspect of the MD5 hash function is that it is a one-way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.

2) Secure Hash Algorithm (SHA):- Algorithm for NIST’s Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.

3) RIPEMD:- A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimised for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.

4) HAVAL (Hash of Variable Length):- Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.

5) Whirlpool:- A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.

6) Tiger:- Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.

Secure Cryptographic Storage Design:-

  1. All protocols and algorithms for authentication and secure communication should be well vetted by the cryptographic community.
  2. Ensure certificates are properly validated against the hostnames/users ie whom they are meant for.
  3. Avoid using wildcard certificates unless there is a business need for it
  4. Maintain a cryptographic standard to ensure that the developer community knows about the approved ciphersuits for network security protocols, algorithms, permitted use, cryptoperiods and Key Management.

Location: Mumbai, Maharashtra 400051, India

Comments

Post a Comment

Popular posts from this blog

Difference Between a Penetration Test and Vulnerability Assessment - Part 2

  The Difference Between a Penetration Test and Vulnerability Assessment - Part 2 What is the Difference Between a Penetration Test and Vulnerability Assessment? Part 2 of 2 Comparing Penetration Tests and Vulnerability Assessments In part 1 of this post, we focused on the Vulnerability Scans, Vulnerability Assessments, and  Vulnerability Management  in order to differentiate the 3 prior to digging into Penetration Tests. Now, let’s introduce and define Penetration Tests, explain the test itself and goals, then go through the different types of Penetration Tests. What is a Penetration Test? A  Penetration test , or pen test, is the process an ethical hacker conducts on a target and the IT environment to uncover vulnerabilities by exploiting them. The goal is to gain unauthorized access through exploitation which can be used to emulate the intent of a malicious hacker. Penetration test reports may also assess potential impacts on the organization and suggest countermeasures to reduce ri
Post a Comment
Read more

Top 10 In-Demand programming languages to learn in 2022.

This blog will focus on some of the most in-demand programming languages which will be dominant this year, 2022. For almost every subject's like Web Development, Artificial Intelligence, Machine Learning, Data Science, or any other, the most important prerequisite is the ability to program in programming languages. Before choosing a programming language, beginners should carefully consider many factors, including popularity, demand, career opportunities, and applications. JavaScript JavaScript is one the most well-known programming languages, with strong demand and a strong following. JavaScript is used by many well-known IT companies such as Uber, Google, Microsoft, Uber, and Microsoft. Although the language is best known for its ability to add responsive elements to web pages, there are many other uses. The language can be used for both front-end as well as back-end development. Developers find it attractive because of its interoperability with well-known frameworks like Vu
Post a Comment
Read more

Difference Between a Penetration Test and Vulnerability Assessment - Part 1

  The Difference Between a Penetration Test and Vulnerability Assessment - Part 1 What is the Difference Between a Penetration Test and Vulnerability Assessment? Part 1 of 2 Comparing Penetration Tests and Vulnerability Assessments The staff here at SecureOps is consistently asked the purpose and the differences between vulnerability scans, vulnerability assessments and penetration tests – including all the variations of both such as red teaming, capture the flag exercises, bug bounty programs and more. Our goal in this blog post is to work from a high level and explain the general differences between identifying vulnerabilities to a more detailed level and ultimately walk through what the services are from an execution perspective and what benefits they offer an organization in terms of improving security. Let’s start with answering the broad question first and dig deeper from the explanation that we use here at SecureOps. Vulnerability scans search systems for known vulnerabilities u
Post a Comment
Read more