Cryptography Lecture by Sam Bowne

Hands-On Ethical Hacking Hands-On Ethical Hacking and Network Defenseand Network Defense

Chapter 12Chapter 12CryptographyCryptography

Last modified 11-6-08

22

ObjectivesObjectives

Describe the history of cryptographyDescribe the history of cryptography

Describe symmetric and asymmetric Describe symmetric and asymmetric cryptography algorithmscryptography algorithms

Explain public key infrastructure (PKI)Explain public key infrastructure (PKI)

Describe possible attacks on Describe possible attacks on cryptosystemscryptosystems

33

Understanding Cryptography Understanding Cryptography BasicsBasics

Cryptography is the process of converting Cryptography is the process of converting plaintext into ciphertextplaintext into ciphertext– Plaintext: readable text (also called cleartext)Plaintext: readable text (also called cleartext)– Ciphertext: unreadable or encrypted textCiphertext: unreadable or encrypted text

Cryptography is used to hide information Cryptography is used to hide information from unauthorized usersfrom unauthorized users

Decryption is the process of converting Decryption is the process of converting ciphertext back to plaintextciphertext back to plaintext

44

History of CryptographyHistory of Cryptography

Substitution cipherSubstitution cipher– Replaces one letter with another letter based Replaces one letter with another letter based

on a keyon a key– Example: Julius Caesar’s CipherExample: Julius Caesar’s Cipher

Used a key value of 3Used a key value of 3

ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABC

55

History of Cryptography History of Cryptography (continued)(continued)

Cryptanalysis studies the process of Cryptanalysis studies the process of breaking encryption algorithmsbreaking encryption algorithms

When a new encryption algorithm is When a new encryption algorithm is developed, cryptanalysts study it and try to developed, cryptanalysts study it and try to break itbreak it– Or prove that it is impractical to break it (taking Or prove that it is impractical to break it (taking

much time and many resources) much time and many resources)

66

EnigmaEnigma

Used by the Used by the Germans during Germans during World War IIWorld War II– Replaced letters Replaced letters

as they were typedas they were typed– Substitutions were Substitutions were

computed using a computed using a key and a set of key and a set of switches or rotorsswitches or rotors

– Image from WikipediaImage from Wikipedia(link Ch 12a)(link Ch 12a)

77

SteganographySteganography

The process of hiding data in plain view in The process of hiding data in plain view in pictures, graphics, or textpictures, graphics, or text– Example: changing colors slightly to encode Example: changing colors slightly to encode

individual bits in an imageindividual bits in an image

The image on the left contains the image The image on the left contains the image on the right hidden in it (link Ch 12c)on the right hidden in it (link Ch 12c)

88

AlgorithmsAlgorithms

An algorithm is a mathematical function or An algorithm is a mathematical function or program that works with a keyprogram that works with a key

Security comes fromSecurity comes from– A strong algorithm—one that cannot be A strong algorithm—one that cannot be

reversed without the keyreversed without the key– A key that cannot be found or guessedA key that cannot be found or guessed

99

KeysKeys(not in textbook)(not in textbook)

A sequence of random bitsA sequence of random bits– The range of allowable values is called a The range of allowable values is called a

keyspacekeyspace

The larger the The larger the keyspacekeyspace, the more secure , the more secure the keythe key– 8-bit key has 28-bit key has 288 = 256 values in = 256 values in keyspacekeyspace– 24-bit key has 224-bit key has 22424 = 16 million values = 16 million values– 56-bit key has 256-bit key has 25656 = 7 x 10 = 7 x 101616 values values– 128-bit key has 2128-bit key has 2128128 = 3 x 10 = 3 x 1038 38 valuesvalues

1010

Brute Force Brute Force (not in textbook)(not in textbook)

In 1997 a 56-bit key was broken by brute In 1997 a 56-bit key was broken by brute forceforce– Testing all possible 56-bit keysTesting all possible 56-bit keys– Used 14,000 machines organized via the Used 14,000 machines organized via the

InternetInternet– It took 3 monthsIt took 3 months– See link Ch 12dSee link Ch 12d

1111

How Many Bits Do You Need?How Many Bits Do You Need? (not in textbook)(not in textbook)

How many keys could all the computers How many keys could all the computers on Earth test in a year?on Earth test in a year?– Pentium 4 processor: 10Pentium 4 processor: 109 9 cycles per secondcycles per second– One year = 3 x 10One year = 3 x 107 7 secondsseconds– There are less than 10There are less than 1010 10 computers on Earthcomputers on Earth

One per personOne per person

– 101099 x 3 x 10 x 3 x 1077 x 10 x 1010 = 10 = 3 x 103 x 102626 calculations calculations – 128 bits should be enough (3 x 10128 bits should be enough (3 x 1038 38 values)values)

Unless computers get Unless computers get muchmuch faster, or someone faster, or someone breaks the algorithmbreaks the algorithm

1212

Symmetric CryptographySymmetric Cryptography

One key encrypts and decrypts dataOne key encrypts and decrypts data

CleartextCleartext with with KeyKey makes makes CiphertextCiphertext

CiphertextCiphertext with with KeyKey makes makes CleartextCleartext

Winning Lotto #s: aWDHOP#@-w9

aWDHOP#@-w9 Winning Lotto #s:

1313

Symmetric Cryptography Symmetric Cryptography AlgorithmsAlgorithms

Symmetric algorithms have one key that Symmetric algorithms have one key that encrypts and decrypts dataencrypts and decrypts data

AdvantagesAdvantages– Symmetric algorithms are fastSymmetric algorithms are fast– They are difficult to break if a large key size is They are difficult to break if a large key size is

usedused– Only one key neededOnly one key needed

1414


DisadvantagesDisadvantages– Symmetric keys must remain secretSymmetric keys must remain secret– Difficult to deliver keys (key distribution)Difficult to deliver keys (key distribution)– Symmetric algorithms don’t support Symmetric algorithms don’t support

authenticityauthenticity or or nonrepudiationnonrepudiationYou can’t know for sure who sent the message, You can’t know for sure who sent the message, since two people have the same keysince two people have the same key

1515


Types of symmetric algorithmsTypes of symmetric algorithms– Stream ciphersStream ciphers

Operate on plaintext one bit at a timeOperate on plaintext one bit at a time

– Block ciphersBlock ciphersOperate on blocks of plaintextOperate on blocks of plaintext

1616

DeCSSDeCSS

Commercial DVDs are encoded with a 40-Commercial DVDs are encoded with a 40-bit keybit key– It’s simple to crack it by brute forceIt’s simple to crack it by brute force– Three hackers did that in 1999Three hackers did that in 1999

See links Ch 12e, 12fSee links Ch 12e, 12f

– Legislation such as the DMCA made it illegal Legislation such as the DMCA made it illegal to publish the algorithmto publish the algorithm

See Illegal Prime Number (Link Ch 12g) See Illegal Prime Number (Link Ch 12g)

1717

Data Encryption Standard Data Encryption Standard (DES)(DES)

National Institute of Standards and National Institute of Standards and Technology (NIST)Technology (NIST)– Wanted a means of protecting sensitive but Wanted a means of protecting sensitive but

unclassified dataunclassified data– Invited vendors in early 1970 to submit data Invited vendors in early 1970 to submit data

encryption algorithmsencryption algorithms

IBM proposed LuciferIBM proposed Lucifer– A 128-bit encryption algorithmA 128-bit encryption algorithm

1818

Data Encryption Standard Data Encryption Standard (DES)(DES)

The National Security Agency (NSA) The National Security Agency (NSA) reduced the key size from 128 bits to 64 reduced the key size from 128 bits to 64 bits and created DESbits and created DES– Only 56 bits of the key are actually usedOnly 56 bits of the key are actually used

1919

Data Encryption Standard Data Encryption Standard (DES) (continued)(DES) (continued)

In 1988, NSA thought the standard was at In 1988, NSA thought the standard was at risk to be brokenrisk to be broken

In 1997, a DES key was broken in 3 In 1997, a DES key was broken in 3 monthsmonths

In 1998, the EFF built a a computer system In 1998, the EFF built a a computer system that cracked a DES key in 3 daysthat cracked a DES key in 3 days– Link Ch 12hLink Ch 12h

2020

Triple DES (3DES)Triple DES (3DES)

Triple Data Encryption System (3DES)Triple Data Encryption System (3DES)

3DES served as a quick fix to the 3DES served as a quick fix to the vulnerabilities of DESvulnerabilities of DES

3DES performed three DES encryptions 3DES performed three DES encryptions

225656 times stronger than DES times stronger than DES– More secure but slower to computeMore secure but slower to compute

See link Ch 12iSee link Ch 12i

2121

Advanced Encryption Standard Advanced Encryption Standard (AES)(AES)

Became effective in 2002 as a standardBecame effective in 2002 as a standard– The process took 5 yearsThe process took 5 years

Block cipher that operates on 128-bit Block cipher that operates on 128-bit blocks of plaintextblocks of plaintext

Keys can be 128, 192, or 256 bitsKeys can be 128, 192, or 256 bits

Uses Rindjael algorithmUses Rindjael algorithm– Link Ch 12jLink Ch 12j

2222

International Data Encryption International Data Encryption Algorithm (IDEA)Algorithm (IDEA)

Block cipher that operates on 64-bit blocks Block cipher that operates on 64-bit blocks of plaintextof plaintext

It uses a 128-bit keyIt uses a 128-bit key

Developed by Xuejia Lai and James Developed by Xuejia Lai and James MasseyMassey– Designed to work more efficiently in computers Designed to work more efficiently in computers

used at home and in businessesused at home and in businesses

IDEA is free for noncommercial useIDEA is free for noncommercial use– It is included in PGP encryption softwareIt is included in PGP encryption software

2323

BlowfishBlowfish

Block cipher that operates on 64-bit Block cipher that operates on 64-bit blocks of plaintextblocks of plaintext

The key length can be as large as 448 The key length can be as large as 448 bitsbits

Developed by Bruce SchneierDeveloped by Bruce Schneier

2424

RC5RC5

Block cipher that can operate on different Block cipher that can operate on different block sizes: 32, 64, and 128block sizes: 32, 64, and 128

The key size can reach 2048 bitsThe key size can reach 2048 bits

Created by Ronald L. Rivest in 1994 for Created by Ronald L. Rivest in 1994 for RSA Data SecurityRSA Data Security

2525

Cracking RC5Cracking RC5

56-bit and 64-bit key RC5s have already 56-bit and 64-bit key RC5s have already been crackedbeen cracked

The RC5-72 project is underway, trying to The RC5-72 project is underway, trying to crack a 72-bit keycrack a 72-bit key– At the current rate, it will take 1000 years At the current rate, it will take 1000 years

Links Ch 12l, 12mLinks Ch 12l, 12m

2626

Asymmetric Cryptography Asymmetric Cryptography AlgorithmsAlgorithms

Use two keys that are mathematically Use two keys that are mathematically relatedrelated– Data encrypted with one key can be Data encrypted with one key can be

decrypted only with the other keydecrypted only with the other key

Another name for asymmetric key Another name for asymmetric key cryptography is public key cryptographycryptography is public key cryptography– Public key: known by the publicPublic key: known by the public

– Private key: known only by ownerPrivate key: known only by owner

2727

Asymmetric CryptographyAsymmetric Cryptography

CleartextCleartext with with Public KeyPublic Key makes makes CiphertextCiphertext

CiphertextCiphertext with with Private KeyPrivate Key makes makes CleartextCleartext

Winning Lotto #s: aWDHOP#@-w9

aWDHOP#@-w9 Winning Lotto #s:

2828


Provides message authenticity and Provides message authenticity and nonrepudiationnonrepudiation– Authenticity validates the sender of a Authenticity validates the sender of a

messagemessage– Nonrepudiation means a user cannot deny Nonrepudiation means a user cannot deny

sending a messagesending a message

2929


Asymmetric algorithms are more scalable Asymmetric algorithms are more scalable but slower than symmetric algorithmsbut slower than symmetric algorithms– Scalable: can adapt to larger networksScalable: can adapt to larger networks– Each person needs only one key pairEach person needs only one key pair

Everyone can use the same public key to send you Everyone can use the same public key to send you datadata

Each person signs messages with their own Each person signs messages with their own private keyprivate key

3030

RSARSA

Developed in 1977 by Ronald L. Rivest, Developed in 1977 by Ronald L. Rivest, Adi Shamir, and Leonard M. AdlemanAdi Shamir, and Leonard M. Adleman

The algorithm is based on the difficulty of The algorithm is based on the difficulty of factoring large numbersfactoring large numbers

The Secure Socket Layer (SSL) protocol The Secure Socket Layer (SSL) protocol uses the RSA algorithmuses the RSA algorithm

3131

Diffie-HellmanDiffie-Hellman

Developed by Whitfield Diffie and Martin Developed by Whitfield Diffie and Martin HellmanHellman

Does not provide encryption but is used for key Does not provide encryption but is used for key exchangeexchange– Two parties agree on a key without ever sending it Two parties agree on a key without ever sending it

directly over the networkdirectly over the network– The numbers transmitted can be used to compute the The numbers transmitted can be used to compute the

key, but only by the parties holding secret private key, but only by the parties holding secret private numbersnumbers

Prevents sniffing attacks (link Ch 12Prevents sniffing attacks (link Ch 12

3232

Elliptic Curve Cryptosystems Elliptic Curve Cryptosystems (ECC)(ECC)

It is an efficient algorithm requiring few It is an efficient algorithm requiring few resourcesresources– MemoryMemory– Disk spaceDisk space– BandwidthBandwidth

ECC is used for encryption as well as ECC is used for encryption as well as digital signatures and key distributiondigital signatures and key distribution

3333

ElgamalElgamal

Public key algorithm used toPublic key algorithm used to– Encrypt dataEncrypt data– Create digital signatureCreate digital signature– Exchange secret keysExchange secret keys

Written by Taher Elgamal in 1985Written by Taher Elgamal in 1985

The algorithm uses discrete logarithm The algorithm uses discrete logarithm problemsproblems– Solving a discrete logarithm problem can take Solving a discrete logarithm problem can take

many years and require CPU-intensive operationsmany years and require CPU-intensive operations

3434

From WikipediaLink Ch 12o

3535

Digital SignaturesDigital Signatures

A hash value ensures that the message A hash value ensures that the message was not altered in transit (was not altered in transit (integrityintegrity))

Provides message Provides message integrityintegrity, , authenticityauthenticity and and nonrepudiationnonrepudiation

3636

Digital Signature Standard Digital Signature Standard (DSS)(DSS)

Established by the NIST in 1991Established by the NIST in 1991– Ensures that digital signatures rather than Ensures that digital signatures rather than

written signatures can be verifiedwritten signatures can be verified

Federal government requirementsFederal government requirements– RSA and Digital Signature Algorithm (DSA) RSA and Digital Signature Algorithm (DSA)

must be used for all digital signaturesmust be used for all digital signatures– Hashing algorithm must be used to ensure the Hashing algorithm must be used to ensure the

integrity of the messageintegrity of the messageNIST required that the Secure Hash Algorithm (SHA) NIST required that the Secure Hash Algorithm (SHA) be usedbe used

3737

Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)

Developed by Phil Zimmerman as a free Developed by Phil Zimmerman as a free e-mail encryption programe-mail encryption program– Zimmerman was almost arrested for his Zimmerman was almost arrested for his

innovationinnovation– Back in the mid-1990s, any kind of Back in the mid-1990s, any kind of

“unbreakable” encryption was seen as a “unbreakable” encryption was seen as a weapon and compared to selling arms to the weapon and compared to selling arms to the enemyenemy

3838

Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)

PGP is a free public key encryption PGP is a free public key encryption programprogram

It uses certificates similar to those in public It uses certificates similar to those in public key infrastructure (PKI)key infrastructure (PKI)– PGP does not use a centralized CAPGP does not use a centralized CA– Verification of a CA is not as efficient as PKIVerification of a CA is not as efficient as PKI

3939

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) (continued)(continued)

Algorithms supported by PGPAlgorithms supported by PGP– IDEAIDEA– RSARSA– DSADSA– Message Digest 5 (MD5)Message Digest 5 (MD5)– SHA-1SHA-1

4040

Secure Multipurpose Internet Secure Multipurpose Internet Mail Extension (S/MIME)Mail Extension (S/MIME)

Is another public key encryption standard Is another public key encryption standard used to encrypt and digitally sign e-mailused to encrypt and digitally sign e-mail

Can encrypt e-mail messages containing Can encrypt e-mail messages containing attachments attachments

Can use PKI certificates for authenticationCan use PKI certificates for authentication

S/MIME version 2 defined in RFC 2311S/MIME version 2 defined in RFC 2311

S/MIME version 3 defined in RFC 2633S/MIME version 3 defined in RFC 2633

4141

Privacy-Enhanced Mail (PEM)Privacy-Enhanced Mail (PEM)

Internet standard that is compatible with Internet standard that is compatible with both symmetric and asymmetric methods both symmetric and asymmetric methods of encryptionof encryption

Can use the X.509 certificate standards Can use the X.509 certificate standards and encrypt messages with DESand encrypt messages with DES

Not used as much todayNot used as much today– MIME Object Security Services (MOSS) is a MIME Object Security Services (MOSS) is a

newer implementation of PEMnewer implementation of PEM

4242

Hashing AlgorithmsHashing Algorithms

Take a variable-length message and Take a variable-length message and produce a fixed-length value called a produce a fixed-length value called a message digestmessage digest

A hash value is equivalent to a fingerprint A hash value is equivalent to a fingerprint of the messageof the message– If the message is changed later, the hash If the message is changed later, the hash

value changesvalue changes

4343

Collisions Collisions

If two different messages produce the If two different messages produce the same hash value, it results in a collisionsame hash value, it results in a collision– A good hashing algorithm must be collision-A good hashing algorithm must be collision-

freefree

4444

Hashing AlgorithmsHashing Algorithms

SHA-1 is one of the most popular hashing SHA-1 is one of the most popular hashing algorithmsalgorithms– SHA-1 has been brokenSHA-1 has been broken– Collisions were found in 2004 and 2005 (link Collisions were found in 2004 and 2005 (link

Ch 12pCh 12p– As of March 15, 2005, the NIST recommends As of March 15, 2005, the NIST recommends

not using SHA applicationsnot using SHA applications– But there are collisions in MD5 tooBut there are collisions in MD5 too– SHA-256 hasn’t been broken yetSHA-256 hasn’t been broken yet

See link Ch 12qSee link Ch 12q

4545

Symmetric AlgorithmsSymmetric Algorithms(Private-key)(Private-key)

NameName Key sizeKey size NotesNotes

DESDES 56 bits56 bits InsecureInsecure

3DES3DES 168 bits168 bits Being replaced by AESBeing replaced by AES

AESAES 128,192, or 256 128,192, or 256 US Govt classified infoUS Govt classified info

IDEAIDEA 128 bits128 bits Used in PGP, very Used in PGP, very securesecure

BlowfishBlowfish 32 to 448 32 to 448 Public domainPublic domain

RC5RC5 Up to 2040 Secure for 72-bits or Up to 2040 Secure for 72-bits or moremore

4646

Asymmetric AlgorithmsAsymmetric Algorithms(Public-key)(Public-key)

NameName NotesNotes

Diffie-HellmanDiffie-Hellman Key exchg, not encryptionKey exchg, not encryption

RSARSA Secure, used by SSLSecure, used by SSL

ECCECC Efficient newer techniqueEfficient newer technique

ElgamalElgamal Used in GPG and PGPUsed in GPG and PGP

4747

Hashing Algorithms Hashing Algorithms

NameName NotesNotesMD2MD2 Written for 8-bit machines, no longer secureWritten for 8-bit machines, no longer secureMD4MD4 No longer secureNo longer secureMD5MD5 Security is questionable nowSecurity is questionable nowSHA-1SHA-1 The successor to MD5, Used in:The successor to MD5, Used in:

TLS, SSL, PGP, SSH, S/MIME, IPsecTLS, SSL, PGP, SSH, S/MIME, IPsecNo longer completely secureNo longer completely secure

SHA-2SHA-2 Not yet broken, but no longer recommended.Not yet broken, but no longer recommended.

NIST is now developing a new algorithm to replace SHA.NIST is now developing a new algorithm to replace SHA.

4848

Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)

Not an algorithmNot an algorithm

A structure that consists of programs, A structure that consists of programs, protocols, and security protocolsprotocols, and security protocols

Uses public key cryptographyUses public key cryptography

Enables secure data transmission over the Enables secure data transmission over the InternetInternet

4949

PKI ComponentsPKI Components

Certificate: a digital document that verifies Certificate: a digital document that verifies the identity of an entitythe identity of an entity– Contains a unique serial number and must Contains a unique serial number and must

follow the X.509 standardfollow the X.509 standard

5050

PKI ComponentsPKI Components

Public keys are issued by a certification Public keys are issued by a certification authority (CA)authority (CA)

A certificate that the CA issues to a A certificate that the CA issues to a company binds a public key to the company binds a public key to the recipient’s private keyrecipient’s private key

5151

Certificate Expiration and Certificate Expiration and RenewalRenewal

A period of validity is assigned to each A period of validity is assigned to each certificatecertificate– After that date, the certificate expiresAfter that date, the certificate expires

A certificate can be renewed with a new A certificate can be renewed with a new expiration date assignedexpiration date assigned– If the keys are still valid and remain If the keys are still valid and remain

uncompromiseduncompromised

5252

Certificate Revocation and Certificate Revocation and SuspensionSuspension

Reasons to suspend or revoke a certificateReasons to suspend or revoke a certificate– A user leaves the companyA user leaves the company– A hardware crash causes a key to be lostA hardware crash causes a key to be lost– A private key is compromisedA private key is compromised

Revocation is permanentRevocation is permanent

Suspension can be liftedSuspension can be lifted

5353

Certificate Revocation and Certificate Revocation and SuspensionSuspension

Certificate Revocation List (CRL)Certificate Revocation List (CRL)– Contains all revoked and suspended Contains all revoked and suspended

certificatescertificates– Issued by CAsIssued by CAs

5454

Backing Up KeysBacking Up Keys

Backing up keys is criticalBacking up keys is critical– If keys are destroyed and not backed up If keys are destroyed and not backed up

properly, encrypted business-critical properly, encrypted business-critical information might be irretrievableinformation might be irretrievable

The CA is usually responsible for backing The CA is usually responsible for backing up keysup keys– A key recovery policy is also part of the CA’s A key recovery policy is also part of the CA’s

responsibilityresponsibility

5555

5656

Microsoft Root CAMicrosoft Root CAYou can set up your own Certificate You can set up your own Certificate Authority ServerAuthority Server

Windows Server 2003 or Windows 2000 ServerWindows Server 2003 or Windows 2000 Server

Install the Certificate ServicesInstall the Certificate Services

Note that after installing this service the name of Note that after installing this service the name of the domain or computer cannot changethe domain or computer cannot change

5757

Microsoft Root CAMicrosoft Root CA

Specify options to generate certificates, Specify options to generate certificates, includingincluding– Cryptographic Service ProviderCryptographic Service Provider– Hash algorithmHash algorithm– Key lengthKey length

5858

Understanding Cryptographic Understanding Cryptographic AttacksAttacks

Sniffing and port scanning are passive Sniffing and port scanning are passive attacks – just watchingattacks – just watching

Active attacks attempt to determine the Active attacks attempt to determine the secret key being used to encrypt plaintextsecret key being used to encrypt plaintext

Cryptographic algorithms are usually Cryptographic algorithms are usually publicpublic– Follows the open-source cultureFollows the open-source culture– Except the NSA and CIA and etc.Except the NSA and CIA and etc.

5959

Birthday AttackBirthday Attack

If 23 people are in the room, what is the If 23 people are in the room, what is the chance that they all have different chance that they all have different birthdays?birthdays?

365365 364364 363363 363363 361361 360360 343 343 365 365

xx 365 365

xx 365 365

xx 365 365

xx 365 365

xx 365 365

x . . . x . . . 365 365

= 49% = 49% So there’s a 51% chance that two of them So there’s a 51% chance that two of them

have the same birthdayhave the same birthdaySee link Ch 12rSee link Ch 12r

6060

Birthday AttackBirthday Attack

If there are N possible hash values, If there are N possible hash values, – You’ll find collisions when you have You’ll find collisions when you have

calculated 1.2 x calculated 1.2 x sqrt(N) valuessqrt(N) values

SHA-1 uses a 160-bit keySHA-1 uses a 160-bit key– Theoretically, it would require 2Theoretically, it would require 28080

computations to breakcomputations to break– SHA-1 has already been broken, because of SHA-1 has already been broken, because of

other weaknessesother weaknesses

6161

Mathematical AttacksMathematical Attacks

Properties of the algorithm are attacked by Properties of the algorithm are attacked by using mathematical computationsusing mathematical computations

CategoriesCategories– Ciphertext-only attackCiphertext-only attack

The attacker has the ciphertext of several The attacker has the ciphertext of several messages but not the plaintextmessages but not the plaintext

Attacker tries to find out the key and algorithm Attacker tries to find out the key and algorithm used to encrypt the messagesused to encrypt the messages

Attacker can capture ciphertext using a sniffer Attacker can capture ciphertext using a sniffer program such as Ethereal or Tcpdumpprogram such as Ethereal or Tcpdump

6262

Mathematical Attacks Mathematical Attacks

Categories Categories – Known plaintext attackKnown plaintext attack

The attacker has messages in both encrypted form The attacker has messages in both encrypted form and decrypted formsand decrypted forms

This attack is easier to perform than the ciphertext-This attack is easier to perform than the ciphertext-only attackonly attack

Looks for patterns in both plaintext and ciphertextLooks for patterns in both plaintext and ciphertext

– Chosen-plaintext attackChosen-plaintext attackThe attacker has access to plaintext and ciphertextThe attacker has access to plaintext and ciphertext

Attacker has the ability to choose which message to Attacker has the ability to choose which message to encryptencrypt

6363

Mathematical AttacksMathematical Attacks

Categories (continued)Categories (continued)– Chosen-ciphertext attackChosen-ciphertext attack

The attacker has access to the ciphertext to be The attacker has access to the ciphertext to be decrypted and to the resulting plaintextdecrypted and to the resulting plaintext

Attacker needs access to the cryptosystem to Attacker needs access to the cryptosystem to perform this type of attackperform this type of attack

6464

Brute Force AttackBrute Force Attack

An attacker tries to guess passwords by An attacker tries to guess passwords by attempting every possible combination of attempting every possible combination of lettersletters– Requires lots of time and patienceRequires lots of time and patience– Password-cracking programs that can use Password-cracking programs that can use

brute forcebrute forceJohn the RipperJohn the RipperCain and AbelCain and AbelOphcrackOphcrack

– Also uses memory to save time – “Rainbow tables”Also uses memory to save time – “Rainbow tables”

6565

Man-in-the-Middle AttackMan-in-the-Middle Attack

Victim sends public key to ServerVictim sends public key to Server– Attacker generates two “false” key pairsAttacker generates two “false” key pairs– Attacker intercepts the genuine keys and Attacker intercepts the genuine keys and

send false keys outsend false keys out– Both parties send encrypted traffic, but not Both parties send encrypted traffic, but not

with the same keyswith the same keys

These false keys won’t be verified by a CAThese false keys won’t be verified by a CA

Victim Attacker Server

6666

Dictionary AttackDictionary Attack

Attacker uses a dictionary of known words Attacker uses a dictionary of known words to try to guess passwordsto try to guess passwords– There are programs that can help attackers There are programs that can help attackers

run a dictionary attackrun a dictionary attack

Programs that can do dictionary attacksPrograms that can do dictionary attacks– John the RipperJohn the Ripper– Cain and AbelCain and Abel

6767

Replay AttackReplay Attack

The attacker captures data and attempts The attacker captures data and attempts to resubmit the captured datato resubmit the captured data– The device thinks a legitimate connection is in The device thinks a legitimate connection is in

effecteffect

If the captured data was logon information, If the captured data was logon information, the attacker could gain access to a system the attacker could gain access to a system and be authenticatedand be authenticatedMost authentication systems are resistant Most authentication systems are resistant to replay attacksto replay attacks

6868

Password CrackingPassword Cracking

Password cracking is illegal in the United Password cracking is illegal in the United StatesStates– It is legal to crack your own password if you It is legal to crack your own password if you

forgot itforgot it

You need the hashed password fileYou need the hashed password file– /etc/passwd or /etc/shadow for *NIX/etc/passwd or /etc/shadow for *NIX– The SAM database in WindowsThe SAM database in Windows

Then perform dictionary or brute-force Then perform dictionary or brute-force attacks on the fileattacks on the file

6969

Password cracking programsPassword cracking programs

John the RipperJohn the Ripper

Hydra (THC)Hydra (THC)

EXPECTEXPECT

L0phtcrackL0phtcrack

Pwdump3v2Pwdump3v2

Ophcrack does it all for you – gathering Ophcrack does it all for you – gathering the SAM database and cracking itthe SAM database and cracking it

Education

Cryptography Lecture by Sam Bowne