Cryptography
Fifth Step to Become a Hacker - Haaga-Helia Assignment
Fifth Step to Become a Hacker - Haaga-Helia Assignment
Assignment 5
The questions for the assignment are here
Task X - Applied Cryptography
Terminology
Messages and Encryption
| Terms | Explanations |
|---|---|
| Plaintext | a message |
| Encryption | the process of disguising a message as to hide its substance |
| Ciphertext | an encrypted message |
| Decryption | the process of turning ciphertext back to plaintext |
| Cryptography | the art and science of keeping messages secure |
| Cryptanalysis | the art and science of breaking ciphertext |
| Cryptology | the branch of mathematics encompassing both cryptography and cryptanalysis |
| Cryptographer | a person who practices cryptography |
| Cryptanalyst | a person who practices cryptanalysis |
| Cryptologist | a person who practices cryptology |
Cryptography Jobs
- Providing confidentiality
- Authentication:
- Message receiver should ascertain its origin, intruder should be known
- Integrity:
- Message receiver can verify that the message hasn’t been modified, intruder can’t swap false message for a legitimate one
- Nonrepudiation:
- A sender can’t falsely deny later that he sent a message
Algorithms
| Terms | Explanations |
|---|---|
| Cryptographic Algorithm / Cipher | mathematical function used for encryption and decryption |
| Cryptosystem | an algorithm, plus all possible plaintexts, ciphertexts, and keys |
| Symmetric Algorithms | key-based algorithms where the encryption key can be calculated from the decryption key and vice versa |
| Public-key Algorithms | key-based algorithms where key used for encryption is different from the key used for decryption, encryption key is public key and decryption key is private key |
Steganography
Steganography hides secret messages in other messages, such that the secret’s very existence is concealed
Ciphers
Substitution Ciphers
A substitution cipher is one in which each character in the plaintext is substituted for another character in the ciphertext. The receiver inverts the substitution on the ciphertext to recover the plaintext.
Types of substitution cipher:
| Terms | Explanations |
|---|---|
| Monoalphabetic Cipher / Simple Substitution Cipher | each character of the plaintext is replaced with a corresponding character of ciphertext. The cryptograms in newspapers and Caesar Cipher are simple substitution ciphers |
| Homophonic Substitution Cipher | similar to monoalphabetic cipher except a single character of plaintext can map to one of several characters of ciphertext |
| Polygram Substitution Cipher | blocks of characters are encrypted in groups |
| Polyalphabetic Substitution Cipher | is made up of multiple monoalphabetic ciphers |
| Running-key Cipher / Book Cipher | one text is used to encrypt another text, can be broken easily |
Transposition Ciphers
- Transposition Cipher: the plaintext remains the same, but the order of characters is shuffled around
- Simple Columnar Transposition Cipher: the plaintext is written horizontally onto a piece of graph paper of fixed width and the ciphertext is read off vertically
Rotor Machine
- Rotor Machine has a keyboard and a series of rotors, and implements a version of the Vigenère cipher.
- Each rotor is an arbitrary permutation of the alphabet, has 26 positions, and performs a simple substitution.
- The best-known rotor device is the Enigma.
Simple XOR
- Exclusive-or operation
- It’s nothing more than a Vigenère polyalphabetic cipher
- Symmetric algorithm
- The plaintext is being XORed with a keyword to generate the ciphertext
- Super easy to break
One-Time Pads
- Perfect encryption scheme
- Large nonrepeating set of truly random key letters, written on sheets of paper, and glued together in a pad
- The sender uses each key letter on the pad to encrypt exactly one plaintext character
- Encryption is the addition modulo 26 of the plaintext character and the one-time pad key character.
- Each key letter is used exactly once, for only one message
- The sender encrypts the message and then destroys the used pages
- The receiver has an identical pad and uses each key on the pad, in turn, to decrypt each letter of the ciphertext then destroys the used pages
Computer Algorithms
| Terms | Explanations |
|---|---|
| DES (Data Encryption Standard) | symmetric algorithm, the same key is used for encryption and decryption |
| RSA | public-key algorithm, can be used for both encryption and digital signatures |
| DSA (Digital Signature Algorithm) | public-key algorithm, cannot be used for encryption, but only for digital signatures |
Task A - Presentation
Presentation Link
My Cryptosystem Demo
Task B - Encrypt and Decrypt messages
In this task, I will test 2 tools with 2 types of encryption.
GPG - Asymmertric Ecryption
Source
GPG (Gnu Privacy Guard) is an Open source implementation of Open PGP (Pretty Good Privacy) asymmetric encryption protocol.
I choose GPG because it can be used both on Windows and Linux distros. If you have a Windows system, install Git. GPG is pre-installed for you if you use Git version 2.19.x. If you use Debian or Kali Linux, it’s also pre-installed. But if you use other distros that initially don’t have it, you can install it with the following commands
|
|
We can start using it by generating basic information for GPG, quite the same as creating an account for the tool. If you use Linux systems, you have to be sudo user to do this.
|
|
It will ask you a bunch of questions, you can choose whatever you want and finally you will create a passphrase which will be used to encrypt the private keys using symmetric encryption. So even if the keys are stolen, nobody can use them to decrypt the files
Encryption
First, we need to create a file such as secret.txt. Then we can add a text in the file like this
After that we close the editor and start the encryption process.
|
|
You could change the <your-email> with the email that you used to create the passphrase. After the process is done, another file is created secret.txt.gpg. And we can check the content of the file with the command
|
|
And we can see that the content of the file is encrypted
Decryption
We should delete the original file to protect it from being stolen. Then we could try to decrypt the secret.txt.gpg by using this command.
|
|
And we can see the decrypted text like this
OpenSSL - Symmetric Encryption
I choose OpenSSL also because it is widely used and can be used in different systems. There are many encryption algorithms that can be used with OpenSSL. In this case, we are going to use AES. AES uses simple algebraic calculations, and every block of data is always encrypted the same way, which makes it ideal for encrypting large files.
Encryption
We start the process by using this command to check openssl’s cipher’s commands
|
|
Then we can use the following command to encrypt the file
|
|
The enc option is used to define that we’re going preform symmetric key encryption. You will be asked for the password.After typing in the password we have the following result
If we check the file’s content, this is how it looks like
Decryption
The decryption command is pretty similar
|
|
The result is here
