Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82815
Newest Member: medjiking
Latest Articles

Cryptography

Arrow Image This is an article over some common forms of encryption and some examples of what they look like.



Cryptography



Cryptography is often associated to encryption, or hiding information from others except the desired party. This usually involves having a certain knowledge of the encryption, also known as a key. This has been used for centuries by military and governments to hide and transfer data. For example, In ancient days, One King would shave a subjects head, then tattoo the message on the subjects head. This way the subject did not know what the message was either. Then, after his hair grew back, he would be sent to the other king and his head would be shaved, then when the king had the message, the subject was killed and the message was disposed of. So, step by step this is the general way an encryption works. First, find a viable way to hide the message. Second, Find a safe way to transport the message and, third decrypt the message. Now inside of each step there is a good amount of detail.

Encrypting the message-

There are many common ways to encrypt data. For instance, a shift cipher. In shift cipher you shift each letter a certain amount of letters in the alphabet. EXAMPLE: In a cipher with a key of one, you would switch each letter one letter in the alphabet. So A would become B, and a word like HIDDEN would become IJEEDO. Thus rendering the message illegible. Now the reason you would not want to use a simple shift cipher is because of how easy it is to "crack" the encryption. "Cracking" an encryption is basically brute forcing the key, or by gaining the key through other means such as: Trojans, Social Engineering or one of the other many ways. As for our shift cipher, also known as a "caeser cipher" if it is a shift of three or as ROT-13 if it is a 13 letter shift, It would be very easy to just decrypt the message by hand or to write a simple program that can decrypt the massage in mere moments.



The Difference Between Hashing And Encrypting-
Encryption is a scheme where an plaintext is made into ciphertext using a secure key. The security of the ciphers reside in the key length and decryption process is a difficult without proper knowledge of the key.

As for hashing, The best way to describe a has is a one-way function that compresses arbitrary length strings into fixed short strings. Hashes can be designed using block ciphers using a secret key as a parameter along with the message that has to be hashed or with out them (dedicated hash functions MD4,MD5,SHA-1 etc..).

Here I will describe a few common hashes, Along with why the are not secure, And some examples of what they look like.

MD5 (Message-Digest algorithm 5)-
MD5 was created in 1991 in order to replace the less secure MD4. Although a serious flaw was found in this form of encryption it is still widely used. Cryptographers Suggest the use of more secure algorithms such as SHA-1, or WhirlPool. MD5 is a 128 but hash which makes it rather small and thus makes it vulnerable to the birthday attack (which I will include at the end). The algorithm for MD5 is also open source which makes this form of encryption rather easy to break. Not only those but Md5 hashes are also vulnerable to man-in-the-middle attacks, and gain the first three characters, Enabling easier brute forcing on the hash.

Here are some examples of An MD5 hash:
Hidden: 662f707d5491e9bce8238a6c0be92190
Hellboundhackers: 07113826bfa7f58ef0ccf537ab9b5d0e

And here is the psudocode for it


Code
Source: Wikipedia
//Note: All variables are unsigned 32 bits and wrap modulo 2^32 when calculating
var int[64] r, k

//r specifies the per-round shift amounts
r[ 0..15] := {7, 12, 17, 22,  7, 12, 17, 22,  7, 12, 17, 22,  7, 12, 17, 22}
r[16..31] := {5,  9, 14, 20,  5,  9, 14, 20,  5,  9, 14, 20,  5,  9, 14, 20}
r[32..47] := {4, 11, 16, 23,  4, 11, 16, 23,  4, 11, 16, 23,  4, 11, 16, 23}
r[48..63] := {6, 10, 15, 21,  6, 10, 15, 21,  6, 10, 15, 21,  6, 10, 15, 21}

//Use binary integer part of the sines of integers (Radians) as constants:
for i from 0 to 63
    k[i] := floor(abs(sin(i + 1)) (2 pow 32))

//Initialize variables:
var int h0 := 0x01234567
var int h1 := 0x89ABCDEF
var int h2 := 0xFEDCBA98
var int h3 := 0x76543210

//Pre-processing:
append "1" bit to message
append "0" bits until message length in bits = 448 (mod 512)
append bit /* bit, not byte */ length of unpadded message as 64-bit little-endian integer to message

//Process the message in successive 512-bit chunks:
for each 512-bit chunk of message
    break chunk into sixteen 32-bit little-endian words w[i], 0 = i = 15

    //Initialize hash value for this chunk:
    var int a := h0
    var int b := h1
    var int c := h2
    var int d := h3

    //Main loop:
    for i from 0 to 63
        if 0 = i = 15 then
            f := (b and c) or ((not b) and d)
            g := i
        else if 16 = i = 31
            f := (d and b) or ((not d) and c)
            g := (5i + 1) mod 16
        else if 32 = i = 47
            f := b xor c xor d
            g := (3i + 5) mod 16
        else if 48 = i = 63
            f := c xor (b or (not d))
            g := (7i) mod 16
 
        temp := d
        d := c
        c := b
        b := b + leftrotate((a + f + k[i] + w[g]) , r[i])
        a := temp

    //Add this chunk's hash to result so far:
    h0 := h0 + a
    h1 := h1 + b
    h2 := h2 + c
    h3 := h3 + d

var int digest := h0 append h1 append h2 append h3 //(expressed as little-endian)









SHA-1 -

SHA stands for Secure Hash Algorithm. This algorithm makes a 160 but algorithm. SHA-1 is only one of the many SHA-* styles, but it the most common and most secure. Some other SHA styles are: SHA-224, SHA-256, SHA-384, and SHA-512. These make a hash that is the amount of bits in their name. For example, SHA-224 is a 224 bit hash. The reason that this form of encryption is insecure is because a modified version of a collision attack can be performed and through this method you can get up to a quarter of the hash into plaintext. Thus making it cracked in principle.

Here are some examples of SHA hashes:

Hidden- 7acdf85c69cc3c5305456a293524386e
Hellboundhackers- 07113826bfa7f58ef0ccf537ab9b5d0e


SHA-2 and the others have no attacks reported, but SHA-1 has an attack based on a mathematical system that allows it to be cracked. Even though the others have no reported attacks, SHA-3 is in the making. This one will be the standard SHA in 2012, after the competition is over. This competition takes place from 2008-2011.



Common Encryption:

Binary-

Binary is a base-2 "language" used in computing to specify either on (1), or off (0). This was commonly used to make plaintext hidden from most people. Binary uses an 8-bit per character format that is very easily noticed by almost anyone, considering that is consist solely of 0's and 1's. These can be easily broken with a copy of any ASCII chart or a very easily written program. One other reason that it is not used, besides its insecurities, is the fact of how much space it takes to store a binary encryption, and how long it takes to encrypt things into binary. Think of it this way, For every one character of plaintext, there are 8 in binary. This means a relative large file will not only take a long time to encrypt, It will also be a massive file to transfer.


DES -

DES is based on a symmetrical key algorithm that has a 56 bit key. Now this is the chief reason that this form of encryption is so insecure is the rather small size of the key. There are public programs that can break a DES encryption in 22 hours and 15 minutes. These have made the US along with many other countries turn to more secure means of encryption.

Examples:

Hidden: CREAE8aHr13jY
Hellboundhackers: CRNg1HW8ckWJk



Base 64- Base 64 uses 64 printable ASCII characters to encrypt data. The characters are A-Z, a-z, and 0-9. Then The other two vary from OS to OS. Sometimes this also includes a suffix of an = operator. Base 64 is often very easily identified and can easily be deciphered with an easily accessible algorithm to decrypt it.

Hidden: SGlkZGVuIA==
Hellboundhackers: SGVsbGJvdW5kaGFja2Vycw==

And there are many many others.

Creating your own:

So you think you may want to create a more secure encryption method? Well your in for a surprise at how challenging it really is. First you have to come up with your encryption style... rather it be algorithm based or something else. Then, you must decide on transferring the Key and how. This must also be secure. Then on decrypting the cipher.
Well one problem you will face is what is a secure algorithm and what is not. The more advanced the algorithm does not mean a more secure encryption. Also another problem is how fast the program can do the algorithm. An advanced algorithm may be secure, but if it takes three days to decrypt with the key, Is it worth using? And then with the key, there are a few ways to transfer the key safely. One way is like the spy movie, a guy with a briefcase handcuffed to his wrist. A more feasible way would be to meet the person and exchange it. or you could just use a more common encryption method and send it to them in e-mail. Or one last slow way would be to Mail them the key. Either way you must decide how you will keep it secure on the way.



Some common attacks on cryptography:

DoS-
DoS (Denial of Service) attacks are when someone tries to make a service or action incapable of usage. One very unlikely method, But possible, would be cutting the victims internet cable. This renders them incapable of accessing the said source. Although this attack is usually used on a web-server, this can also be used to stop an encryption from ever reaching its intended party. Another way this attack could be carried out would be to send a server a massive amount if request, and keeping the server busy.

Man In The Middle (MITM)-
MITM is where the attacker makes a connection with the host then passes the message to the other host, making them believe that they are talking directly to each other over a private connection although the conversation is controlled solely by the attacker. The attacker then would intercept messages and send new ones.

Birthday Attack-
In this attack you use mathematics to exploit collisions. This is a rather formidable attack because of how efficient it is, especially if the function hold a lot of matches in the psudorandom lookup of matches in collisions.

Cryptanalysis-
cryptanalysis is also known as code breaking or cracking a code. Although this does not necessarily imply encryption, it is one major part of cracking. this form usually excludes attacks such as the ones mentioned above, social engineering, burglary, or keylogging. In the past one way to crack an encryption was to use a frequency analysis, or seeing what type of characters appear most. For instance the letter "E" is the most common in English, and the digraph "TH" is the most common. In practice it relies on as much linguistic knowledge as it does statistics. As encryption got more and more detailed, mathematics became more of a major player in cracking. In modern times the advanced computations in an encryption have made cryptanalysis less of a key player, than in the past when pen-and-paper encryptions were used.
So in order to sum this up, I will use this quote.
"Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute force. Never mind that brute-force might require 2^128 encryptions; an attack requiring 2^110 encryptions would be considered a break...simply put, a break can just be a certificational weakness: evidence that the cipher does not perform as advertised." (Schneier, 2000).


Well that's my first article, and thanks for all the comments. Please keep them coming and rate.
I will try to keep updating and adding to this article over time.

Comments

Zephyr_Pureon October 31 2008 - 03:01:44
I couldn't resist... Not bad, but I might've liked to see more broad coverage and less repetitive examples. More talk about why an encryption method is insecure, and less... fluff. Still, as this is your first attempt, it's a start.
spywareon October 31 2008 - 10:11:14
Wow. This sucks. Way to go, yours31f, giving general information. Where's the cryptanalysis? Where's the code-cracking bit? Oh, that's in your next article? Well, I'll be there, rating again. This is just ... basic. Worthless, basic stuff.
ynori7on October 31 2008 - 18:11:10
There isn't much detail here. And you dont seem to have your facts down too well. For starts, you didn't didn't even mention the difference between encrypting and hashing. And another detail is that the Caesar Cypher is a shift by 3, not 1. And you could easily explained the ROT-13 right along with it. And what's the point in just giving a bunch of links to wikipedia? We can all do that on our own. The purpose of this article should be for you to explain these in your own words. Average rating from me.
Uber0non November 01 2008 - 00:19:37
Not awesome, but not worthless. Think about what the others have said and make a kickass cryptography article instead Wink
ynori7on November 01 2008 - 06:18:49
Better. Why'd you take out the stuff on Caesar cypher and rot-13? Anyway, I'll revise my rating to Good.
ynori7on November 01 2008 - 06:24:16
Nevermind about the caesar shift.
ynori7on November 01 2008 - 06:35:01
Nevermind about the caesar shift.
korgon November 01 2008 - 10:40:22
Not great but not shit. Good start I think for people who are just starting to learn these. 5/10
Zephyr_Pureon November 01 2008 - 15:41:46
FYI... binary (number system) and Base64 (encoding) are not encryptions. DoS is not an attack on encryption / cryptography. JtR can crack a DES hash in MUCH less than 22 hours in 99.9% of the cases anyone will ever see. Other than that, good job on the revision.
kadenon November 03 2008 - 09:30:09
yea, Zephyr_Pure is right, but it's not the worst thing i've ever seen.. pretty good job for your first article Smile
spywareon November 03 2008 - 19:20:20
Article still sucks. You did not mention ANYTHING worthwhile about breaking codes. Go take your bruteforce methods to the NASA, we want the real-fucking-deal. Studying code till all you see is cleartext.
system_meltdownon December 18 2008 - 22:32:29
@spy, you mean NSA?
yours31fon December 25 2008 - 22:21:11
See, even he doesn't hat he is talking about.
c4p_sl0ckon January 05 2009 - 11:24:14
Good for a basic article, but it doesn't have any depth. Would be more interesting with a detailed description of a specific encryption type; how it works, why it works, what flaws there are, etc.
spywareon January 25 2009 - 13:41:48
@System: Yeah, typo'd there. Although, I'm sure the NASA has a big crypto station as well. I meant NSA though.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.