📔
eCPPTv2 Notes
  • About
  • 1-System Security
    • Architecture Fundamentals
      • Security Implementations
      • References
    • Assembler Debuggers and Tool Arsenal
      • Compiler
      • NASM
      • Tool Arsenal
      • References
    • Buffer Overflow
      • Finding Buffer Overflows
      • Exploiting Buffer Overflow
      • Security Implementations
      • References
    • Shellcoding
      • Types of Shellcode
      • Encoding of Shellcode
      • Debugging a Shellcode
      • Creating our First Shellcode
      • More Advanced Shellcode
      • Shellcode and Payload Generators
      • References
    • Cryptography and Password Cracking
      • Cryptography Hash Function
      • Public Key Infrastructure
      • Pretty Good Privacy (PGP)
      • Secure Shell (SSH)
      • Cryptographic Attack
      • Security Pitfalls
      • Windows 2000/XP/2k3/Vista/7/8 Passwords
      • References
    • MALWARE
      • Techniques Used by Malware
      • How Malware Spreads
      • Samples
      • References
  • 2-Network Security
    • Information Gathering
      • Search Engines
      • Social Media
      • Infrastructures
      • Tools
      • References
    • Scanning
      • Detect Live Hosts and Ports
      • Service and OS detection
      • Firewall/IDS Evasion
      • References
    • Enumeration
      • NetBIOS
      • SNMP
      • References
    • Sniffing and MitM Attacks
      • What is Sniffing
      • Sniffing in Action
      • Basic of ARP
      • Sniffing Tools
      • Man in the Middle Attacks
      • Attacking Tools
      • Intercepting SSL Traffic
      • References
    • Exploitation
      • Vulnerability Assessment
      • Low Hanging Fruits
      • Exploitation
      • References
    • Post Exploitation
      • Privilege Escalation and Maintaining Access
      • Pillaging / Data Harvesting
      • Mapping the internal network
      • Exploitation through Pivoting
      • References
    • Anonymity
      • Browsing Anonymously
      • Tunneling for Anonymity
      • References
    • Social Engineering
      • Types of Social Engineering
      • Samples of Social Engineering Attacks
      • Pretexting Samples
      • Tools
      • References
  • 3-Powershell for Pentesters
    • Introduction
      • Why PowerShell ?
      • References
    • PowerShell Fundamentals
      • Cmdlets
      • Modules
      • Scripts
      • Objects
      • References
    • Offensive PowerShell
      • Downloading & Execution
      • Obfuscation
      • Information Gathering & Recon
      • Post-Exploitation With Powershell
      • References
Powered by GitBook
On this page

Was this helpful?

  1. 1-System Security
  2. Cryptography and Password Cracking

Cryptographic Attack

6. Cryptographic Attack

Cryptographic attacks are attempts to subvert the security of the crypto algorithms by exploiting weaknesses with the goal to decipher the ciphertext without knowing the key.

Classification of cryptographic attacks depends on the type of data available:

  1. Known only attack

  • Known plaintext only attack A cryptanalyst has access to a plaintext and the corresponding ciphertext

  • Known ciphertext only attack The attacker only knows the ciphertext but no plaintext

  1. Chosen attack

  • Chosen plaintext attack It is similar to 1 but the plaintext can be attacker's choosing

  • Chosen ciphertext attack This method is used when the attacker only knows the ciphertext of his choosing and works his way back towards the plaintext. This method is very commonly used against public-private key encryption because the public key is widely known and finding private key will defeat the cipher

  1. Adaptive chosen attack In both methods, attacker can choose plaintext or ciphertext respectively one block after the other (based on previous results) which leads to the defeat of the cipher.

  • Adaptive chosen plaintext attack

  • Adaptive chosen ciphertext attack

6.1. Brute Force Attacks

A brute force attack attempts every combination of the key. It is most often used in a known plaintext or ciphertext-only attack when the attacker can esaily verify the correctness of the guess.

Encryption algorithm like DES that use a key length of 56 bits is now considered absolutely insecure as software that exploit FPGA's and CUDA computational power are available and can break keys in a resonable time.

6.2. Dictionary Attacks

A dicitonary attack attempts the most likely keys. Expecially for the symmetric key algorithms where keys are selected by users, this approach can work better than Brute force attack.

6.3. Rainbow Tables

A rainbow table makes use of the available storage to compute (and store) plaintext-ciphertext correspondences ahead of time.

Pre-computation is indeed the technique used with rainbow table.

The important thing about rainbow table is the reduction function, that maps hashes to plaintexts. It is not an inverse function, but a reverse function, since the purpose of hash function is that inverse function cannot be made.

Example: We have our plaintext that is [14sd5], and the hashing function generate this hash: [c80e626c993af50dc505209bb13adf2]

the reduction function could be something that takes the first 5 characters from the hash, to create a new plaintext to hash ([c80e6])

6.4. Side Channel Attacks

Side channel attacks don't rely just on plaintext/ciphertext information to attack crypto algorithms.

They also take into account physical implementation including the hardware used to encrypt or decrypt data.

Time taken to perform an encryption, CPU cycles used, and even absorbed power variations during the algorithm can produce important information to a crypto analyst.

Many practical side channel attacks have been discovered. Some of them have been used in attack such as finding the GSM v1 SIM card encryption key. The attack was based on time taken to encrypt the data which slowly leads to build up the keys of the key.

The birthday attack is the attack that can discover collisions in hashing algorithms. It is based on birthday paradox, which states that if there are 23 people in the room, the odds are slightly greater than 50% that two will share the same birthday.

The key to understanding the attack is remembering that it is the odds of any 2 people (out of 23) sharing a birthday, and it is not the odds of sharing a birthday with a specific person.

In a room with 23 people there are 22 chances and one candidate. Let's call the candidate Tom. If Tom doesn't have the birthday date matching the one of the 22, leaves the room.

So now there are 21 people plus another candidate, let's call him Chris. If he fails to match with the 21 he leaves and so on.

22 pairs, plus 21 pairs, plus 20 ... plus 1 pair equals 253 pairs. Each pair has a 1/365 chance of having a matching birthday, and the odds of a match cross 50% at 253 pairs.

The birthday attack is most often used to attempt discover collisions in hash functions, such as MD5 or SHA1.

PreviousSecure Shell (SSH)NextSecurity Pitfalls

Last updated 4 years ago

Was this helpful?

This is what is called a .

chain
Free rainbow tables
Generator tool