1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from "Capture The Flag" contests and their respective write-ups. Individuals who are already acquainted (or are into CTFs) with this field can use Crypton as a tool to solve challenges based on a particular existing vulnerability.
The library will be continuously updated with attack explanations and CTF challenges!

WARNING: The author in no way guarantees that the code is secure. The library is only meant for educational purposes and the code should not be used for implementing in real world. All the example scripts in the library are trivial implementations.

There are different sections in this README:
  • Motivation- What motivated me to create this library
  • Library Structure- Directory structure of Crypton
  • Domain Coverage- What all cryptosystems and attacks are covered in this library
  • Future Plans/TODO- Attacks/concepts that are to be included soon

Motivation
Help CTF players and individuals interested in the field of Cryptography provide a platform for learning attacks in crypto and for experienced CTF players to practice challenges systematically divided into attacks associated with different sub-domains in crypto. Also, illustrate through various attack explanations how proper implementation of protocols is crucial.

Library Structure


Domain Coverage

1. Block Ciphers
S.No. Topic Explanation Impl./Exploit Challenge#
1 Block Cipher Basics- working of block ciphers, padding etc. [link]

2 Modes of Encryption- different modes of operation on block ciphers: ECB, CBC, CTR [link]

3 Block Size Detection- detect blocksize of a block cipher encrypting data on a remote service [link]

4 Mode Detection- detect type of mode of encryption: independent or dependent encryption of blocks [link]

5 ECB Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode [link]
[link]
6 CBC IV Detection- detect the value of Initialisation Vector on a remote service that is encrypting our input using a block cipher in CBC mode [link] [link]
7 CBC Bit Flipping Attack- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode [link]
[link]
8 CBC Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode [link] [link]
9 CBC Padding Oracle Attack- decryption of data encrypted by a vulnerable service providing encryption/decryption [link]
[link]
10 CTR Bit Flipping- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode [link]
[link]

2. RSA Encryption
S.No. Topic Explanation Impl./Exploit Challenge#
1 Unpadded RSA Enc/Dec- key generation, distribution, encryption/decryption, verification of decryption formula and padding in RSA [link]

2 Direct Root Attack- attack on unpadded RSA with low public key exponent [link]

3 Fermat's Factorisation- technique used to factor modulus n when p and q values are in proximity [link] [link] [link]
4 Pollard's p-1 Factorisation- technique to factorise n when both of it's factors p & q, p-1 and q-1 have very small prime divisors [link] [link] [link]
5 Common Modulus Attack- decrypt ciphertext when it's corresponding plaintext is encrypted two different times with the same modulus n [link] [link] [link]
6 Common Prime Attack- retrieve factors of moduli n1 and n2 when they have a common factor  [link]
 [link]
7 Wiener's Attack- get value of decryption key exponent d when d < N0.25 [link] [link] [link]
8 Wiener's Attack Variant- get value of decryption key exponent d when d is a few bits greater than N0.25 or d < N0.25 [link]  [link]  [link]
9 Coppersmith's Attack- coppersmith's theorem, attack on stereotyped messages and factoring n with high bits known [link] [link] [link]
10 Franklin Reiter Related Message Attack- attack to retrieve related messages encrypted using the same modulus [link]  [link]  [link]
11 Hastad's Broadcast Attack- with extension- attack to retrieve a message broadcasted among different people, encrypted using same exponent but different moduli  [link] [link]- script needs to be fixed [link]
12 PKCS1-v1.5-Padded-RSA-Encryption/Decryption- ASN1 encoding, padded RSA encryption (needs to be fixed)


13 Intro-RSA-Challenges- basic challenges in RSA related to Number Theory [link]
 [link]

3. Message Authentication Codes (MACs)
S.No. Topic Explanation Impl./Exploit Challenge#
1 Message Authentication Code- internals and security analysis of MACs [link]

2 CBC MAC Forgery- generating two message M1 and M2 having the same CBC-MAC authentication tag [link]
 [link]
3 Length Extension Attack on CBC-MAC- generate a valid authentication tag of message M1 || M2 (concatenation) given MAC(M1) [link] [link]

4. Discrete Logarithm Problem
S.No. Topic Explanation Impl./Exploit Challenge#
1 DLP- cyclic groups, discrete logarithm problem, Baby-Step-Giant-Step algorithm [link]
 [link]
2 Elliptic Curve DLP- defining identity element, inverse of a point, cyclic groups over points on an EC, Hasse's theorem, ECDLP [link]


5. ElGamal Encryption
S.No. Topic Explanation Impl./Exploit Challenge#
1 ElGamal Cryptosystem- Encryption/Decryption- key generation, encryption, decryption in ElGamal Cryptosystem [link] [link] [link]

6. Authenticated Encryption (AE)
S.No. Topic Explanation Impl./Exploit Challenge#
1 AE basics & internals- working of authenticated encryption [link]

2 AE with MACs- different techniques of implementing AE with MACs: Encrypt and MAC, MAC then encrypt and encrypt then MAC [link]

3 Authenticated Ciphers  [link]

4 AE with Associated Data  [link]

5 AES-GCM- encryption in AES-GCM, Wegman-Carter MAC [link] [link]
6 Forbidden Attack on AES-GCM- attack on AES-GCM due to nonce-reuse  [link]
[link]

7. Elliptic Curves
S.No. Topic Explanation Impl./Exploit Challenge#
1 Elliptic Curve Internals- defining Elliptic Curves, point addition, point doubling and scalar multiplication [link]


8. Digital Signatures
S.No. Topic Explanation Impl./Exploit Challenge#
1 ElGamal Signatures- key generation, signature generation, signature verification and correctness of ElGamal Signature scheme [link] [link] [link]
2 Elliptic Curve DSA- signature generation, signature verification and correctness of signature algorithm [link]

3 Attack k-reuse ECDSA- forging of ECDSA signatures due to reuse of k  [link]

4 Unpadded RSA Digital Signatures- signature generation and verification in RSA digital signature scheme [link] [link]
5 PKCS1-v1.5 padded RSA Digital Signatures [link]  [link]
6 e=3 Bleichenbacher's Attack [link]  [link]  [link]

TODO
  1. RSA Encryption
    • Chosen Ciphertext Attack on RSA Cryptosystem- Byte by Byte decryption
    • Padding Oracle Attack on PKCS1 padded RSA encryption systemat
    • Fermat's Factorisation
      • Sieve Improvement
    • Coppersmith's Attack
      • Boneh Durfee Attack
    • Hastad's Broadcast Attack
      • Implementation of HBA on padded messages
    • PKCS1-v1.5 Padded RSA encryption
  2. [More to be added]

Author
Ashutosh Ahelleya


...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms






Ähnliche Beiträge

  • 1. Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms vom 4160.48 Punkte ic_school_black_18dp
    Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated E
  • 2. Azure Marketplace new offers – Volume 28 vom 325.53 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 17 to November 30, 2018, 80 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CloudflareAz
  • 3. UACME - Defeating Windows User Account Control vom 307.56 Punkte ic_school_black_18dp
    Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 (client, some methods however works on server version too). Admin account with UAC set on default settings required. UsageRun executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See "Run examples" below for more info.F
  • 4. Azure Marketplace new offers – Volume 27 vom 291.05 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 1 to November 16, 2018, 61 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CIS Ubuntu L
  • 5. Announcing .NET Core 3.0 vom 240.17 Punkte ic_school_black_18dp
    Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is also
  • 6. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors vom 216.34 Punkte ic_school_black_18dp
    Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bur
  • 7. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors vom 211.72 Punkte ic_school_black_18dp
    Original release date: April 27, 2017 | Last revised: May 14, 2017Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurrin
  • 8. TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure vom 197.34 Punkte ic_school_black_18dp
    Original release date: June 13, 2017 | Last revised: August 23, 2017Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal B
  • 9. TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors vom 193.26 Punkte ic_school_black_18dp
    Original release date: October 20, 2017 | Last revised: October 23, 2017Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Securi
  • 10. PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS vom 185.83 Punkte ic_school_black_18dp
    A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will acc
  • 11. Announcing .NET Core 3 Preview 1 and Open Sourcing Windows Desktop Frameworks vom 179.51 Punkte ic_school_black_18dp
    Today, we are announcing .NET Core 3 Preview 1. It is the first public release of .NET Core 3. We have some exciting new features to share and would love your feedback. You can develop .NET Core 3 applications with Visual Studio 2019 Preview 1, Visual Stu
  • 12. Introducing Adiantum: Encryption for the Next Billion Users vom 176.12 Punkte ic_school_black_18dp
    Posted by Paul Crowley and Eric Biggers, Android Security & Privacy Team Storage encryption protects your data if your phone falls into someone else's hands. Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic accelerat