Encryption Breaking Manual.

Discussion in 'Computer Science & Culture' started by Rick, Jan 26, 2003.

Thread Status:
Not open for further replies.
  1. Rick Valued Senior Member

    Messages:
    3,336
    I know this topic was asked before and i tried hard to explain Public key mechanisms here which was not well understood.
    I have colloected the stuff from Blacksun.box.sk and Securitywritersguild...

    Disclamer:I dont hold copyrights of above tutorial.I dont encourage Illegal Stuff.I intend to give this tutorial for Educational purposes.

    CONTENTS
    =======================================

    1. Introduction.
    2. Key Systems.

    2.1 Symmetric Key
    2.2 Public Key

    3. Digital Certificates.
    4. Hash Algorithms.
    5. Authentication.

    5.1 Usernames and Passwords
    5.2 Passcards
    5.3 Digital Signatures
    5.4 Checksum

    6. Biometrics.
    7. Steganography.
    8. Last Words.




    ___________________________________________________________________________________________

    _



    1.0 INTRODUCTION
    =======================================

    In recent times privacy and security has become increasingly important
    especially with newer technologies like wireless networking and the
    potential problems they represent. Encryption has always been an
    effective way to conceal information and before the digital era it was
    mostly used my governments such as the germans and americans during the
    second world war and has been seen as far back as the times of the great
    Roman Empire. There is alot of information that we would like to keep
    private like credit card and financial information and personal letters
    and conversations, encryption and the science of cryptography allows us
    to do this.


    2.0 KEY SYSTEMS
    =======================================

    There are two different kinds of systems used to handle encryption and
    convert data these are called Symmetric and Public key encryption.


    2.1 SYMMETRIC KEY
    =======================================

    Symmetric key encryption involves 2 computers on a network each with a
    "key" installed on it. This key allows each of the computers to decode
    the encrypted data that was sent to it. For example computer A is sending
    an encrypted packet to computer B for this example we will use a very
    simple kind of encryption, for every letter in the data we move down
    the alphabet 2 places A becomes C and B becomes D, using this information
    we can both encrypt and decrypt the information.

    Computer Symmetric Key Computer
    ======== ============= ========
    A --->----- Shift 2 places --->---- B

    Using the shift 2 places key A can send the message 'Hello' to B, Hello
    will be shifted by the key and B will recieve "Jgnnq" this just looks like
    gibberish until B looks at its key and it knows to shift the letters 2
    places, doing this B can see that it says Hello, of course this is a bit
    simplified but you can see how this method can be built upon to form
    greater, more sophisticated levels of encryption.


    2.2 PUBLIC KEY
    =======================================

    Public Key encryption relies upon 2 keys, the public key and the private key.
    The private key is held by your computer, when you want to send secure
    data between a computer and your own you give your public key to that person
    then every computer that wants to communicate with you has a copy of your
    public key. To decode any messages you send to those computers they must use
    a combination of both your public key and their own private key, this method
    of encryption is most popularly used with the encryption program pgp, you
    can get this software from www.pgp.com.

    Most computers use a mixture of symmetric and public key encryption because
    of the amount of processing that is required. When starting a secure connection
    the first computer uses a symmetric key and sends this to the second computer
    using public key encryption. The two computers then use symmetric encryption
    for the rest of the transaction. Once the session is completed the key is
    discarded and a new key must be created for all following sessions, this means
    that even if somehow a person gets your key, once the session has ended it wont
    matter and the key will be useless.


    3.0 DIGITAL CERTIFICATES
    =======================================

    Public Key encryption wouldn't be practical to use for applications such as
    web servers for online transactions, for this purpose Digital Certificates
    were developed. The digital certificate is a small file provided to each
    computer by an independent system called a certification body, this tells
    each computer that the other one is who it says it is and that it can be
    trusted, the certification body then sends the public keys of each computer
    to the other and they are free to communicate.

    The digital cert method is mostly used in SSL (Secure Sockets Layer). SSL
    was developed by netscape and quickly adopted for browser to web server
    communication, especially by sites dealing in e-commerce and financial trans-
    actions such as amazon.com or dabs.com.

    SSL is a part of larger security protocol called TLS (Transport Layer Security)
    which has a large backing from microsoft. In your web browser there is 2 tell
    tale signs that such precautions are in place, the first is the small pad-lock
    that appears in your status bar if it appears to be locked the site is secure,
    otherwise there is no security between your connection, another sign is the
    address in the bar at the top, if you had a secure transaction in place with
    blacksun's site your address bar would read https://blacksun.box.sk instead
    of the usual http:// beofore the address. You may also notice some Certificate
    or digitally signed alerts you recieve when you try to download certain software
    or access certain websites, this is just to tell you that the site *should*
    essentially be trustworthy altough the average web surfer wont have a clue what
    its talking about.


    4.0 HASH ALGORITHMS
    =======================================

    To get a public key we use a hash value, to get this value the computer uses
    an input value usually a large one like 12,537, then puts that number trough
    the hashing algorithm and we get an ouput, if we had a simple algorithm like
    multiply the input number by 124 we would end up with 1,554,588, it would be
    very hard to guess the original number was 12,537 unless you knew to divide
    the output by 124 to get the original number. Most Hash algorithms are much
    more sophisticated than this.

    Hash algorithms can be very long and use massive hash values, the level of
    encryption is measured by its hash value and this can go up to 128 bit numbers
    which would give us a hash value of anything between 2 to the power of 0 and
    2 to the power of 128, which in decimal terms is anywhere inbetween 0 and
    3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000.
    which would be a little more difficult

    Please Register or Log in to view the hidden image!

    .


    5.0 AUTHENTICATION
    =======================================

    Another option in computer security which is often used hand in hand with
    encryption is authentication systems. There are several different commonly
    used authentication systems including the following.


    5.1 USERNAMES AND PASSWORDS
    =======================================

    This method has been used for many years to gaurd the personal information
    and privacy of different users on a computer system or network. This is
    the most popular method and is in place in one form or another on every
    operating system to varying degrees of success. The computer encrypts the
    password and compares it with an earlier encrypted version of the users
    password, if the two files match then the password is correct. A password
    cracker operates by encrypting a series of words and comparing them with
    the password file, once it finds a match it alerts the user of the cracking
    software with both username and password.


    5.2 PASS CARDS
    =======================================

    There are several types of pass cards mostly used in offices, these range
    from standard swipe cards, similiar to credit cards they have a magnetic
    strip holding the users information, to smart cards containg a small chip,
    this method is used most commonly on the macintosh where you place a small
    card into the keyboard on the left, some software such as Quark Express
    uses this method to ensure that a licence for the software has been purchased.


    5.3 DIGITAL SIGNATURES
    =======================================

    Digital signatures are a form of public key encryption. The signer of the
    document(e-mail, text file etc..) uses his private key and a four part
    public key to digitally sign the document, the algorithm used is the
    Digital Signature Algorithm (DSA) which is endorsed by the US government.
    If any changes occur to the contents of the document after it has been
    signed the signature is rendered invalid.


    5.4 CHECKSUM
    =======================================

    Checksum methods arent usually used for security purposes but can be used
    as such. TCP/IP uses a checksum technique, it gets the size of the packet
    and stores it in a field within the header, on arrival to the remote computer
    it checks the size of the packet and then compares it with the value of the
    field within the header, if the 2 dont match, the packet is discarded this
    is usually because of errors or loss during transport but this and similiar
    methods can be used to ensure data is not altered by a person.


    6.0 BIOMETRICS
    =======================================

    Biometrics operate on the fact that every person has a certain unique
    set of features about them and these features are then used as a basis
    of authentification to that person. Biometric authentication can use
    several features of the person including,

    Face scan - Identifying a person based on the features of their face.
    Retina Scan - Identified upon the patterns of the eyes retina.
    Fingerprints - Identifies the person on their unique fingerprint.
    Voice Identification - Based upon levels and pitch of voice.
    DNS Fingerprinting - Not very common, checks the DNA structure from biological

    material.


    7.0 STEGANOGRAPHY
    =======================================

    Steganography is the process of storing information within common everyday
    material. This method is most commonly used with images such as gif or jpeg
    files however the technology has been extended to other areas such as mp3
    files or common internet traffic within the headers. There are many programs
    available across the internet for hiding information with steganogaphy.
    As an example of steganography heres an example of storing some information
    within normal web traffic:

    within the ip header theres a field called the ttl or Time-To-Live, which
    holds a numeric value, by storing the numerical value of an ascii characther
    we can send short messages 1 charachter at a time, the maximum value of an
    ascii characther is 255 so this value would not seem very uncommon so far as
    ttl fields in ordinary traffic. You would have to ensure the remote computer
    was on the same network so that the hop count could be predicted, move 1
    charachter up for each hop to handle the ttl being decremented. A better
    example would be to use icmp, icmp has alot of room left within its body
    as it doesnt usually carry a payload, by storing information with the payload
    of an icmp packet you could transfer information similiarly to normal traffic
    and it is uncommon for this to be checked or logged by systems, this could be
    further improved by encrypting the payload and this method is not bound by
    prolems such as calculating the hops and has much more room to transmit data,
    despite limitations heres an example of transmitting a word in ttl fields >>

    Packet-1
    192.62.4.1->192.62.4.2, win:512, ttl:72, id:20482
    (72 = 'H')

    Packet-2
    192.62.4.1->192.62.4.2, win:512, ttl:69, id:21436
    (69 = 'E')

    Packet-3
    192.62.4.1->192.62.4.2, win:512, ttl:76, id:22132
    (76 = 'L')

    Packet-4
    192.62.4.1->192.62.4.2, win:512, ttl:76, id:23019
    (76 = 'L')

    Packet-5
    192.62.4.1->192.62.4.2, win:512, ttl:79, id:24149
    (79 = 'O')

    Packet-6
    192.62.4.1->192.62.4.2, win:512, ttl:10, id:25218
    (10 = '\r\n'[Carriage return or New Line])

    This transfers H-E-L-L-O\r\n, which is of course the
    word hello, its terminated by a carriage return to
    track the end of each word.
    Table of Contents

    1.What is this text about?
    2.About Encryption and how it works
    3.About the Cryptography and PGP
    4.Ways of breaking the encryption
    -Bad pass phrases
    -Not deleted files
    -Viruses and trojans
    -Fake Version of PGP
    =--=--=--=--=--=--=--=--=


    1.What is this text about?
    -=-=-=-=-=-=-=-=-=-=-=-=-=
    In this text I'll explain you everything about encryption,what is it,PGP,
    ways that someone can read your encrypted files etc.Every hacker or
    paranoid should use encryption and keep the other from reading their
    files.The encryption is very important thing and I'll explain you how can
    someone break and decrypt your files.

    2.About Encryption and how it works
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    The Encryption is very old.Even Julius Caesar used it when he was
    sending messages because he didn't trust to his messengers.You see
    encryption is everywhere,when you watch some spy film you see
    there's always a computer with encrypted files or some film about hackers
    when the feds busted the hacker and they see all of the hacker's files are
    encrypted.

    When you have simple .txt file that you can read this is called "plain text".
    But when you use encryption and encrypt the file it will become unreadable
    by the time you don't enter the password.This text is called cipher text.
    The process of converting a cipher text into plain text is called decryption.

    Here's a little example:

    Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext

    This example shows you the way when you encrypt and decrypt a file.

    3.About the Cryptography and PGP
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Cryptography is science that use the mathematics to encrypt and decrypt data.This science
    let you keep your files and documents safe even on insecure networks like the Internet.
    The cryptography can be weak and strong.The best is of course the strong one.Even when you
    use all the computers in the world and they're doing billion operations in second you'll

    just need
    BILLIONS of years to decrypt strong encryption.

    PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your files and

    documents.
    It work in this way:

    When you encrypt one file with PGP,PGP first compress the file.This saves you disk space

    and modem
    transmition.Then it creates a session key.This session key works with a very secure and

    fast
    confidential encryption algorithm to encrypt the file.Then the session key is encrypted

    with the
    recipient's public key.
    PGP ask you for pass phrase not for password.This is more secure against the dictionary

    attacks
    when someone tries to use all the words in a dictionary to get your password.When you use
    pass phrase you can enter a whole phrase with upper and lowercase letters with numeric and
    punctuation characters.


    4.Ways of breaking the encryption
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    PGP has been written for people that want their files encrypted for people that want

    privacy.
    When you send an e-mail it can be read from other people if you use PGP only the person for

    who
    is the message will be able to read it.


    Now you know many things about PGP and the encryption but you may like to know can someone
    break it and read your private texts and files.In fact if you use all the computers in the

    world to
    decrypt a simple PGP message they'll need 12 million times the age of the universe to break

    it.
    You see this is the BEST the encryption is so strong noone can break it.
    The people that program it has done their work now everything depends on you.

    -Bad pass phrases
    *****************

    The algorithm is unbreakable but they're other ways to decrypt the text and read it.
    One of the biggest mistakes when someone writes his/her pass phrase is that the pass phrase

    is
    something like : "John" "I love you" and such lame phrases.Other one are the name of some

    friend
    or something like that.This is not good because this is pass phrase not password make it

    longer
    put numbers and other characters in it.The longer your pass phrase is the harder it will be

    guessed
    but put whole sentences even one that doesn't make sense just think in this way:
    Someone is brute-forcing thousands of pass phrases from a dictionary therefore my pass

    phrase
    should be someone that is not there in the dictionary something very stupid like:

    hEllowOrld33IjustwanTtoteLLtoev3ryon3thatI'maLamErandI'mahacKer666

    This is easy to remember because it's funny and there are only a few numbers but you may

    not use
    upper and lowercase characters.I hope you know will put some very good pass phrase and be

    sure
    noone will know it.

    Another mistake is that you may write the pass phase on a paper and if someone find it

    you'll loose
    it and he/she will be able to read your encrypted files.

    -Not deleted files
    ******************

    Another big security problem is how most of the operating systems delete files.So when you

    encrypt
    the file you delete the plain text and of course leave the encrypted one.
    But the system doesn't actually delete the file.It just mark those blocks of the disk

    deleted and free.
    Someone may run a disk recovery program and still see all the files but in plaintext.Even

    when you're
    writing your text file with a word editor it can create some temporary copies of it.When

    you close it
    these files are deleted but as I told you they're still somewhere on your computer.
    PGP has tool called PGP Secure Wipe that complete removes all deleted files from your

    computer
    by overwriting them.In this way you'll only have the encrypted files on your computer.

    -Viruses and Trojans
    ********************

    Another dangerous security problem are the viruses and the trojans.So when you infect with

    a
    trojan the attacker may run a key logger on your system.

    *Note
    A key logger is a program that captures all keystrokes pressed by you then saves them on

    your
    hard drive or send them to the attacker
    ***************************************
    So after the attacker run it he/she will be able to see everything you have written on your

    computer
    and of course with your PGP pass phrase.
    There are also a viruses designed to do this.Simpy record your pass phrase and send it back

    to the
    attacker.

    -Fake Version of PGP
    ********************

    Another security problem is the PGP source that is
    available so someone can make a fake copy of it that is recording your pass phase and
    sending it back to the attacker.The program will look real and it will work but it may also

    have
    functions you even don't know about.
    A way of defending of these security problems is to use a trojan and a virus scanner.You

    should
    also be sure your computer is clean from viruses and trojans when you install PGP and also

    be sure
    you get PGP from Network Associates Inc. not from some other pages.

    So now I hope you understand that PGP can't be braked but if you use it wisely and be sure
    your pass phrase is good one,you're not infected with viruses or trojans and you're using

    the
    real version of PGP you'll be secure.


    ADDED BY ZION
    *************************************************
    THANKS.
    BYE!
     
Thread Status:
Not open for further replies.

Share This Page