CEH 20- Cryptography

By

What is Cryptography?

  • Cryptography is a process of converting plain text data (readable) into ciphertext (unreadable) data to protect confidentiality, so that unauthorized users cannot understand what is transmitted. 

  • Encryption algorithms are used to perform mathematical computation on data using the key and convert data to ciphertext. 

  • The algorithm that is chosen to perform encryption with some key can also be used for decryption. 

  • Decryption is the process of converting ciphertext to plaintext. 

  • Cryptography is used to protect the confidentiality of information shared on the internet such as email messages, chat sessions, web transactions, personal data, corporate data, e-commerce applications, etc.


Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Main Objectives of Cryptography:

1. Confidentiality: 

  • To ensure that private or confidential information is not made available or disclosed to unauthorized individuals.

2. Integrity: 

  • To ensure that an unauthorized individual does not tamper the information exchanged over the internet.

3. Availability: 

  • To ensure that services are not denied to authorized users.

Types of Cryptography: 

  • Based on the number of keys used for encryption they are classified into two types, 
  1. Symmetric Key Cryptography 
  2. Asymmetric Key Cryptography

1. Symmetric Encryption: 

  • Symmetric key algorithms use the same cryptographic key for both encryption and decryption. 

  • Algorithms: Data Encryption Standard (DES) and Advanced Encryption Standard

    (AES). 

  • These algorithms which uses a key at sender side for encryption, and the receiver uses the same key for decryption. 

  • To make two machines (sender and receiver) to communicate confidentially, they must first exchange the secret key so that each party can encrypt messages to send and decrypt messages to read. 

  • This process is known as key exchange. 

  • This key is shared between two parties over a secure channel. 

  • Based on input data these algorithms can be further divided into two categories:

  1. Block Ciphers: Block ciphers encrypt data one block at a time. 
  2. Stream Ciphers: Stream ciphers encrypt data byte by byte.
Note: The strength of any cryptographic algorithm depends on the secrecy of the key. If keys are not securely shared, then unauthorized parties can gain access to a secret key used for encryption and they can un-encrypt data and read every packet shared between two parties.

2. Asymmetric Encryption:

  • Asymmetric key algorithms use two different keys known as a public key and a private key for encryption and decryption. 

  • The sender and receiver generate a private key which is kept secret (not shared with anyone) and a public key which is shared with other parties. 

  • In case of asymmetric algorithms, senders encrypt messages using the receiver's public key. 

  • The receiver's private key can only decrypt this encrypted message. 

  • In this manner, it ensures that both the confidentiality and integrity of information are preserved. 

Cipher: 

  • In cryptography, a cipher is an algorithm that performs encryption or decryption in a series of well-defined steps that can be followed as a procedure. 
  • Ciphers are classified based on input data, a number of keys used for encryption.

1. Classical Ciphers: 

  • Classical ciphers are cryptographic algorithms that have been used in the past (practically computed and solved manually). 
  • Classical ciphers are often divided into substitution ciphers and transposition ciphers.

I. Substitution cipher: 

  • In a substitution cipher, letters are systematically replaced throughout the message for other letters. 
  • In these cipher method mono-alphabetic substitution ciphers, where just one cipher alphabet is used. 
  • Poly-alphabetic substitution cipher, where multiple cipher alphabets are used.

II. Transposition ciphers: 

  • In a transposition cipher, the letters themselves are kept unchanged, but their order within the message is scrambled. 
  • Many transposition ciphers are done according to geometric design.

2. Modern Ciphers: 

  • Modern ciphers are designed based on various concepts of mathematics such as number theory, computational complexity theory, and probability theory. 
  • It needs the computational power to encrypt and decrypt the data. 
  • Modern encryption methods are divided into two type based on input data (Block and Stream ciphers), and a number of keys (secret key and public key) used. 

Hash Function: 

  • A hash function performs a series of mathematical operations to convert input data into a fixed length alphanumeric characters. 

  • The input to the hash function is an arbitrary length, but the output is always of fixed length. 

  • A plaintext can be converted into hashed text, but hashed text cannot be converted into plaintext.

Features of Hash Functions: 

  1. Fixed Length Output: Hash function converts data of arbitrary length to a fixed length. 

  2. The efficiency of Operation: Computationally hash functions are much faster than asymmetric encryption.

Examples of Hash Functions: 

  • Hashed Message Authentication Code (HMAC): Combines authentication via a shared secret with hashing. 

  • Message Digest 2 (MD2): Byte-oriented, produces a 128-bit hash value from an arbitrary-length message, designed for smart cards. 

  • MD4: Similar to MD2, designed specifically for fast processing in software. 

  • MD5: Similar to MD4 but slower because the data is manipulated more. 

  • Secure Hash Algorithm (SHA): Modeled after MD4 and proposed by NIST for the Secure Hash Standard (SHS), produces a 160-bit hash value.

Steganography

  • Steganography is an art of hiding a secret message within an ordinary message and extracting it at the destination to maintain the confidentiality of data. 
  • The program named ‘snow’ is used to conceal messages in ASCII text by appending whitespace to the end of lines. 
  • There are different tools that can hide text in pictures so that to retrieve the hidden secret message the receiver must use the same tool as sender used to hide the text message. 
  • Steganalysis is the art of discovering and rendering secret messages using steganography.

Cryptography Attacks:

  • Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information. 
  1. Chosen plaintext 
  2. Adaptive chosen plaintext attack 
  3. Known plaintext 
  4. Known ciphertext
  5. Chosen ciphertext 
  6. Chosen key 
  7. Rubber cosh cryptanalysis
  • Brute force attack is a process of defeating a cryptographic scheme by trying a large number of possible keys until the correct encryption key is discovered.

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more