Week 6 Task Sheet

Rich Macfarlane

Week Date Teaching Attended

6 Feb 2013 Lab 8: Symmetric (Private key) Encryption,
and Hash Signatures.

Aim: The aim of these labs and exercises is to understand the concepts and use, of Symmetric
(Private-Key) Encryption – which is typically used to protect data confidentiallity, and Hash
Signatures – which can be used to protect data integrity, authentication, and confidentiality.

Time to complete:
4 hours (2 supervised hours in the lab, and 2 additional hours, unsupervised).

Activities:
Complete Lab 8: Symmetric Encryption & Hash Signatures.
.pdf from WebCT or http://www.dcs.napier.ac.uk/~cs342/CSN11102/Lab8.pdf
(Use Unit 3 – Encryption for reference while completing the lab)

 Complete End of Unit Tutorial questions for the Authentication chapter.

 The End Of Unit Test questions for the Authentication chapter at:
http://www.asecuritysite.com/security/tests/tests?sortBy=sfc04

Learning activities:
At the end of these activities, you should understand:
 Understand some of the basic methods of Symmetric (private-key) Encryption for
confidentiality.
 Understand the basic methods used in Hash Signatures.
 Understand the conversion of binary to the human readable Base-64 and Hexadecimal
encoding formats.

Reflective statements (end-of-exercise):

What is the main usage of hash signatures?
What are the main algorithms used in symmetric (private-key) encryption?
Which methods can be used to pass the private-key?
What is the fundamental difference between DES and RC4?
What is the weakness of the Diffie-Hellman method?

References:
Course Handbook - Unit 3 Encryption.

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 1

Lab 8: Symmetric Encryption (Private Key) and Hash
Algorithms
Rich Macfarlane, Prof. Bill Buchanan 2013

8.1 Details
Aim: To provide a foundation in data encryption using symmetric encryption algorithms, and hash
signatures generation algorithms.

8.2 Activities

5.3.1 Download and Install Hashing & Encryption C# Applications

The MS .NET framework provides excellent support for many encryption and hashing algorithms. If
Visual Studio is installed on your machine, download the following solution, which contains 2 C#
applications:
Hashing and Symmetric Encryption C# Applications:
http://www.dcs.napier.ac.uk/~cs342/CSN11102/SymEncryption.zip

Open the zip file, and extract the EncryptionLab folder to the Desktop using the Extract All
button.
From the Windows Desktop, open the C#.NET solution by double clicking the .sln file. Choose
the C# Development Settings if requested, and convert the code to the latest version of
C#.NET if required.
The solution should contain two applications. A windows console application
encryptionConsole and a Windows GUI Form application encryptionForm. The
encryptionConsole application should be set as the StartUp Application (highlighted in bold).

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 2

 The following code snippet is from the encryptionConsole application. Double click on
Class1.cs to view the code. The encryptionConsole application can encrypt text entered by the
user in a console window, using various hash and symmetric algorithms.

The .NET framework provides a number of cryptography classes. To help simplify using these
classes, we use code wrapper class XCryptEngine (pdwolf, 2003) which also implements
the BlowFish and TwoFish algorithms (not provided natively in C#).

// Create Cryptography Object.

XCryptEngine xe = new XCryptEngine();

// Choose an Encryption/Hash algorithm to use (only one algorithm at a time):

// Symmetric Encryption Algorithms.

xe.InitializeEngine(XCryptEngine.AlgorithmType.DES);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.TripleDES);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.BlowFish);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.Twofish);

// Hash Algorimths.
// xe.InitializeEngine(XCryptEngine.AlgorithmType.MD5);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.RC2);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.Rijndael);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.SHA);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.SHA256);

// Check if the algorithm needs a key.

string strKey = "";
if (xe.IsSymmetricAlgorithm)
{
// If Symmetric Encryption Algorithm is begin used, a single
// key to encrypt/decrypt the msg is used.
xe.Key = "SecretKey";
strKey = ", with Key: " + xe.Key;
}
else
{
// Hash algorithms do not use a key.
}

// Get the msg to encrypt/hash.

Console.WriteLine("Enter string to encrypt:");
string plainText = Console.ReadLine();

// Encrypt/Hash the text msg.

string encryptedText = xe.Encrypt(plainText);

// Decrypt the encrypted msg.

string decryptedText = xe.Decrypt(encryptedText);

Console.WriteLine("\r\nUsing Algorithm: {0}{1}",

xe.Algorithm.ToString(), strKey);
Console.WriteLine("\r\nPlaintext Msg: {0}\r\nEncrypted Msg:
{1}\r\nDecrypted Msg: {2}",
plainText, encryptedText, decryptedText);

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 3

 Run the Console Application. A sample run using the DES Symmetric Encryption Algorithm and
entering the plaintext “Cryptology is fun!” should produce results such as shown below:

By changing the C# code to use the SHA-1 Hash Algorithm gives:

Try some of the other Symmetric Encryption algorithms, and then some of the Hash
algorithms. Try Hashing and encrypting your name.

Questions

Q: What two fundamental difference between the two algorithms, does the output show?

Q: Which additional item, is needed by all encryption algorithms, but not hash algorithms?

(See Encryption Unit in the Module Handbook – Sections 3.4, 3.11 for reference)

Hash Algorithms such as MD5 and SHA-1, as well as Symmetric Encryption Algorithms such
as DES, 3DES. Symmetric Encryption Algorithms use a single secret key, to both encrypt and
decrypt a message, where hash algorithms only encrypt and do not need a key.

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 4

5.3.2 Hash Signatures

Hash Algorithms or Functions can be used in a wide variety of ways. For example, they can be used
for encryption to provide confidentiality such as with Password encryption, they can provide
integrity of messages, and are used extensively in digital forensics for file identification and evidence
integrity.
In the example below Bob creates a Hash Signature (or Digest) from some Plain Text, using a one
way Hash Algorithm. The generated signature cannot be unencrypted back into the Plain Text, so if
this was Bobs password Eve could not decrypt it.

Bob
fa1bfa14fa13fa12fa10fa1ffa14fa12
PlainText Hash Hash
Signature
Hash Algorithm used
to produce a Hash
Signature (or
Eve
Eve can capture but
Fingerprint) can’t decrypt one
(MD5, SHA) way Hash.

Figure 1 - Hash Signature Generation

Use the encryptionForm application, Hash Signatures tab, to compare the outputs from
the Hash Algorithms: MD5 (128-bit), SHA-1 (160-bit), SHA-256 (256-bit), SHA-384 (384-bit),
SHA-512 (512-bit) and complete the following table (only the first few characters of each hash
signature). The interface is shown below.

Note: To use the encryptionForm application, in the Solution Explorer, right click over
encryptionForm and choose SetAsStartUp Project.

Questions

Q: Can you fill out some of the following table for the two hash algorithms? (maybe just the first few
char’s)

Plaintext MD5 Signature SHA-1 Signature

a

password

Password

Some data in a longer string

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 5

This is a paragraph of text and
could be the contents of a file
This is a Paragraph of text and
could be the contents of a file

Questions

Q: What do you notice about the output from the hash algorithms, if you change only a single letter
even in a very long string?

Q: What do you notice about the output from the hash algorithms, regarding the length of signatures
for any single algorithm?

Q: Why might this be useful?

Q: How long is the MD5 signature output?

Q: How long would an MD5 signature of an entire HDD be?

Q: How long is the SHA signature output?

Figure 2 – Hash Algorithms Tab

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 6

Questions

Q: Complete the table below for the number of characters in the Hash Signatures output and the
length of the binary output, produced by each different Hash Algorithm:

MD5 SHA-1 SHA -256 SHA -384 SHA -512

Number of Char’s:

Number of Bits:

Questions

Q: What is the encoding format being used to display the Hash Signatures in the
encryptionForm?

Q: What relationship does the encoding type have with the length of the signature in binary?

(See Encryption Unit in the Module Handbook – Section 4.4)

5.3.3 Hash Signatures in HEX

Commonly we see Hash Signatures displayed in HEX encoding. To see the same MD5
signature displayed in HEX, we can add some code to the HEX Hash Sig’s button:

Double click on the Create HEX Hash Signatures button, and add the following code to the
button click event:

xe.InitializeEngine(XCryptEngine.AlgorithmType.MD5);
string encText = Base64ToHex(xe.Encrypt(tbTextToHash.Text));
tbMD5Hash.Text = encText + " - Len: " + encText.Length;

And, add the following method (somewhere after the method main so the button click event
can call it):

public static string Base64ToHex(string input)

{
StringBuilder sb = new StringBuilder();
byte [] inputBytes = Convert.FromBase64String(input);
foreach(byte b in inputBytes)
{
sb.Append(string.Format("{0:x2}", b));
}
return sb.ToString();
}

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 7

Questions

Q: What are the Hex and Base-64 hash signatures for “hack”?
Base-64 Signature Hex Signature

Check this against an online MD5 Hashing application:

MD5 online Hex Hash Signature Generator:
http://www.asecuritysite.com/Encryption/md5
or
http://pajhome.org.uk/crypt/md5/

Double click on the Create HEX Hash Signatures button, and add similar code for the other hash
algorithms, with code such as the following.
xe.InitializeEngine(XCryptEngine.AlgorithmType.SHA);
string encText = Base64ToHex(xe.Encrypt(tbTextToHash.Text));
tbSHAHash.Text = encText + " - Len: " + encText.Length;

xe.InitializeEngine(XCryptEngine.AlgorithmType.SHA256);
string encText = Base64ToHex(xe.Encrypt(tbTextToHash.Text));
tbSHA256Hash.Text = encText + " - Len: " + encText.Length;

Questions

Q: Complete the table below for the number of characters in the Hash Signatures output in hexfor
each different Hash Algorithm:

MD5 SHA-1 SHA -256 SHA -384 SHA -512

Number of Char’s:

Number of Bits:

Questions

Q: Why are the Hex and Base-64 hash signatures different lengths?

(See Encryption Unit in the Module Handbook – Section 4.4)

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 8

5.3.4 Symmetric Encryption for Confidentiality
Symmetric Encryption is typically used to protect confidentiality of communications. Bob creates a
Secret Key, and passes it to Alice. They can both now encrypt communications between them using
the Secret Key. The Encrypting and Decrypting of messages are done with the same Secret Key.

Bob
Alice

Secret Key 1. Generate and Secret Key

Pass Secret Key

Cipher Cipher
PlainText PlainText
CipherText CipherText
3. Decrypt using
2. Encrypt using same Symmetric
Symmetric Algorithm Algorithm
(DES, RC4, AES) (DES, RC4, AES)

Eve
Eve can capture
communications, but
can’t read contents

Figure 3 - Symmetric Encryption Process

Run the Form Application and switch to the Symmetric Encryption tab, as shown below.

Figure 4- Symmetric Encryption Tab

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 9
 Add some text to the Text to Encrypt textbox, and a secret key of “MyKey” to the both Secret
Key textboxes, and see if the program encrypts the text, and correctly decrypts it.

Questions

Q: Did the program encrypt and decrypt correctly?

Q: If you change the decryption key, does the program decrypt correctly?

Q: Reset the keys to the same value. If you now encrypt some text, then change the encrypted text,
does the program decrypt correctly?

Compare the Symmetric Algorithms: DES, 3DES, Blowfish, RC2 and complete the following
table (only the first few characters).
Text DES 3DES Blowfish RC2
A

Password

Password

Some data in a longer

string
This is a paragraph of
text and could be the
contents of a file
This is a Paragraph of
text and could be the
contents of a file

Q: What are the fundamental differences between Ciphertext generated by Hash Algorithms and the
Ciphertext generated by the Symmetric Algorithms?

Q: What is the main problem with symmetric encryption, in particular concerning Bob and Alice
having the same secret key?

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 10

5.3.5 Cryptanalysis
Cryptanalysis is the process of analysing and breaking cryptography algorithms. The following
code mimics a Known Plaintext Attack where the plaintext and ciphertext are known and the
object is to find the key.
To start with the code below uses a single character as an encryption key, and then searches
for the encryption key using brute force. Implement the code in a new project called
bruteForceConsole, or amend the encryptionConsole project.

using System;
using System.Collections.Generic;
using System.Text;
using XCrypt;

namespace bruteForceConsole
{
class Program
{
static void Main(string[] args)
{
// Create Cryptography Object.
XCryptEngine xe = new XCryptEngine();

// Choose an Encryption/Hash algorithm to use

// (only one algorithm at a time):

// Symmetric Encryption Algorithms.

xe.InitializeEngine(XCryptEngine.AlgorithmType.DES);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.TripleDES);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.BlowFish);
// xe.InitializeEngine(XCryptEngine.AlgorithmType.Twofish);

// If Symmetric Encryption Algorithm is begin used, a single

// key to encrypt/decrypt the msg is used.
xe.Key = "y";

// Get the msg to encrypt/hash.

Console.WriteLine("Enter string to encrypt:");
string plainText = Console.ReadLine();

// Encrypt the text msg.

string encryptedText = xe.Encrypt(plainText);

// Find the key using a brute force attack,

// checking each letter of the alphabet.
Console.WriteLine("\nTrying Key: ");
for (char ch ='a'; ch<='z'; ch++)
{
try
{
xe.Key=ch.ToString();
Console.WriteLine(xe.Key);

// Decrypt the encrypted msg.

string decryptedText = xe.Decrypt(encryptedText);

// If we have found the plainText, we know the key being used.

if (plainText == decryptedText)
{
Console.WriteLine("Encryption key found: {0}",xe.Key);
break;
}
CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 11
 }
catch {}
;
}
// Wait for Enter Key, before exiting.
Console.ReadLine();
}
} // End of Class
} // End of Namespace

Modify it so that it can brute force a 2-character encryption key, and then a 3 and then 4
character one.
(Hint: Nested for loops or a recursive function might help)

Q: Measure the approximate time it takes for the different key length searches:

Perform 5 test runs for each key length with randomly selected keys, measuring the approximate
time taken for each run.

Run 1 Run 2 Run 3 Run 4 Run 5

1 character:

2 characters:

3 characters:

4 characters:

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 12

Calculate an average time for each key length and graph the results below, with number of
characters on the x axis, and average time on the y axis.

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 13

Works Cited
pdwolf, 2003. XCrypt - encryption & decryption class wrapper. [Online]
Available at: http://www.codeproject.com/Articles/4797/XCrypt-encryption-decryption-class-
wrapper
[Accessed Oct 2011].

CSN111102 Symmetric Encryption & Hash Algorithms – Rich Macfarlane 14