Scribd
Upload
17 views22 pages

Crypto 7

The document discusses different methods of cryptanalysis including ciphertext-only attacks, known-plaintext attacks, chosen-plaintext attacks, adaptive-chosen-plaintext attacks, and ciphertext-ciphertext attacks. It also covers password cracking tools like Crack and John the Ripper and how they can be used to detect weak passwords.

Uploaded by

y.y.kersh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views22 pages

Crypto 7

The document discusses different methods of cryptanalysis including ciphertext-only attacks, known-plaintext attacks, chosen-plaintext attacks, adaptive-chosen-plaintext attacks, and ciphertext-ciphertext attacks. It also covers password cracking tools like Crack and John the Ripper and how they can be used to detect weak passwords.

Uploaded by

y.y.kersh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

CRYPTOGRAPHY

LECTURE7: CRYPTANALYSIS

PROF. MAHMOUD M. ELKHOULY

Lec #1
Five Basic Methods for Cryptanalysis
• Ciphertext-only attack

• Known-plaintext attack

• Chosen-plaintext attack

• Adaptive-chosen-plaintext attack

• Ciphertext-ciphertext attack
Ciphertext-only attack
The key or plaintext is revealed exclusively by means of the ciphertext.
This method is the most difficult. If too little is known of the rules of
the ciphertext to be able to exploit them, only one obvious thing
remains: trying every possible key.
This is called brute-force attack (exploiting the key space; exhaustion
method). Often, however, it is sufficient to try just a few keys/
Known-plaintext attack
Part of the plaintext is known in addition to the ciphertext, and used to
reveal the remaining plaintext, normally by means of the key.
This is perhaps the most important cryptanalytic method, because it is
much more powerful than a ciphertext-only attack and normally
possible: the attacker guesses certain words in the text; the beginning
of the text is fixed; known, uncritical plaintexts are encoded with the
same key as confidential plaintexts, etc.
Chosen-plaintext attack
This is also a plaintext attack, except that the attacker can choose the
plaintext so that the attack becomes possible in the first place, or will
become easy.
Adaptive-chosen-plaintext attack
This is a repeated attack with selected plaintext, where the plaintext
deliberately introduced is selected dependent on the current state of
the cryptanalysis.
Algorithms used in ciphering devices with permanently burnt-in keys
have to be resistant against this sharpest method.
Ciphertext-ciphertext attack
The plaintext is encrypted with two different methods. The attacker can
exploit this in different ways.
In general, a method is already broken so that everything boils down to
a plaintext attack. Such an attack is always based on a ciphering error.
Good cryptographers use a different plaintext for each method.
Every Cryptographer Has to Be
a Good Cryptanalyst

Every cryptographer’s aim is naturally to design an algorithm that won’t


supply any practically usable results when cryptanalyzed.
This doesn’t necessarily mean that it can’t be cryptanalyzed at all.
It normally means that it would take too long (the encrypted information
might become worthless in the meantime), or that it would be too costly
to justify the value of the information.
Two important theorems in cryptography

1. It is virtually useless to want to develop a good encryption


algorithm if you don’t have a clue about cryptanalysis.

2. You will never make it on your own to exhaustively analyze an


encryption algorithm. An algorithm should first be disclosed
and then be discussed worldwide.
Cryptanalytic Approaches
1. We first need information on the plaintext, i.e., the goal to be
achieved:
• what language is the plaintext in (German, English, Chinese?);
• is it a file created by a word processor (which word processor?);
• is it a compressed file (which compression program?);
• is it a piece of recorded voice or images?
Each of these plaintexts has specific properties for which we can test
(have we achieved the goal?), and which we will exploit as
extensively as possible during the cryptanalysis.
2. look at the possible keys. There would be approximately 300
million possible keys if, say, passwords were composed of only six
uppercase letters. This number won’t pose any major problem to a fast
PC. However, we have to come up with a few very fast plaintext tests.
We will expediently test in several steps:
– To start with, let’s test the first 100 characters of the ‘plaintext’
created for forbidden characters.
– If this preliminary test was successful, let’s test roughly for letter
frequencies.
– Next, we test for forbidden diagrams.
– Then we run a comparison with a dictionary.
– Finally, we have to manually test the last 20 variants to see whether
or not they are meaningful.
PASSWORD CRACKING

• Password cracking is one of the oldest hacking arts. Every


system must store passwords somewhere in order to
authenticate users. However, in order to protect these passwords
from being stolen, they are encrypted. Password cracking is the
art of decrypting the passwords in order to recover them.
WHAT A PROGRAM CAN DO

• A password cracking program if used ethically can be used by


the system administrator to detect weak passwords amongst
the system so they can be changed.

• A password Cracking program is most likely used to check the


security of you’re your own system
CRACK

• Crack is a type of password cracking utility that runs through


combinations of passwords until it finds one that it matches.
It also scans the content of a password file looking for weak
login passwords.
JOHN THE RIPPER

• John the Ripper is a fast password cracker, currently available


for many flavors of Unix (11 are officially supported, not
counting different architectures), DOS, Win32, BeOS, and
OpenVMS. Its primary purpose is to detect weak Unix
passwords. (openfirewall.com)
JOHN THE RIPPER

• In order to run John the Ripper, we went to a site and downloaded the
documents for windows that gave instructions on how to run it. (this
included the password file, and other documents about john)
• To run John, we did the following:
Start >Accessories>Windows Explorer>My computer>John>
• In the command prompt, we typed:
– cd c:\John\john171w\john1701\run
-dir
-john386pass
• This invoked John
SLOWER HARDER
ALGORITHM EVOLUTION
• Many GPU and Memory hard cracking functions have been
available since DES became obsolete
• bcrypt released in 1999, de facto standard for BSD based ‘nix
• PBKDF2 – From RSA was released in 2000, with a
recommendation of iteration count at 1000 (now upwards of
100,000)
• Colin Percival released scrypt in 2009 – so called sequential
memory hard algorithm, designed to thwart ASICs used to brute
force passwords
THE GPU CRACKER –
ALL BETS ARE OFF

The challenger
• 6 GPUs
• 2 power supplies
• 2.7 Ghz Celeron CPU
• Total cost $3,000
• Cracks RACF DES at
Guesses as to H/S??
11.9 Billion Hashes / Sec
WHAT DOES 11BH/S MEAN TO YOU?

Your 8 char password is: Max time to brute force:


• Mixed + special (75) • 1 week
• Mixed case (65) • 1 day 13 hours
• 10 new special (49) • 7 hours 14 minutes
• Original (39) • 37 minutes
• Does not include password • Actual time to crack 50-75% of
rules / lists users would be far less
WEBSITES USED
• http://www.iss.net/security_center/advice/Underground/Ha
cking/Methods/Technical/crack/default.htm
• http://www.openwall.com/john/

You might also like