https://hackepedia.org/api.php?action=feedcontributions&user=Pbug&feedformat=atomHackepedia - User contributions [en]2024-03-29T04:43:15ZUser contributionsMediaWiki 1.35.0https://hackepedia.org/?title=Delphinusdnsd&diff=5719Delphinusdnsd2023-06-05T12:50:12Z<p>Pbug: </p>
<hr />
<div>{<br />
"move": {<br />
"from": "Delphinusdnsd",<br />
"to": "Wildcarddnsd",<br />
"reason": "wrong title",<br />
"talkfrom": "Talk:delphinusdnsd",<br />
"talkto": "Talk:wildcarddnsd"<br />
}<br />
}</div>Pbughttps://hackepedia.org/?title=Delphinusdnsd&diff=5718Delphinusdnsd2023-06-05T12:49:47Z<p>Pbug: </p>
<hr />
<div><move new_ns="0" new_title="Wildcarddnsd" suppressredirect="" /><br />
{<br />
"move": {<br />
"from": "Delphinusdnsd",<br />
"to": "Wildcarddnsd",<br />
"reason": "wrong title",<br />
"talkfrom": "Talk:delphinusdnsd",<br />
"talkto": "Talk:wildcarddnsd"<br />
}<br />
}</div>Pbughttps://hackepedia.org/?title=Delphinusdnsd&diff=5717Delphinusdnsd2023-06-05T12:46:25Z<p>Pbug: Created page with "<move new_ns="0" new_title="Wildcarddnsd" suppressredirect="" />"</p>
<hr />
<div><move new_ns="0" new_title="Wildcarddnsd" suppressredirect="" /></div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5716Wildcarddnsd2023-06-05T12:43:03Z<p>Pbug: </p>
<hr />
<div>Wildcarddnsd/Delphinusdnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and [[NetBSD]], a port for Windows is in future plans.<br />
<br />
The [https://gotweb.delphinusdns.org old commit] sources can be found at gotweb.delphinusdns.org.<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old. In November 2025 (2.5 years at time of this writing) delphinusdnsd will be 20 years old.<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support. Both of these were implemented at the time of this writing (June 5th, 2023)<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5715Wildcarddnsd2023-06-05T12:42:03Z<p>Pbug: </p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and [[NetBSD]], a port for Windows is in future plans.<br />
<br />
The [https://gotweb.delphinusdns.org old commit] sources can be found at gotweb.delphinusdns.org.<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old. In November 2025 (2.5 years at time of this writing) delphinusdnsd will be 20 years old.<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support. Both of these were implemented at the time of this writing (June 5th, 2023)<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5714Wildcarddnsd2023-06-05T12:39:02Z<p>Pbug: /* Name change */</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old. In November 2025 (2.5 years at time of this writing) delphinusdnsd will be 20 years old.<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support. Both of these were implemented at the time of this writing (June 5th, 2023)<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5713Wildcarddnsd2023-06-05T12:38:41Z<p>Pbug: /* DNSSEC */</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org | delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old. In November 2025 (2.5 years at time of this writing) delphinusdnsd will be 20 years old.<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support. Both of these were implemented at the time of this writing (June 5th, 2023)<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5712Wildcarddnsd2023-06-05T12:37:53Z<p>Pbug: /* 10 Year Anniversary */</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org | delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old. In November 2025 (2.5 years at time of this writing) delphinusdnsd will be 20 years old.<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support.<br />
<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5711Wildcarddnsd2023-06-05T12:37:06Z<p>Pbug: /* Name change */</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[https://delphinusdns.org | delphinusdns.org]<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old.<br />
<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support.<br />
<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5710Wildcarddnsd2023-06-05T12:36:16Z<p>Pbug: /* Development */</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible. Later pledge and unveil were added as well as other goodies found in OpenBSD<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[http://delphinusdns.centroid.eu delphinusdnsd]<br />
<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old.<br />
<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support.<br />
<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5683Cryptography2018-12-28T08:40:15Z<p>Pbug: /* One way hashing */ bitcoin</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
<br />
=== Cryptography found on the Internet ===<br />
<br />
At first the Internet was a plaintext organism. As time progressed more parts were encrypted or digitally signed.<br />
<br />
* DNSSEC (DNS security involving signing resource records with assymetric encryption)<br />
* IPSEC (layer 3 security)<br />
* TLS (application layer security)<br />
* SSH (Secure Shell)<br />
<br />
In 2016 it's hard to fathom doing business on unencrypted sites on the Internet.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
Bitcoin uses one way hashing. The hash method they use is SHA256. Perhaps bitcoin was made by the NSA in order to let the "market" find fast hardware hashers in order to break SHA256 in a large setup (Just my opinion).<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Currently since 2018 there have been three major Quantum Computer makers and the reports and hype around these has died down a little. These forementioned are IBM, Google and Intel, who have quantum computers with 50, 72 and 49 qubits (respectively). Judging by D-WAVE quantum annealers' price these could cost between 20 million and 50 million dollars to make. The key marketing term is "quantum supremacy" when a quantum computer is able to leave classical computers behind in terms of processing power.<br />
<br />
The first Post-Quantum Informational RFC came out in May 2018, as RFC 8391 (XMSS). As companies try to break RSA (Shor's algorithm) this may become more important. I don't know of any implementations in open source which use XMSS yet (time of writing 2019).<br />
<br />
In Europe. ZITIS (german government cracker) announced they would purchase an IBM quantum computer to break RSA. Either this is FUD or these machines are capable of such a thing. We don't know for sure. A 100 qubit Quantum computer is planned to be made in Europe under a consortium of Universities and Institutes.<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the (random) key.<br />
<br />
Random numbers are also used in [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles Merkle's puzzles].</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5682Cryptography2018-12-28T08:25:25Z<p>Pbug: /* Post-Quantum Cryptography */ it's 2 years later (still) happy new year 2019</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
<br />
=== Cryptography found on the Internet ===<br />
<br />
At first the Internet was a plaintext organism. As time progressed more parts were encrypted or digitally signed.<br />
<br />
* DNSSEC (DNS security involving signing resource records with assymetric encryption)<br />
* IPSEC (layer 3 security)<br />
* TLS (application layer security)<br />
* SSH (Secure Shell)<br />
<br />
In 2016 it's hard to fathom doing business on unencrypted sites on the Internet.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Currently since 2018 there have been three major Quantum Computer makers and the reports and hype around these has died down a little. These forementioned are IBM, Google and Intel, who have quantum computers with 50, 72 and 49 qubits (respectively). Judging by D-WAVE quantum annealers' price these could cost between 20 million and 50 million dollars to make. The key marketing term is "quantum supremacy" when a quantum computer is able to leave classical computers behind in terms of processing power.<br />
<br />
The first Post-Quantum Informational RFC came out in May 2018, as RFC 8391 (XMSS). As companies try to break RSA (Shor's algorithm) this may become more important. I don't know of any implementations in open source which use XMSS yet (time of writing 2019).<br />
<br />
In Europe. ZITIS (german government cracker) announced they would purchase an IBM quantum computer to break RSA. Either this is FUD or these machines are capable of such a thing. We don't know for sure. A 100 qubit Quantum computer is planned to be made in Europe under a consortium of Universities and Institutes.<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the (random) key.<br />
<br />
Random numbers are also used in [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles Merkle's puzzles].</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5681OpenBSD2017-08-24T08:18:44Z<p>Pbug: /* OpenBSD 6.2 */</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 6.2 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 6.2:<br />
<br />
Since version 6.0 OpenBSD does not sell any more CD's. OpenBSD<br />
operates on donations only, please consider a donation. Donations<br />
can be made directly to Theo de Raadt or the [http://openbsdfoundation.org OpenBSD Foundation].<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
* LibreSSL, because noone before looked at OpenSSL (different affiliation)<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5680OpenBSD2017-08-24T08:16:54Z<p>Pbug: /* OpenBSD 5.6 */ to 6.2-beta</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 6.2 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 6.2:<br />
<br />
Since version 6.0 OpenBSD does not sell any more CD's. OpenBSD<br />
operates on donations only, please consider a donation.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
* LibreSSL, because noone before looked at OpenSSL (different affiliation)<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5679Cryptography2016-06-04T17:35:42Z<p>Pbug: /* Cryptography found in UNIX */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
<br />
=== Cryptography found on the Internet ===<br />
<br />
At first the Internet was a plaintext organism. As time progressed more parts were encrypted or digitally signed.<br />
<br />
* DNSSEC (DNS security involving signing resource records with assymetric encryption)<br />
* IPSEC (layer 3 security)<br />
* TLS (application layer security)<br />
* SSH (Secure Shell)<br />
<br />
In 2016 it's hard to fathom doing business on unencrypted sites on the Internet.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the (random) key.<br />
<br />
Random numbers are also used in [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles Merkle's puzzles].</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5678Cryptography2016-06-04T17:20:20Z<p>Pbug: /* Random Numbers */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the (random) key.<br />
<br />
Random numbers are also used in [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles Merkle's puzzles].</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5677Cryptography2016-06-04T17:16:21Z<p>Pbug: /* Random Numbers */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the key.<br />
<br />
Random numbers are also used in [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles Merkle's puzzles].</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5676Cryptography2016-06-04T16:36:11Z<p>Pbug: /* Post-Quantum Cryptography */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher data, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the key.</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5675Cryptography2016-06-04T16:28:36Z<p>Pbug: /* Post-Quantum Cryptography */ random numbers</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).<br />
<br />
<br />
=== Random Numbers ===<br />
<br />
Random Numbers in cryptography are important. Pretend you have a Symmetric/Assymetric hybrid program (could be TLS or SSH) that exchange a secret session key. This session key is often made with an OS's Pseudo-Random-Number-Generator (PRNG). If the random numbers are predictable in any form the encryption is weakened and crackable by someone who can guess the random number. Since computers are predictable machines (they have to be in order to perform the same for any program) it's very hard to get randomness right. OS's try all sorts of tricks to find numerous sources of [[entropy]] that they can combine. They often also try to cryptographically scramble a random number. This could be done by encrypting a pool of random numbers and forgetting/throwing away the key.</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5674Cryptography2016-06-04T15:49:20Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275v3 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5673Cryptography2016-06-04T15:43:47Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 ($1$ salt) || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5672Cryptography2016-06-04T15:42:46Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. The following graph tries to give a comparison of 2 computers over time, but we lost the original benchmark program so it's not a fair comparison:<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5671Cryptography2016-06-04T15:40:24Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. <br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880 (?)<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 (openssl) || 1 || 5,457,752<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5670Cryptography2016-06-04T15:35:01Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. <br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || MD5 || 1 || 12,869,871 (?)<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || Blowfish 12 rounds || 1 || 3<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5669Cryptography2016-06-04T15:18:02Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. <br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of threads !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5668Cryptography2016-06-04T15:17:22Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. <br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of cores !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || MD5 || 1 || 1880<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || Blowfish 12 rounds || 1 || 2<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5667Cryptography2016-06-04T15:14:19Z<p>Pbug: /* One way hashing */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. <br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto"<br />
|+ Computer speeds in cryptographic hashing<br />
|-<br />
!Computer type !! OS !! Year !! Hash type !! No. of cores !! Count of hashes<br />
|-<br />
| amd64 3500+ || OpenBSD || 2005 || UNIX crypt() || 1 || 121,000<br />
|-<br />
| Xeon E3-1275 || OpenBSD || 2016 || UNIX crypt() || 1 || 313,921<br />
|}<br />
<br />
<br />
So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5666Cryptography2016-06-04T14:32:27Z<p>Pbug: /* Post-Quantum Cryptography */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand is an attempt to be able to encipher, on classic computers, that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5665Cryptography2016-06-04T14:31:26Z<p>Pbug: /* Attacks on cryptography */ post-quantum cryptography</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.<br />
<br />
<br />
=== Post-Quantum Cryptography ===<br />
<br />
Recently standards bodies in the US have called for post-quantum cryptography to be implemented. This is what we understand an attempt to be able to encipher on classic computers that can withstand an attack performed by a quantum computer. I think the goal is to have a few decades worth of crypt-strength so that medium-long term secrets can be kept secret. This is very new stuff to be writing about so forgive us if we make mistakes. We aren't at the forefront of using quantum computers anyhow which still cost a few million dollars for a D-WAVE system. Google is said to be building a quantum computer based on ideas gained from D-WAVE systems and they are about 2 years away (time of writing 2016).</div>Pbughttps://hackepedia.org/?title=File:Onemillion.png&diff=5664File:Onemillion.png2016-03-01T19:02:25Z<p>Pbug: 2 million views</p>
<hr />
<div>2 million views</div>Pbughttps://hackepedia.org/?title=Main_Page&diff=5661Main Page2015-12-22T08:21:55Z<p>Pbug: </p>
<hr />
<div>[[File:Onemillion.png]]<br />
<table width="87%" cellspacing="3" cellpadding="4"><br />
<tr><td rowspan="2" width="56%" valign="top" bgcolor="#d7e7fa" style="border:1px solid #CEDEF4; padding:1em;padding-top:0.2em; color: black;"><br />
The rough idea for this site was to create and provide answers to commonly asked questions and those that aren't currently answered online. It is maintained by hackers. If you do not understand a term, look it up at [http://www.wikipedia.org Wikipedia]. If you've come here to find answers or examples, hopefully you will find them. If you have an answer or example, we hope that you will leave those as well. Accounts are free, the only reason we require an email address to register here is to prevent the spam bots from hitting our site. <br />
<br />
Ideally everything recommended here is free, open source, and works on most operating systems. If you see a page that you could make easier to understand for most readers, or would like to create one that follows this philosophy, please help us out, accounts are free!<br />
<br />
You may have also been sent here because you're new to the [[internet]], or would like to learn the etiquette.<br />
<br />
A few pages to get you started:<br />
<br />
*[[Manual]]<br />
*[[Socket]]<br />
*[[Cider]]<br />
*[[Bytes]]<br />
*[[Satellites]]<br />
<br />
<br />
<br />
On December 8, 2012 we reached our first million views. It is predicted that we'll reach<br />
two million views around April 1, 2016.<br />
<br />
</td><td width="24%" valign="top" bgcolor="#e7f7e7" style="border:1px solid #BAD0EF; padding: 1em; padding-top: 0.5em; color: black;"><br />
'''Major Categories'''<br />
{{MajorCategories}}<br />
<br />
</td></tr><br />
</table><br />
<br />
Please see [http://meta.wikipedia.org/wiki/MediaWiki_i18n documentation on customizing the interface]<br />
and the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for usage and configuration help.</div>Pbughttps://hackepedia.org/?title=Main_Page&diff=5660Main Page2015-12-22T08:21:00Z<p>Pbug: 2 million views</p>
<hr />
<div>[[File:Onemillion.png]]<br />
<table width="87%" cellspacing="3" cellpadding="4"><br />
<tr><td rowspan="2" width="56%" valign="top" bgcolor="#d7e7fa" style="border:1px solid #CEDEF4; padding:1em;padding-top:0.2em; color: black;"><br />
The rough idea for this site was to create and provide answers to commonly asked questions and those that aren't currently answered online. It is maintained by hackers. If you do not understand a term, look it up at [http://www.wikipedia.org Wikipedia]. If you've come here to find answers or examples, hopefully you will find them. If you have an answer or example, we hope that you will leave those as well. Accounts are free, the only reason we require an email address to register here is to prevent the spam bots from hitting our site. <br />
<br />
Ideally everything recommended here is free, open source, and works on most operating systems. If you see a page that you could make easier to understand for most readers, or would like to create one that follows this philosophy, please help us out, accounts are free!<br />
<br />
You may have also been sent here because you're new to the [[internet]], or would like to learn the etiquette.<br />
<br />
A few pages to get you started:<br />
<br />
*[[Manual]]<br />
*[[Socket]]<br />
*[[Cider]]<br />
*[[Bytes]]<br />
*[[Satellites]]<br />
<br />
On December 8, 2012 we reached our first million views. It is predicted that we'll reach<br />
two million views on April 1, 2016.<br />
<br />
</td><td width="24%" valign="top" bgcolor="#e7f7e7" style="border:1px solid #BAD0EF; padding: 1em; padding-top: 0.5em; color: black;"><br />
'''Major Categories'''<br />
{{MajorCategories}}<br />
<br />
</td></tr><br />
</table><br />
<br />
Please see [http://meta.wikipedia.org/wiki/MediaWiki_i18n documentation on customizing the interface]<br />
and the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for usage and configuration help.</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5658Wildcarddnsd2015-11-24T15:33:20Z<p>Pbug: </p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible.<br />
<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[http://delphinusdns.centroid.eu delphinusdnsd]<br />
<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old.<br />
<br />
<br />
== DNSSEC ==<br />
<br />
The next release of delphinusdnsd will have DNSSEC support. And maybe even TLSA support.<br />
<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5657Wildcarddnsd2015-11-24T15:25:52Z<p>Pbug: </p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible.<br />
<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[http://delphinusdns.centroid.eu delphinusdnsd]<br />
<br />
<br />
== 10 Year Anniversary ==<br />
<br />
In November 2015 delphinusdnsd is 10 years old.<br />
<br />
<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=User:Pbug&diff=5656User:Pbug2015-11-24T15:24:23Z<p>Pbug: </p>
<hr />
<div>* Born in Germany 1976.<br />
* Immigrated to Canada 1987.<br />
* Returned to Germany 2002.<br />
* First used UNIX in 1995, QNX in 1993.<br />
* Knows Yashy through IRC.<br />
* Is still found on IRC at times.<br />
* wrote [[wildcarddnsd|delphinusdnsd]]</div>Pbughttps://hackepedia.org/?title=User:Pbug&diff=5655User:Pbug2015-11-24T15:23:54Z<p>Pbug: </p>
<hr />
<div>* Born in Germany 1976.<br />
* Immigrated to Canada 1987.<br />
* Returned to Germany 2002.<br />
* First used UNIX in 1995, QNX in 1993.<br />
* Knows Yashy through IRC.<br />
* Is on extended leave from IRC.<br />
* wrote [[wildcarddnsd|delphinusdnsd]]</div>Pbughttps://hackepedia.org/?title=User:Pbug&diff=5654User:Pbug2015-11-24T15:23:38Z<p>Pbug: </p>
<hr />
<div>* Born in Germany 1976.<br />
* Immigrated to Canada 1987.<br />
* Returned to Germany 2002.<br />
* First used UNIX in 1995, QNX in 1993.<br />
* Knows Yashy through IRC.<br />
* Is on extended leave from IRC.<br />
* wrote [[wildcarddnsd|delhinusdnsd]]</div>Pbughttps://hackepedia.org/?title=Wildcarddnsd&diff=5638Wildcarddnsd2014-11-14T07:42:04Z<p>Pbug: /* Development */ name change</p>
<hr />
<div>Wildcarddnsd is an authoritative turn-key [[DNS]] server. It differs from a general-purpose DNS server such as [[BIND]] in reduced functionality. However Wildcarddnsd is only 7 year old with only 7.1 human work-years behind it. Compare this with many human resources of BIND development.<br />
<br />
Wildcarddnsd runs on [[OpenBSD]], [[FreeBSD]], [[Linux]], and with minor patchwork on [[Mac OS X]]. [[NetBSD]] may also work.<br />
<br />
The [http://wildcarddns.centroid.eu Wildcarddnsd homepage] is found at [[centroid.eu]].<br />
<br />
<br />
== Development ==<br />
<br />
The wildcarddnsd [[daemon]] is written in the [[C]] language. It was developed on [[OpenBSD]] and tries very hard to not have an overflow by useing [[strlcpy]]/strlcat when possible.<br />
<br />
<br />
== Name change ==<br />
<br />
As of Friday November 14th, 2014, the wildcarddnsd project has been renamed delphinusdnsd. The new project is found here:<br />
<br />
[http://delphinusdns.centroid.eu delphinusdnsd]<br />
<br />
== See Also ==<br />
<br />
[[BIND]], [[nsd]], [[DNS]]</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5635OpenBSD2014-10-31T12:56:46Z<p>Pbug: /* Ported programs that orginated at OpenBSD */</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 5.6 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 5.6:<br />
<br />
OpenBSD's preorders for 5.6 are on:<br />
<br />
[http://www.openbsd.org/56.html OpenBSD 5.6 Release Page]<br />
<br />
This season puffy does LibreSSL.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
* LibreSSL, because noone before looked at OpenSSL (different affiliation)<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5632OpenBSD2014-10-31T10:04:56Z<p>Pbug: /* OpenBSD 5.4 */ 5.6</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 5.6 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 5.6:<br />
<br />
OpenBSD's preorders for 5.6 are on:<br />
<br />
[http://www.openbsd.org/56.html OpenBSD 5.6 Release Page]<br />
<br />
This season puffy does LibreSSL.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5610OpenBSD2013-10-28T19:24:29Z<p>Pbug: /* OpenBSD 5.3 */ some people already have their 5.4 CD's including yours truly, for the rest of the 'net it'll be available in 3 days</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 5.4 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 5.4:<br />
<br />
OpenBSD's preorders for 5.4 are on:<br />
<br />
[http://www.openbsd.org/54.html OpenBSD 5.4 Release Page]<br />
<br />
This season Puffia (?) is singing for the fishes.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=FreeBSD&diff=5609FreeBSD2013-10-28T19:21:56Z<p>Pbug: /* FreeBSD 9.1-RELEASE */ -> 9.2</p>
<hr />
<div>FreeBSD is an open-source operating system based on 4.4BSD lite2. [http://www.freebsd.org The FreeBSD Project Homepage]. The FreeBSD project has probably the most developers out of any [[BSD]] project currently active.<br />
<br />
<br />
== FreeBSD 9.2-RELEASE ==<br />
<br />
The current version of FreeBSD is 9.2-RELEASE<br />
<br />
[http://www.freebsd.org/releases/ FreeBSD Release page]<br />
<br />
== rc.conf recommendations ==<br />
/etc/rc.conf recommendations:<br />
<br />
This will stop syslog from opening a socket. This is highly recommended unless you do remote syslogging. If you're unsure, you can safely make this change.<br />
syslogd_flags="-ss"<br />
<br />
<br />
You can get defaults for /etc/rc.conf out of /etc/defaults/rc.conf. This is very helpful, if you use grep against that you can pull out what you need and change it.<br />
<br />
== Jails ==<br />
<br />
Jails are a way to contain an instance of userland in a chroot-like setting. Some VPS providers use Jails as their service. See [[Jails]].<br />
<br />
== Ports ==<br />
<br />
<br />
Cleanup hints if you're using ports. Once in a while look for:<br />
# ls /usr/ports/distfiles/<br />
which is leftover packages you've downloaded to install. You can remove these if the install is complete<br />
# find /usr/ports/ -name work -type d -print <br />
this is old work directories left around from an install you've done. When you install from ports if you do:<br />
# make install distclean<br />
the distclean will clean this work directory as well as the distfiles.<br />
<br />
Also make sure you have a regular [[patching]] process.<br />
<br />
<br />
<br />
[[FreeBSD:php]] Help with installing php from ports on FreeBSD.<br />
[[FreeBSD:apache22:ssl]] Getting SSL working with [[apache]]22.<br />
<br />
<br />
You may want to look at special defines when using ports. For example, if you wanted to compile mtr from ports without X11:<br />
<br />
$ cd /usr/ports/net/mtr<br />
<br />
$ grep defined Makefile <br />
.if defined(WITHOUT_X11)<br />
.if defined(WITHOUT_IPV6)<br />
<br />
<br />
# make -DWITHOUT_X11 install distclean<br />
<br />
== Hints ==<br />
<br />
Unlike [[Manual|cat(1)]] on most [[OS]]', the cat on FreeBSD can't handle cat'ing directories:<br />
$ cat elcheapo/<br />
Ê<br />
.<br />
<br />
and then the terminal will appear to lock up. If you type "reset" (even though you will not see your typing) when this happens you will rescue your session so you don't have to quit it and start over.<br />
<br />
<br />
== Patching ==<br />
<br />
# cat /bin/update<br />
portsnap fetch update<br />
/usr/local/sbin/portaudit -Fda<br />
pkg_version -v -l "<"<br />
<br />
<br />
# cat /bin/upgrade<br />
/usr/local/sbin/portupgrade -a<br />
<br />
Once you have these two scripts, run each regularly, at your convenience.<br />
<br />
== Ported Programs that Originated at FreeBSD ==<br />
<br />
* [[ipfw]] runs on FreeBSD, DragonflyBSD and Mac OS X<br />
* a lot of wifi and ethernet drivers written mainly by Bill Paul.</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5606OpenBSD2013-09-12T15:47:43Z<p>Pbug: /* OpenBSD 5.3 */ oops</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 5.3 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 5.3:<br />
<br />
OpenBSD's preorders for 5.4 are on:<br />
<br />
[http://www.openbsd.org/54.html OpenBSD 5.4 Release Page]<br />
<br />
This season Puffia is singing with the fishes and all for entertainment.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=OpenBSD&diff=5605OpenBSD2013-09-12T15:47:16Z<p>Pbug: /* OpenBSD 5.3 */ 5.4 preorders are on</p>
<hr />
<div>OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]<br />
OpenBSD is written with [[C]] programming language.<br />
<br />
== OpenBSD 5.3 ==<br />
<br />
The [http://www.openbsd.org current] OpenBSD version is 5.3:<br />
<br />
OpenBSD's preorders for 5.4 are on:<br />
<br />
[http://www.openbsd.org/54.html OpenBSD 5.3 Release Page]<br />
<br />
This season Puffia is singing with the fishes and all for entertainment.<br />
<br />
== Ported programs that orginated at OpenBSD ==<br />
<br />
* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.<br />
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.<br />
<br />
<br />
== Release Song ==<br />
<br />
Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]<br />
<br />
<br />
== Hackathons ==<br />
<br />
Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).<br />
<br />
<br />
== Export Restrictions ==<br />
<br />
[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.</div>Pbughttps://hackepedia.org/?title=Spying&diff=5604Spying2013-08-13T12:39:57Z<p>Pbug: some corrections</p>
<hr />
<div>A society with a network that allows easy spying of everyone (panopticon is a geometric shape that allows this for example) WILL INVITE SPYING. Would you give up facebook, google, twitter and Yahoo because a bunch of Jerks in your government are spying on everyone? No you wouldn't. But there is something one can do? Yes, maybe.<br />
<br />
* Routers - software/hardware should be from your country. I wouldn't like it if every router software in my country was from China or the USA, sorry... home bred, home responsibility. And not just that but also accountability.<br />
<br />
* Topology - a hub/spoke network is perhaps not the best. A full disorganized mesh network may be better because it makes many gateways.<br />
<br />
* making laws to prevent spying DOES NOT HELP (yet it's all we've got as an option).. see tempora the british didn't even know it was going on...<br />
<br />
<br />
== Internet ==<br />
<br />
The Internet is the worlds biggest spying machine. Everything is logged when it can be. So it's up to us to tame this beast.<br />
The Internet does not belong to anyone so nobody can be its master but we all make the Internet happen. What this means is that we should be able to stretch the Internet to our wills. Only unity among the people will do this, unity is strength otherwise seperated we'll succumb to the Internet. It's probably wise for people (even laymans) to take a more active role in how the Internet is built, only then can we truly know what we're facing up against.<br />
<br />
== Engineering ==<br />
<br />
Currently there is no engineering solution to prevent spying completely. If someone creates an absolute spy-proof network please contact us. <br />
<br />
Also the use of [[cryptography]] is not a silver bullet against spying. We don't know if a government body or other organization has developed a computer powerful enough to see through crypto. Cryptography is a very difficult formula that requires all sorts of factors to be "just right", we can't entrust that to our children and not so clued people, it would be like giving them fire to play with, they might get burned. So we must prevent spying, period.<br />
<br />
== Commandeering ==<br />
<br />
The NSA and other government organizations world-wide have been attempting to commandeer ([http://www.theatlantic.com/technology/archive/2013/08/the-nsa-is-commandeering-the-internet/278572/ article]) our Internet. The word to all ISP's and network organizations is to fight them. Fight them with lawyers and refusal to install equipment on your networks. We must win this fight.<br />
<br />
<br />
== Democracy == <br />
<br />
The Internet is a series of corporations and organizations that have banded together. This networking was done largely without democratic values. Because the Internet is largely un-democratic we must do something to bring democracy to the Internet. The Internet largely runs our lives, so why should there be a seperation between democracy which is there to protect our values and this body of digital networks. We must bridge gaps between engineering and democracy, as there is beauty in both, but an ugly un-democratic fascism that grows out of the Internet. We must protect democracy.<br />
<br />
== Anonymity Online ==<br />
<br />
Let's get this straight. You are not anonymous even if you are on a dynamic IP. Telco's keep record of who was online at what time on what IP. Google uses cookies to track you and so does most other website. Since a cookie reveals who you are ([[shadow profile]]) every time you connect to Google they can go back in time to everything you ever searched for as soon as your identity is known to them. It makes no difference if you are on dynamic IP or a static IP the only difference is with a static IP everyone else knows that it's you... not just google.<br />
<br />
== PRISM ==<br />
<br />
Is a programme run by the NSA in the USA. Ed Snowden worked for them as a contractor in Hawaii. NSA stands for National Security Agency.<br />
<br />
Edward Snowden said that it has come to a point where they store massive amounts of data and archive it. I presume then when anyone acts strange (a trigger event) they will pull all available data on that person. Snowden says it's not the type of society that he wants to live in.<br />
<br />
== Tempora ==<br />
<br />
The British PRISM. When british politicians were asked by Germanys Justice Minister Sabine Leutheuser-Schnarrenberger to what extend they spy on Germany's residents she was told to "ask the GCHQ", meaning that the ministers in the UK do not have a clue what is going on on their territory. It seems GCHQ has gotten out of control. GCHQ is the british NSA.<br />
<br />
== Echelon ==<br />
<br />
May not exist anymore. It used to watch over all satellite communications. The states that ran Echelon are now called the "Five Eyes" countries because there is 5 of them (USA, Canada, UK, Australia and New Zealand). It may have more allied countries in its wake.<br />
<br />
<br />
== 1984 ==<br />
<br />
1984 is a novel by George Orwell, written in the late 1940's. The author predicted that the world would be like he depicted it in 1984. Well it's 30 years later now, and I think we have almost arrived, humans privacy has been erradicated and we're much more alone than before. And government seems to have no solutions to this, in fact they build up more spying facilities as you read this.<br />
<br />
<br />
== Pbug's plan ==<br />
<br />
pbug (me) thinks that we'll escape the wrath of spying if we all work together. It's very difficult to put these words down because it isn't so much a technical problem anymore than a societal problem. If we get rid of Telco's much of our problems are solved. So how would that work? No more DSL? Right no more DSL and no FTTH. What everyone has to do is control their spec of the Internet with multiple gateways. Pretend you have a 4 port router running OpenWRT and it does gigabit speed routing. You could then dedicate 1 link to your house and put wifi on it. The other links go to your neighbours, the guy on the right, the guy on the left and the guy behind or in front of you. Ethernet has a 100 meter range so this will reach no problem. If it doesn't reach there is laser links one can buy (look up RONJA but we need something faster). So then your neighbours have to do the same and before you know it the city is meshed. It then needs gateways to other cities and before you know it the country is meshed, and so on. There will be many thousands if not millions of routers that everyone controls themselves and we dedicate the path. Pretend you can decide the route your packets take with strict source routing (a technical term). The Internet would flow. And if we randomize the path the route takes spying eyes would have a hard time combinging all your data, they may only get traces/bits of it. To do all this requires a shift in policy with the governments, so it needs to be voted into power. It's not simple but in order to get less spying from the Internet we need MORE net, not less.</div>Pbughttps://hackepedia.org/?title=Spying&diff=5603Spying2013-08-13T12:28:12Z<p>Pbug: /* Engineering */ crypto</p>
<hr />
<div>A society with a network that allows easy spying of everyone (panopticon is a geometric shape that allows this for example) WILL INVITE SPYING. Would you give up facebook, google, twitter and Yahoo because a bunch of Jerks in your government are spying on everyone? No you wouldn't. But there is something one can do? Yes, maybe.<br />
<br />
* Routers - software/hardware should be from your country. I wouldn't like it if every router software in my country was from China or the USA, sorry... home bred, home responsibility.<br />
* Topology - a hub/spoke network is perhaps not the best. Here in Germany everything almost goes through Frankfurt, where do you think they spy/watch us? A full disorganized mesh network may be better because it makes many gateways.<br />
* making laws to prevent spying DOES NOT HELP.. see tempora the british didn't even know it was going on...<br />
<br />
== Internet ==<br />
<br />
The Internet is the worlds biggest spying machine. Everything is logged when it can be. So it's up to us to tame this beast.<br />
The Internet does not belong to anyone so nobody can be its master but we all make the Internet happen. What this means is that we should be able to stretch the Internet to our wills. Only unity among the people will do this, unity is strength otherwise seperated we'll succumb to the Internet. It's probably wise for people (even laymans) to take a more active role in how the Internet is built, only then can we truly know what we're facing up against.<br />
<br />
== Engineering ==<br />
<br />
Currently there is no engineering solution to prevent spying completely. If someone creates an absolute spy-proof network please contact us. <br />
<br />
Also the use of [[cryptography]] is not a silver bullet against spying. We don't know if a government body or other organization has developed a computer powerful enough to see through crypto. Cryptography is a very difficult formula that requires all sorts of factors to be "just right", we can't entrust that to our children and not so clued people, it would be like giving them fire to play with, they might get burned. So we must prevent spying, period.<br />
<br />
== Commandeering ==<br />
<br />
The NSA and other government organizations world-wide have been attempting to commandeer ([http://www.theatlantic.com/technology/archive/2013/08/the-nsa-is-commandeering-the-internet/278572/ article]) our Internet. The word to all ISP's and network organizations is to fight them. Fight them with lawyers and refusal to install equipment on your networks. We must win this fight.<br />
<br />
<br />
== Democracy == <br />
<br />
The Internet is a series of corporations and organizations that have banded together. This networking was done largely without democratic values. Because the Internet is largely un-democratic we must do something to bring democracy to the Internet. The Internet largely runs our lives, so why should there be a seperation between democracy which is there to protect our values and this body of digital networks. We must bridge gaps between engineering and democracy, as there is beauty in both, but an ugly un-democratic fascism that grows out of the Internet. We must protect democracy.<br />
<br />
== Anonymity Online ==<br />
<br />
Let's get this straight. You are not anonymous even if you are on a dynamic IP. Telco's keep record of who was online at what time on what IP. Google uses cookies to track you and so does most other website. Since a cookie reveals who you are ([[shadow profile]]) every time you connect to Google they can go back in time to everything you ever searched for as soon as your identity is known to them. It makes no difference if you are on dynamic IP or a static IP the only difference is with a static IP everyone else knows that it's you... not just google.<br />
<br />
== PRISM ==<br />
<br />
Is a programme run by the NSA in the USA. Ed Snowden worked for them as a contractor in Hawaii. NSA stands for National Security Agency.<br />
<br />
Edward Snowden said that it has come to a point where they store massive amounts of data and archive it. I presume then when anyone acts strange (a trigger event) they will pull all available data on that person. Snowden says it's not the type of society that he wants to live in.<br />
<br />
== Tempora ==<br />
<br />
The British PRISM. When british politicians were asked by Germanys Justice Minister Sabine Leutheuser-Schnarrenberger to what extend they spy on Germany's residents she was told to "ask the GCHQ", meaning that the ministers in the UK do not have a clue what is going on on their territory. It seems GCHQ has gotten out of control. GCHQ is the british NSA.<br />
<br />
== Echelon ==<br />
<br />
May not exist anymore. It used to watch over all satellite communications. The states that ran Echelon are now called the "Five Eyes" countries because there is 5 of them (USA, Canada, UK, Australia and New Zealand). It may have more allied countries in its wake.<br />
<br />
<br />
== 1984 ==<br />
<br />
1984 is a novel by George Orwell, written in the late 1940's. The author predicted that the world would be like he depicted it in 1984. Well it's 30 years later now, and I think we have almost arrived, humans privacy has been erradicated and we're much more alone than before. And government seems to have no solutions to this, in fact they build up more spying facilities as you read this.<br />
<br />
<br />
== Pbug's plan ==<br />
<br />
pbug (me) thinks that we'll escape the wrath of spying if we all work together. It's very difficult to put these words down because it isn't so much a technical problem anymore than a societal problem. If we get rid of Telco's much of our problems are solved. So how would that work? No more DSL? Right no more DSL and no FTTH. What everyone has to do is control their spec of the Internet with multiple gateways. Pretend you have a 4 port router running OpenWRT and it does gigabit speed routing. You could then dedicate 1 link to your house and put wifi on it. The other links go to your neighbours, the guy on the right, the guy on the left and the guy behind or in front of you. Ethernet has a 100 meter range so this will reach no problem. If it doesn't reach there is laser links one can buy (look up RONJA but we need something faster). So then your neighbours have to do the same and before you know it the city is meshed. It then needs gateways to other cities and before you know it the country is meshed, and so on. There will be many thousands if not millions of routers that everyone controls themselves and we dedicate the path. Pretend you can decide the route your packets take with strict source routing (a technical term). The Internet would flow. And if we randomize the path the route takes spying eyes would have a hard time combinging all your data, they may only get traces/bits of it. To do all this requires a shift in policy with the governments, so it needs to be voted into power. It's not simple but in order to get less spying from the Internet we need MORE net, not less.</div>Pbughttps://hackepedia.org/?title=Spying&diff=5602Spying2013-08-13T11:58:06Z<p>Pbug: /* Engineering */ commandeering and democracy</p>
<hr />
<div>A society with a network that allows easy spying of everyone (panopticon is a geometric shape that allows this for example) WILL INVITE SPYING. Would you give up facebook, google, twitter and Yahoo because a bunch of Jerks in your government are spying on everyone? No you wouldn't. But there is something one can do? Yes, maybe.<br />
<br />
* Routers - software/hardware should be from your country. I wouldn't like it if every router software in my country was from China or the USA, sorry... home bred, home responsibility.<br />
* Topology - a hub/spoke network is perhaps not the best. Here in Germany everything almost goes through Frankfurt, where do you think they spy/watch us? A full disorganized mesh network may be better because it makes many gateways.<br />
* making laws to prevent spying DOES NOT HELP.. see tempora the british didn't even know it was going on...<br />
<br />
== Internet ==<br />
<br />
The Internet is the worlds biggest spying machine. Everything is logged when it can be. So it's up to us to tame this beast.<br />
The Internet does not belong to anyone so nobody can be its master but we all make the Internet happen. What this means is that we should be able to stretch the Internet to our wills. Only unity among the people will do this, unity is strength otherwise seperated we'll succumb to the Internet. It's probably wise for people (even laymans) to take a more active role in how the Internet is built, only then can we truly know what we're facing up against.<br />
<br />
== Engineering ==<br />
<br />
currently there is no engineering solution to prevent spying completely. If someone creates an absolute spy-proof network please contact us. It's likely however that the authorities will want to have a backdoor or they outlaw it completely. It's overall not very fair.<br />
<br />
<br />
== Commandeering ==<br />
<br />
The NSA and other government organizations world-wide have been attempting to commandeer ([http://www.theatlantic.com/technology/archive/2013/08/the-nsa-is-commandeering-the-internet/278572/ article]) our Internet. The word to all ISP's and network organizations is to fight them. Fight them with lawyers and refusal to install equipment on your networks. We must win this fight.<br />
<br />
<br />
== Democracy == <br />
<br />
The Internet is a series of corporations and organizations that have banded together. This networking was done largely without democratic values. Because the Internet is largely un-democratic we must do something to bring democracy to the Internet. The Internet largely runs our lives, so why should there be a seperation between democracy which is there to protect our values and this body of digital networks. We must bridge gaps between engineering and democracy, as there is beauty in both, but an ugly un-democratic fascism that grows out of the Internet. We must protect democracy.<br />
<br />
== Anonymity Online ==<br />
<br />
Let's get this straight. You are not anonymous even if you are on a dynamic IP. Telco's keep record of who was online at what time on what IP. Google uses cookies to track you and so does most other website. Since a cookie reveals who you are ([[shadow profile]]) every time you connect to Google they can go back in time to everything you ever searched for as soon as your identity is known to them. It makes no difference if you are on dynamic IP or a static IP the only difference is with a static IP everyone else knows that it's you... not just google.<br />
<br />
== PRISM ==<br />
<br />
Is a programme run by the NSA in the USA. Ed Snowden worked for them as a contractor in Hawaii. NSA stands for National Security Agency.<br />
<br />
Edward Snowden said that it has come to a point where they store massive amounts of data and archive it. I presume then when anyone acts strange (a trigger event) they will pull all available data on that person. Snowden says it's not the type of society that he wants to live in.<br />
<br />
== Tempora ==<br />
<br />
The British PRISM. When british politicians were asked by Germanys Justice Minister Sabine Leutheuser-Schnarrenberger to what extend they spy on Germany's residents she was told to "ask the GCHQ", meaning that the ministers in the UK do not have a clue what is going on on their territory. It seems GCHQ has gotten out of control. GCHQ is the british NSA.<br />
<br />
== Echelon ==<br />
<br />
May not exist anymore. It used to watch over all satellite communications. The states that ran Echelon are now called the "Five Eyes" countries because there is 5 of them (USA, Canada, UK, Australia and New Zealand). It may have more allied countries in its wake.<br />
<br />
<br />
== 1984 ==<br />
<br />
1984 is a novel by George Orwell, written in the late 1940's. The author predicted that the world would be like he depicted it in 1984. Well it's 30 years later now, and I think we have almost arrived, humans privacy has been erradicated and we're much more alone than before. And government seems to have no solutions to this, in fact they build up more spying facilities as you read this.<br />
<br />
<br />
== Pbug's plan ==<br />
<br />
pbug (me) thinks that we'll escape the wrath of spying if we all work together. It's very difficult to put these words down because it isn't so much a technical problem anymore than a societal problem. If we get rid of Telco's much of our problems are solved. So how would that work? No more DSL? Right no more DSL and no FTTH. What everyone has to do is control their spec of the Internet with multiple gateways. Pretend you have a 4 port router running OpenWRT and it does gigabit speed routing. You could then dedicate 1 link to your house and put wifi on it. The other links go to your neighbours, the guy on the right, the guy on the left and the guy behind or in front of you. Ethernet has a 100 meter range so this will reach no problem. If it doesn't reach there is laser links one can buy (look up RONJA but we need something faster). So then your neighbours have to do the same and before you know it the city is meshed. It then needs gateways to other cities and before you know it the country is meshed, and so on. There will be many thousands if not millions of routers that everyone controls themselves and we dedicate the path. Pretend you can decide the route your packets take with strict source routing (a technical term). The Internet would flow. And if we randomize the path the route takes spying eyes would have a hard time combinging all your data, they may only get traces/bits of it. To do all this requires a shift in policy with the governments, so it needs to be voted into power. It's not simple but in order to get less spying from the Internet we need MORE net, not less.</div>Pbughttps://hackepedia.org/?title=Spying&diff=5601Spying2013-08-13T11:46:02Z<p>Pbug: /* Internet */ better wording</p>
<hr />
<div>A society with a network that allows easy spying of everyone (panopticon is a geometric shape that allows this for example) WILL INVITE SPYING. Would you give up facebook, google, twitter and Yahoo because a bunch of Jerks in your government are spying on everyone? No you wouldn't. But there is something one can do? Yes, maybe.<br />
<br />
* Routers - software/hardware should be from your country. I wouldn't like it if every router software in my country was from China or the USA, sorry... home bred, home responsibility.<br />
* Topology - a hub/spoke network is perhaps not the best. Here in Germany everything almost goes through Frankfurt, where do you think they spy/watch us? A full disorganized mesh network may be better because it makes many gateways.<br />
* making laws to prevent spying DOES NOT HELP.. see tempora the british didn't even know it was going on...<br />
<br />
== Internet ==<br />
<br />
The Internet is the worlds biggest spying machine. Everything is logged when it can be. So it's up to us to tame this beast.<br />
The Internet does not belong to anyone so nobody can be its master but we all make the Internet happen. What this means is that we should be able to stretch the Internet to our wills. Only unity among the people will do this, unity is strength otherwise seperated we'll succumb to the Internet. It's probably wise for people (even laymans) to take a more active role in how the Internet is built, only then can we truly know what we're facing up against.<br />
<br />
== Engineering ==<br />
<br />
currently there is no engineering solution to prevent spying completely. Encryption works until the authorities request your master key, then that's the end. Running a spy free ISP works until the authorities force you to colocate a spying equipment on your LAN. Authorities go beyond laws to get their data so making laws don't work either. If someone creates an absolute spy-proof network please contact us. It's likely however that the authorities will want to have a backdoor or they outlaw it completely. It's overall not very fair.<br />
<br />
== Anonymity Online ==<br />
<br />
Let's get this straight. You are not anonymous even if you are on a dynamic IP. Telco's keep record of who was online at what time on what IP. Google uses cookies to track you and so does most other website. Since a cookie reveals who you are ([[shadow profile]]) every time you connect to Google they can go back in time to everything you ever searched for as soon as your identity is known to them. It makes no difference if you are on dynamic IP or a static IP the only difference is with a static IP everyone else knows that it's you... not just google.<br />
<br />
== PRISM ==<br />
<br />
Is a programme run by the NSA in the USA. Ed Snowden worked for them as a contractor in Hawaii. NSA stands for National Security Agency.<br />
<br />
Edward Snowden said that it has come to a point where they store massive amounts of data and archive it. I presume then when anyone acts strange (a trigger event) they will pull all available data on that person. Snowden says it's not the type of society that he wants to live in.<br />
<br />
== Tempora ==<br />
<br />
The British PRISM. When british politicians were asked by Germanys Justice Minister Sabine Leutheuser-Schnarrenberger to what extend they spy on Germany's residents she was told to "ask the GCHQ", meaning that the ministers in the UK do not have a clue what is going on on their territory. It seems GCHQ has gotten out of control. GCHQ is the british NSA.<br />
<br />
== Echelon ==<br />
<br />
May not exist anymore. It used to watch over all satellite communications. The states that ran Echelon are now called the "Five Eyes" countries because there is 5 of them (USA, Canada, UK, Australia and New Zealand). It may have more allied countries in its wake.<br />
<br />
<br />
== 1984 ==<br />
<br />
1984 is a novel by George Orwell, written in the late 1940's. The author predicted that the world would be like he depicted it in 1984. Well it's 30 years later now, and I think we have almost arrived, humans privacy has been erradicated and we're much more alone than before. And government seems to have no solutions to this, in fact they build up more spying facilities as you read this.<br />
<br />
<br />
== Pbug's plan ==<br />
<br />
pbug (me) thinks that we'll escape the wrath of spying if we all work together. It's very difficult to put these words down because it isn't so much a technical problem anymore than a societal problem. If we get rid of Telco's much of our problems are solved. So how would that work? No more DSL? Right no more DSL and no FTTH. What everyone has to do is control their spec of the Internet with multiple gateways. Pretend you have a 4 port router running OpenWRT and it does gigabit speed routing. You could then dedicate 1 link to your house and put wifi on it. The other links go to your neighbours, the guy on the right, the guy on the left and the guy behind or in front of you. Ethernet has a 100 meter range so this will reach no problem. If it doesn't reach there is laser links one can buy (look up RONJA but we need something faster). So then your neighbours have to do the same and before you know it the city is meshed. It then needs gateways to other cities and before you know it the country is meshed, and so on. There will be many thousands if not millions of routers that everyone controls themselves and we dedicate the path. Pretend you can decide the route your packets take with strict source routing (a technical term). The Internet would flow. And if we randomize the path the route takes spying eyes would have a hard time combinging all your data, they may only get traces/bits of it. To do all this requires a shift in policy with the governments, so it needs to be voted into power. It's not simple but in order to get less spying from the Internet we need MORE net, not less.</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5600Cryptography2013-08-13T08:17:33Z<p>Pbug: /* Symmetric Block Cipher Modes */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext. [[WPA]] uses AES in some form of counter mode we were able to learn.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.</div>Pbughttps://hackepedia.org/?title=Cryptography&diff=5599Cryptography2013-08-13T08:05:42Z<p>Pbug: /* Symmetric Block Cipher Modes */</p>
<hr />
<div>Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet [[sniffer]] to listen in on network communication. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. We highly recommend anyone using plain text protocols these days to use their free, open source, encrypted equivalents.<br />
<br />
=== Cryptography found in UNIX ===<br />
<br />
<br />
[[UBO]]'s over the decades have been attacked with great effort. [[UBO]]'s therefore use all cryptography methods known in order to defend against attack. Some methods are weaker due to weak protocols than other methods. We'll try to list as much as possible here, but without researching these "teasers" you'll likely not understand them all.<br />
<br />
=== One way hashing ===<br />
UNIX programmers implemented a [[One way hash]] of [[DES]] to "encrypt" [[password]]s as part of the crypt(3) function. It was impossible to decrypt these [[password]]s since they were a modified version of DES, so in order to know if someone had the right [[password]] the plain text would be encrypted and the result compared with the hash of the password database. If they matched, a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 [[password]]s in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the [[password]]s. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system, however it can now be broken with a custom made cracker (2012) which does [http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/ 77 milllion cracks per second] against this hashing method. So OpenBSD went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds, a crypt will do 2 passwords in 1 second.<br />
<br />
[[One way hash]]ing wasn't confined to just passwords. With the [[md5]] and [[SHA]], as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. For example, if you want to ensure a file or directory has not been altered, you can print the checksum onto read-only media (i.e. paper/burn onto a cd). Whenever you run the checksum program against the same file or directory, you should get the same results unless something has been altered. If this topic interests you, [http://sourceforge.net/projects/tripwire/ tripwire] is popular software you'll want to read more about.<br />
<br />
<br />
=== MAC / HMAC ===<br />
<br />
A MAC (Message Authentication Code), it's called so because you can sign a message (run it through a one way hash) and if the hash does not equal the message then it's not the right message. An HMAC has a hashed MAC with an extra password protection.<br />
<br />
Please see RFC 2104 for how HMAC's are computed.<br />
<br />
=== Symmetric cryptography ===<br />
<br />
[[File:aes-spaceplot.jpg]]<br />
<br />
<br />
True private key cryptography was also present with the [[bdes]] and the [[openssl]] commands which could encrypt files with a variety of ciphers. Some well known ciphers are [[DES]] (broken not used anymore), [[AES]] (the current standard at 256 bits), [[blowfish]], [[CAST128]] and [[RC4]]. Many ciphers are imported through the openssl library.<br />
<br />
Most symmetric crypto ciphers are "block" ciphers in that they do encryption but only for blocks of 8 bytes or 16 bytes depending on the cipher. This is a bit of a pain for programmming with these ciphers because one would have the question of "what do I use as padding". Padding is the remainder of a block if the ciphertext wasn't exactly the blocksize. We don't have any recommendations for that but bad padding could potentially weaken a cryptographic message.<br />
<br />
The opposite of a block cipher is called a "stream" cipher. You can feed it a byte with the algorithm and an encrypted byte will come out.<br />
<br />
=== Symmetric Block Cipher Modes ===<br />
<br />
A cipher has several modes. The plain mode for a cipher is called [[ECB]] which stands for electronic code book. This is a weak mode and can reveal many things. It's not recommended. One reason on what it can reveal is if the plaintext is the same as another plaintext the ciphertext will also be the same at those offsets.<br />
<br />
Another mode is called [[CBC]] and stands for Cipher Block Chaining method. Here the plaintext blocks are XOR'ed with the previous ciphertext block before encryption, resulting in an even stronger crypto. A CBC mode requires an IV (an initial vector) so that the first block has something to XOR and isn't in ECB mode which could potentially weaken the stream. Some say that an IV doesn't have to be secret, but it can't hurt if it's exchanged like key in an assymetric exchange (DH/RSA).<br />
<br />
Another mode is [[CTR]] (counter mode). This mode is often used in sparse files because it allows random access into the ciphertext (unlike CBC which has to be streamed from the beginning). CTR requires a nonce (a one time value) which is XOR'ed against the block of ciphertext and a counter. The counter is usually derived from an offset of the ciphertext.<br />
<br />
There is many more modes.. these are just some basic ones.<br />
<br />
=== Public Key cryptography ===<br />
<br />
Also called assymetric cryptography. It uses 2 or more keys, usually one that's private and one that's public which is publically known. Ciphers include Diffie Hellman ([[DH]]), and [[RSA]]. [[GPG]] a program to encrypt mail on the application [[OSI]] layer uses this.<br />
<br />
A new report in 2013 came out that RSA/DH may be broken within 5 years. [http://it.slashdot.org/story/13/08/06/2056239/math-advance-suggest-rsa-encryption-could-fall-within-5-years slashdot story]. This would potentially bring everything to a standstill in terms of online commerce. Alternatives are Elliptic Curve Cryptography.<br />
<br />
=== Elliptic Curve Cryptography ===<br />
<br />
This is new to us who write in this wiki, please see the <br />
[http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Wikipedia entry].<br />
<br />
=== Symmetric / Assymmetric Hybrids ===<br />
<br />
This method is used in [[OSI]] session layer communication. A public-key exchange takes place to agree on a [[session key]] which is [[random]] and also a Symmetric encryption and all data following will be encrypted. This is used extensively in [[ssh]] and most [[SSL]] enabled software.<br />
<br />
<br />
<br />
=== Cheap cryptography ===<br />
<br />
Rotational Ciphers based on the alphabet are CHEAP. Often used by Usenet trolls who think that the people they troll don't have a clue what they are talking about.<br />
<br />
$ echo OrpheanBeholderScryDoubt | /usr/games/rot13<br />
BecurnaOrubyqreFpelQbhog<br />
<br />
[[rot13]] is probably good to keep data safe from your 7 year old sister.<br />
<br />
<br />
[[File:xor-spaceplot.jpg]]<br />
<br />
<br />
Another type of cryptography is the XOR method. XOR used as a [[One time pad]] is potentially secure. Here is an example of a typical XOR encryption the [[xortext.c]] program is also available:<br />
<br />
$ cat /etc/passwd | ./xortext blah | hexdump -C | head<br />
00000000 10 03 0e 1c 58 46 5b 58 58 5c 5b 2b 0a 0d 13 04 |....XF[XX\[+....|<br />
00000010 0b 09 41 4e 4e 40 4d 52 4d 1e 0e 07 16 56 4e 0a |..ANN@MRM....VN.|<br />
00000020 0b 02 4e 1b 0a 66 05 09 07 01 0e 06 58 46 5b 59 |..N..f......XF[Y|<br />
00000030 58 5d 5b 3c 0a 09 41 0c 07 1a 08 04 42 04 08 05 |X][<..A.....B...|<br />
00000040 11 09 0d 0e 58 43 13 07 0d 18 5b 47 11 0e 08 06 |....XC....[G....|<br />
00000050 4d 02 0e 04 0d 0b 08 06 68 03 11 0d 10 0d 15 07 |M.......h.......|<br />
00000060 10 56 4b 52 50 56 54 52 31 15 12 1c 07 01 41 4e |.VKRPVTR1.....AN|<br />
00000070 58 43 0e 18 07 1e 00 1c 0d 1e 5b 47 11 0e 08 06 |XC........[G....|<br />
00000080 4d 02 0e 04 0d 0b 08 06 68 0e 08 06 58 46 5b 5b |M.......h...XF[[|<br />
00000090 58 5b 5b 2a 0b 02 00 1a 0b 09 12 48 21 03 0c 05 |X[[*.......H!...|<br />
<br />
Surprisingly some companies employ XOR cryptography in their products as a secruity mechanism.<br />
<br />
<br />
<br />
=== Attacks on cryptography ===<br />
<br />
In many examples a passive crypto attacker is called Eve (from eavesdrop), and an active attacker is called Mallory (for malicious). Both attacks have been used in the past (like the attack on [[WEP]]).<br />
<br />
* If for example a an encrypted session does not have a Message Authentication Check (MAC) then a [[MITM]] attack changing the ciphertext on a network may cause problems in the protocol when the decrypted plaintext is fed to the program. Pretend SSH did not have a MAC, then someone could modify packets and garble would come out and likely the terminal would print garble and the shell would complain at the unknown command.<br />
<br />
* If an encrypted session did not have a counter wrapped by an MAC then it would be possible to replay packets and the same garble would result as indicated above only it may not be able to be stopped. A simple counter and MAC on each packet sent should prevent injections and replay attacks. [[WEP]] had this problem and identifyable ARP packets which have a small size were able to be replayed, helping the attacker with reading ciphertext that would otherwise take a long time to passively read.<br />
<br />
* The most annoying attack is the hang-up attack. We have heard of people in foreign countries modifying their TCP stacks to prevent RST's being sent to hang-up a session, however the next step by the MITM is to change the ciphertext which fails the MAC check which I predict would cause a tear-down of the session. If a protocol is robust enough to not be affected by hang-up it means that a MITM attack can probe several keys in the ciphertext in order to "test the water" and possibly use that to derive a key with extra computation.<br />
<br />
* question? cryptography over radio (what is meant here is non-[[Wifi]] radios) is more secure than crypto over a wire because on a wire a MITM attack is unnoticed. On radio a MITM attack could not occur without notice of something funny going on. FM would probably not make a good crypto radio link as the receiver only plays the strongest signal and throws away the weaker one. Denial of service over radio is called "jamming" and involves a strong signal being sent to introduce noise on another signal. It has been said in civilian circles that military use a spread-spectrum hopping in order to escape jamming. How effective this is is unknown. Hopping involves changing the frequency rapidly in a pre determined pattern which is random enough to surprise the adversary. It is unclear if this is based/seeded on time.</div>Pbug