CEH Ch. 10 Cryptography 101
3DES (symmetric algorithms)
A block cipher that uses a 168-bit key. 3DES (called triple DES) can use up to three keys in a multiple-encryption method. It's much more effective than DES but is much slower
Twofish (symmetric algorithms)
A block cipher that uses a key size up to 256 bits.
When it comes to PKI, asymmetric encryption, digital certificates, and digital signatures, remembering a few important facts will solve a lot of headaches for you.
Keys are generated in pairs, and what one does, the other undoes. In general, the public key (shared with everyone) is used for encryption, and the private key (kept only by the owner) is used for decryption. Although the private key is created to decrypt messages sent to the owner, it is also used to prove authenticity through the digital signature (encrypting with the private key allows recipients to decrypt with the readily available public key). Key generation, distribution, and revocation are best handled within a framework, often referred to as PKI. PKI also allows for the creation and dissemination of digital certificates, which are used to prove the identity of an entity on the network and follow a standard (X.509).
How can you tell if a file is a stego-file?
For text, character positions are key (look for text patterns, unusual blank spaces, and language anomalies). Image files will be larger in size, and may show some weird color palette "faults." Audio and video files require some statistical analysis and specific tools.
Cipher-text-only attack (Cryptography Attacks)
In this attack, the hacker gains copies of several messages encrypted in the same way (with the same algorithm). Statistical analysis can then be used to reveal, eventually, repeating code, which can be used to decode messages later.
Known plain-text attack (Cryptography Attacks)
In this attack, the hacker has both plain-text and corresponding cipher-text messages—the more, the better. The plain-text copies are scanned for repeatable sequences, which are then compared to the cipher-text versions. Over time, and with effort, this can be used to decipher the key.
El Gamal (Asymmetric Encryption)
Not based on prime number factoring, this method uses the solving of discrete logarithm problems for encryption and digital signatures.
PGP (Secure Communications)
Pretty Good Privacy was created way back in 1991 and is used for signing, compression, and encrypting and decrypting e-mails, files, directories, and even whole disk partitions, mainly in an effort to increase the security of e-mail communications. PGP follows the OpenPGP standard (RFC 4880) for encrypting and decrypting data. PGP is known as a hybrid cryptosystem, because it uses features of conventional and public key cryptography.
Nonrepudiation
The means by which a recipient can ensure the identity of the sender and neither party can deny having sent or received the message.
Process of Cryptography
The overall process is fairly simple: take plain-text data (something you can read), apply a cryptographic method, and turn it into cipher text (something you can't read)—so long as there is some provision to allow you to bring the cipher text back to plain text. What is not so simple is the actual process of encrypting and decrypting.
Digital Signatures
The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key, verifying his identity and providing non repudiation. A valid digital signature gives a recipient verification the message was created by a known sender. A digital signature is nothing more than an algorithmic output that is designed to ensure the authenticity (and integrity) of the sender—basically a hash algorithm.
Cryptography
The science or study of protecting information, whether in transit or at rest, by using techniques to render the information unusable to anyone who does not possess the means to decrypt it. Securing communications to two or more parties.
Cryptanalysis
The study and methods used to crack encrypted communications.
Optional Fields (contents of a digital certificate)
These fields include Issuer Unique Identifier, Subject Alternative Name, and Extensions.
Valid From and Valid To (contents of a digital certificate)
These fields show the dates the certificate is good through.
Transport Layer Security (TLS) (Secure Communications)
Using an RSA algorithm of 1024 and 2048 bits, TLS is the successor to SSL. The handshake portion (TLS Handshake Protocol) allows both the client and the server to authenticate to each other, and TLS Record Protocol provides the secured communication channel.
AES (symmetric algorithms)
(Advanced Encryption Standard) A block cipher that uses a key length of 128, 192, or 256 bits, and effectively replaces DES. It's much faster than DES or 3DES.
3 main techniques of image steganography
1. Least Significant Bit Insertion - Inserting data on the least significant bits of a file. 2. Masking & Filtering - (usually accomplished on grayscale images) Masking hides the data in much the same way as a watermark on a document; however it's accomplished by modifying the luminescence of image parts. 3. Algorithmic Transformations - Allows steganographers to hide data in the mathematical functions used in image compression. In any case, the image appears normal, except it's file size is much bigger. To a casual observation, it might be nearly impossible to tell the image is carrying a hidden message. In a video or sound file, it may even be less noticeable.
Encryption takes on two different forms
1. Substitution - Bits are simply replaced by other bits. 2. Transposition - Doesn't replace bits at all; it changes their order altogether.
IDEA (International Data Encryption Algorithm) (symmetric algorithms)
A block cipher that uses a 128-bit key and was also designed to replace DES. Originally used in Pretty Good Privacy (PGP) 2.0, IDEA was patented and used mainly in Europe.
DES (symmetric algorithms)
A block cipher that uses a 56-bit key (with 8 bits reserved for parity). Because of the small key size, this encryption standard became quickly outdated and is not considered a very secure encryption algorithm.
Cross Certification
A certificate authority can be set up to trust a CA in a completely different PKI through something called cross-certification. This allows both PKI CAs to validate certificates generated from either side.
Subject's Public Key (contents of a digital certificate)
A copy of the subject's public key is included in the digital certificate, for obvious purposes.
Blowfish (symmetric algorithms)
A fast block cipher, largely replaced by AES, using a 64-bit block size and a key from 32 to 448 bits. Blowfish is considered public domain.
XOR Operation
A mathematical operation requiring two binary inputs: If the inputs match, the output is a 0, otherwise it is a 1. XOR operations are at the core of a lot of computing. An XOR operation requires two inputs. In the case of encryption algorithms, this would be the data bits and the key bits. Each bit is fed into the operation—one from the data, the next from the key—and then XOR makes a determination. If the bits match, the output is a 0; if they don't, it's a 1. In regard to cryptography and pure XOR ciphers, keep in mind that key length is of utmost importance. If the key chosen is actually smaller than the data, the cipher will be vulnerable to frequency attacks. In other words, because the key will be used repeatedly in the process, its very frequency makes guessing it (or using some other cryptanalytic technique) easier.
Public Key Infrastructure (PKI)
A set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. PKI is basically a structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange. It consists of hardware, software, and policies that create, manage, store, distribute, and revoke keys and digital certificates. In many PKI systems an outside entity, known as a validation authority (VA), is used to validate certificates—usually done via Online Certificate Status Protocol (OCSP).
Side Channel Attack (Cryptography Attacks)
A side-channel attack isn't like the other traditional attacks mentioned. It is a physical attack that monitors environmental factors (like power consumption, timing, and delay) on the cryptosystem itself.
Algorithm
A step-by-step method of solving a problem. In computing security, an algorithm is a set of mathematical rules (logic) for the process of encryption & decryption.
Digital Certificates
Also known as a public key certificate, an electronic file that is used to verify a user's identity, providing nonrepudiation throughout the system. Certificates contain the entity's public key, serial number, version, subject, algorithm type, issuer, valid dates, and key usage details. As you can probably tell so far, a digital certificate isn't really involved with encryption at all. It is, instead, a measure by which entities on a network can provide identification. A digital certificate is an electronic file that is used to verify a user's identity, providing nonrepudiation throughout the system. The certificate itself, in the PKI framework, follows a standard used worldwide. The X.509 standard, part of a much bigger series of standards set up for directory services and such, defines what should and should not be in a digital certificate. Because of the standard, any system complying with X.509 can exchange and use digital certificates to establish authenticity.
Symmetric Enryption
Also known as single key or shared key, symmetric encryption simply means one key is used both to encrypt and to decrypt the data. So long as both the sender and the receiver know/have the secret key, communication can be encrypted between the two. In keeping with the old acronym K.I.S.S. (Keep It Simple, Stupid), the simplicity of symmetric encryption is its greatest asset. As you can imagine, this makes things easy and fast. Bulk encryption needs? Symmetric algorithms and techniques are your best bet. there are some significant drawbacks and weaknesses. For starters, key distribution and management in this type of system are difficult. How do you safely share the secret key? If you send it over the network, someone can steal it. Additionally, because everyone has to have a specific key from each partner they want to communicate with, the sheer number of keys needed presents a problem. The formula for calculating how many key pairs you will need is N (N - 1) / 2 where N is the number of nodes in the network. symmetric encryption is considered fast and strong but poses some significant weaknesses. It's a great choice for bulk encryption because of its speed, but key distribution is an issue because the delivery of the key for the secured channel must be done offline. Additionally, scalability is a concern because the larger the network gets, the number of keys that must be generated increases greatly. Lastly, symmetric encryption does a great job with confidentiality but does nothing to provide for another important security measure—nonrepudiation. As stated earlier, nonrepudiation is the method by which we can prove the sender's identity, as well as prevent either party from denying they took part in the data exchange. These weaknesses led to the creation and implementation of the second means of encryption—asymmetric.
Inference Attack (Cryptography Attacks)
An inference attack may not be what you think it is. Inference actually means you can derive information from the cipher text without actually decoding it. For example, if you are monitoring the encrypted line a shipping company uses and the traffic suddenly increases, you could assume the company is getting ready for a big delivery.
FREAK (Encrypted Communication Attacks)
Another attack you may see referenced (now or in the near future) is FREAK. Factoring Attack on RSA-EXPORT Keys (FREAK) is a man-in-the- middle attack that forces a downgrade of an RSA key to a weaker length. The attacker forces the use of a weaker encryption key length, enabling successful brute-force attacks.
Asymmetric Encryption
Asymmetric encryption came about mainly because of the problem inherent in using a single key to encrypt and decrypt messages—just how do you share the key efficiently and easily without compromising the security? The answer was, of course, to simply use two keys. In this key-pair system, both are generated together, with one key used to encrypt a message and the other to decrypt it. The encryption key, also known as the public key, could be sent anywhere, to anyone. The decryption key, known as the private key, is kept secured on the system. For example, suppose two people want to secure communications across the Internet between themselves. Using symmetric encryption, they'd need to develop some offline method to exchange the single key used for all encryption/decryption (and agree on changing it fairly often). With asymmetric encryption, they both generate a key pair. User A sends his public key to User B, and User B sends his public key to User A. Neither is concerned if anyone on the Internet steals this key because it can be used only to encrypt messages, not to decrypt them. This way, data can be encrypted by a key and sent without concern because the only method to decrypt it is the use of the private key belonging to that pair. Asymmetric encryption comes down to this: what one key encrypts, the other key decrypts. It's important to remember the public key is the one used for encryption, whereas the private key is used for decryption. Either can be used for encryption or decryption within the pair (as you'll see later in this chapter), but in general remember public = encrypt, private = decrypt. It's important to note that although signing a message with the private key is the act required for providing a digital signature and, in effect, confidentiality and nonrepudiation, this is valid only if the keys are good in the first place. This is where key management and the certificate authority process comes into play—without their control over the entire scenario, none of this is worthwhile.
Wrap up on Asymmetric Encryption
Asymmetric encryption provides some significant strengths in comparison to its symmetric brethren. Asymmetric encryption can provide both confidentiality and nonrepudiation, and it solves the problems of key distribution and scalability. In fact, the only real downside to asymmetric—its weaknesses that you'll be asked about on the exam—is its performance (asymmetric is slower than symmetric, especially on bulk encryption) and processing power (usually requiring a much longer key length, it's suitable for smaller amounts of data).
SHA-1 (Hash Algorithms)
Developed by the NSA, SHA-1 produces a 160-bit value output and was required by law for use in U.S. government applications. In late 2005, however, serious flaws became apparent and the U.S. government began recommending the replacement of SHA-1 with SHA-2 after the year 2010 (see FIPS PUB 180-1).
Diffie-Hellman (Asymmetric Encryption)
Developed for use as a key exchange protocol, Diffie-Hellman is used in Secure Sockets Layer (SSL) and IPSec encryption. It can be vulnerable to man-in-the-middle attacks, however, if the use of digital signatures is waived.
Plain Text
Don't be confused by the term plain text. Yes, it can be used to define text data in ASCII format. However, within the confines of cryptography, plain text refers to anything that is not encrypted—whether text or not.
Final Note on Hashes
EXAM TIP When it comes to questions on the exam regarding hashes, remember two things. First, they're used for integrity (any deviation in the hash value, no matter how small, indicates the original file has been corrupted). Second, even though hashes are one-way functions, a sufficient collision attack may break older versions (MD5). Lastly on hashes, there are a bajillion different tools out there you can use to create and view them (and yes, bajillion is a real word). A few of note include HashCalc (www .slavasoft.com), MD5 Calculator (www.bullzip.com), and HashMyFiles (www.nirsoft .com). You can even get tools on your mobile device (like Hash Droid, from play.google .com) for your hashing needs on the go.
RC (Rivest Cipher) (symmetric algorithms)
Encompasses several versions from RC2 through RC6. A block cipher that uses a variable key length up to 2040 bits. RC6, the latest version, uses 128-bit blocks and 4-bit working registers, whereas RC5 uses variable block sizes (32, 64, or 128) and 2-bit working registers.
Serial Number (contents of a digital certificate)
Fairly self-explanatory, the serial number is used to uniquely identify the certificate.
Heartbleed (Encrypted Communication Attacks)
Heartbleed exploits a small feature in OpenSSL that turned out to present a very big problem. OpenSSL uses a heartbeat during an open session to verify that data was received correctly, and it does this by "echoing" data back to the other system. Basically, one system tells the other "I received what you sent and it's all good. Go ahead and send more." In Heartbleed, an attacker sends a single byte of data while telling the server it sent 64Kb of data. The server will then send back 64Kb of data—64Kb of random data from its memory. And what might be in this memory? The sky's the limit—user names and passwords, private keys (which are exceptionally troubling because future communication could be decrypted), cookies, and a host of other nifty bits of information are all in play. This would be concerning enough if the attack itself weren't so easy to pull off. Take a peak at the following code listing showing the use of the Metasploit auxiliary module openssl_heartbleed Heartbleed caused major headaches and worry all over the world. Applications and organizations that were affected included multiple VMware products, Yahoo!, FileMaker, Cisco routers, HP server applications, SourceForge, and GitHub. And the problems weren't just on the commercial side: government agencies everywhere shut down online services while fix actions were put in place. And it's not over. Per AVG's Virus Labs, up to 1.5 percent of websites worldwide are still vulnerable, and there is no telling how many certificates have not been updated/changed since the fix action (which may leave them vulnerable if private keys were stolen previously). Add to it "reverse Heartbleed" (where servers are able to perform the exact same thing in reverse, stealing data from clients) to compound the issue, and things are still very hairy.
Chosen plain-text attack (Cryptography Attacks)
In a chosen plain-text attack, the attacker encrypts multiple plain-text copies himself in order to gain the key.
Data At Rest (DAR)
In general terms, "at rest" means the data is not being accessed, and to many people that means everything on the drive not currently being modified or loaded into memory. But in reality there's more to the definition. The true meaning of data at rest is data that is in a stored state and not currently accessible. For example, data on a laptop when the laptop is powered off is in a resting state, and data on a backup drive sitting off the system/network is at rest, but data in a powered-on, networked, accessible server's folder is not—whether it's currently being used or not right now is immaterial.
Validation Authority (VA)
In many PKI systems an outside entity, known as a validation authority (VA), is used to validate certificates—usually done via Online Certificate Status Protocol (OCSP).
Chosen cipher attack (Cryptography Attacks)
In this attack, the bad guy (or good guy, depending on your viewpoint) chooses a particular cipher-text message and attempts to discern the key through comparative analysis with multiple keys and a plain-text version. RSA is particularly vulnerable to this attack.
What functions Cryptography provides
It's also important to understand what functions cryptography can provide. In Chapter 1, we discussed the hallowed trinity of security—confidentiality, integrity, and availability. When it comes to cryptography, confidentiality is the one that most often is brought up. Encrypting data helps to provide confidentiality of the data because only those with the "key" can see it. However, some other encryption algorithms and techniques also provide for integrity (hashes that ensure the message hasn't been changed) as well as a new term we have yet to discuss here: nonrepudiation. Nonrepudiation is the means by which a recipient can ensure the identity of the sender and neither party can deny having sent or received the message.
Hash Algorithms
Last in our discussion of algorithms are the hashing algorithms, which really don't encrypt anything at all. A hashing algorithm is a one-way mathematical function that takes an input and typically produces a fixed-length string (usually a number), or hash, based on the arrangement of the data bits in the input. Its sole purpose in life is to provide a means to verify the integrity of a piece of data; change a single bit in the arrangement of the original data, and you'll get a different response. The "one-way" portion of the hash definition is important. Although a hash does a great job of providing for integrity checks, it's not designed to be an encryption method. There isn't a way for a hash to be reverse- engineered.
Encryption Algorithms
Mathematical formulas used to encrypt and decrypt data— are highly specialized and, sometimes, very complex. These algorithms are also known as ciphers. modern-day systems use encryption algorithms that are dependent on a separate key, meaning that without the key, the algorithm itself should be useless in trying to decode the data. There are two main methods by which these keys can be used and shared: symmetric and asymmetric.
Final Notes on Encryption
Regardless of the attack chosen or the application used to try it, it's important to remember that, even though the attack may be successful, attempts to crack encryption take a long time. The stronger the encryption method and the longer the key used in the algorithm, the longer the attack will take to be successful. Additionally, it's not an acceptable security practice to assign a key and never change it. No matter how long and complex the key, given a sufficient amount of time a brute-force attack will crack it. However, that amount of time can be from a couple of minutes for keys shorter than 40 bits to 50 or so years for keys longer than 64 bits. Obviously, then, if you combine a long key with a commitment to changing it within a reasonable time period, you can be relatively sure the encryption is "uncrackable." Per the U.S. government, an algorithm using at least a 256-bit key cannot be cracked (see AES). A truism of hacking really applies here: hackers are generally about the "low-hanging fruit." The mathematics involved in cracking encryption usually make it not worthwhile.
Secure Shell (SSH) (Secure Communications)
SSH is, basically, a secured version of Telnet. SSH uses TCP port 22, by default, and relies on public key cryptography for its encryption. Originally designed for remote sessions into Unix machines for command execution, it can be used as a tunneling protocol. SSH2 is the successor to SSH. It's more secure, efficient, and portable, and it includes a built-in encrypted version of FTP (SFTP).
Signed Certificates
Signed certificates generally indicate a CA is involved and the signature validating the identity of the entity is confirmed via an external source—in some instances, a validation authority (VA). Signed certificates, as opposed to self-signed certificates, can be trusted: assuming the CA chain is validated and not corrupted, it's good everywhere. Obviously, anything accessible to (or using) external connectivity will require a signed certificate.
Encryption Algorithm 2 methods
Stream Cipher - A symmetric key cipher where plain text bits are combined with a pseudorandom cipher bit stream (keystream), typically by an exclusive-or (XOR) operation. In a stream cipher, the plain text digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. In other words, readable bits in their regular pattern are fed into the cipher and are encrypted one at a time. These work at a high rate of speed Block Ciphers -A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block. In other words, data bits are split up into blocks and fed into the cipher (usually 64 bits at a time) and then encrypted with the key an algorithm. They use methods such as substitution and transposition in their algorithms and are considered simpler, and slower, than stream ciphers.
Registration Authorities (RAs)
Subordinate CAs that handle things internally (as a matter of fact, most root CAs are removed from network access to protect the integrity of the system).
Self Signed Certificates
Suppose you have an application or service completely internal to your organization, and you want to provide authentication services via certificates. A self-signed certificate—one created internally and never intended to be used in any other situation or circumstance—would likely be your best choice. In most enterprise-level networks, you're bound to find self-signed certificates all over the place. They save money and complexity—since there's no need to involve an external verification authority—and are relatively easy to put into place. Managing self-signed certs can sometimes be hard, and any external access to them is a definite no-no, but internal use is generally nodded at.
Adaptive chosen plain-text attack (Cryptography Attacks)
The ECC definition for this is mind- numbingly obtuse: "the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions." What this really means is the attacker sends bunches of cipher texts to be decrypted and then uses the results of the decryptions to select different, closely related cipher texts. The idea is to gradually glean more and more information about the full target cipher text or about the key itself.
Steganography
The art & science of creating a covert message or image within another message, image, audio, or video file.
Trust Models
This describes how entities within an enterprise deal with keys, signatures, and certificates, and there are three basic models. 1. Web of Trust - Multiple entities sign certificates for one another. In other words, users within this system trust each other based on certificates they receive from other users on the same system. 2. Single-Authority System - has a CA at the top that creates and issues certificates. Users trust each other based on the CA. 3. Hierarchical Trust System - also has a CA at the top (which is known as the root CA) but makes use of one or more registration authorities (subordinate CAs) underneath it to issue and manage certificates. This system is the most secure because users can track the certificate back to the root to ensure authenticity without a single point of failure.
Secure Sockets Layer (SSL) (Secure Communications)
This encrypts data at the transport layer, and above, for secure communication across the Internet. It uses RSA encryption and digital certificates and can be used with a wide variety of upper-layer protocols. SSL uses a six-step process for securing a channel, as shown in Figure 10-3. It is being largely replaced by Transport Layer Security (TLS).
SHA-2 (Hash Algorithms)
This hash algorithm actually holds four separate hash functions that produce outputs of 224, 256, 384, and 512 bits. Although it was designed as a replacement for SHA-1, SHA-2 is still not as widely used.
SHA-3 (Hash Algorithms)
This hash algorithm uses something called "sponge construction," where data is "absorbed" into the sponge (by XOR-ing the initial bits of the state) and then "squeezed" out (output blocks are read and alternated with state transformations).
Version (contents of a digital certificate)
This identifies the certificate format. Over time, the actual format of the certificate has changed slightly, allowing for different entries. The most common version in use is 1.
Internet Protocol Security (IPSec) (Secure Communications)
This is a network layer tunneling protocol that can be used in two modes: tunnel (entire IP packet encrypted) and transport (data payload encrypted). IPSec is capable of carrying nearly any application. The Authentication Header (AH) protocol verifies an IP packet's integrity and determines the validity of its source: it provides authentication and integrity, but not confidentiality. Encapsulating Security Payload (ESP) encrypts each packet (in transport mode, the data is encrypted but the headers are not encrypted; in tunnel mode, the entire packet, including the headers, is encrypted).
RSA (Asymmetric Encryption)
This is an algorithm that achieves strong encryption through the use of two large prime numbers. Factoring these numbers creates key sizes up to 4096 bits. RSA can be used for encryption and digital signatures and is the modern de facto standard.
Replay attack (Cryptography Attacks)
This is most often performed within the context of a man-in- the-middle attack. The hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel. The attacker doesn't really have to know the actual data (such as the password) being exchanged; he just has to get the timing right in copying and then replaying the bit stream. Session tokens can be used in the communications process to combat this attack.
Subject (contents of a digital certificate)
This is whoever or whatever is being identified by the certificate.
MD5 (Message Digest algorithm) (Hash Algorithms)
This produces a 128-bit hash value output, expressed as a 32-digit hexadecimal. Created by Ronald Rivest, MD5 was originally popular for ensuring file integrity. However, serious flaws in the algorithm and the advancement of other hashes have resulted in this hash being rendered obsolete (U.S. CERT, August 2010). Despite its past, MD5 is still used for file verification on downloads and, in many cases, to store passwords.
Key Usage (contents of a digital certificate)
This shows for what purpose the certificate was created.
Algorithm ID (or Signature Algorithm) (contents of a digital certificate)
This shows the algorithm that was used to create the digital signature.
Issuer (contents of a digital certificate)
This shows the entity that verifies the authenticity of the certificate. The issuer is the one who creates the certificates.
Elliptic Curve Cryptosystem (ECC) (Asymmetric Encryption)
This uses points on an elliptical curve, in conjunction with logarithmic problems, for encryption and signatures. It uses less processing power than other methods, making it a good choice for mobile devices.
Salt
To protect against collision attacks and the use of rainbow tables, you can also use something called a salt. A salt is a collection of random bits that are used as a key in addition to the hashing algorithm. Because the bits, and length, are random, a good salt makes a collision attack difficult to pull off. Considering that every time a bit is added to the salt it adds a power of 2 to the complexity of the number of computation involved to derive the outcome, you can see why it's a necessity in protecting password files.
Tools for Encryption Attacks
What's more, a variety of other encryption-type attack applications are waiting in the wings. Some applications, such as Carnivore and Magic Lantern (more of a keylogger than an actual attack application), were created by the U.S. government for law enforcement use in cracking codes. Some, such as L0phtcrack (used mainly on Microsoft Windows against SAM password files) and John the Ripper (a Unix/Linux tool for the same purpose), are aimed specifically at cracking password hashes. Others might be aimed at a specific type or form of encryption (for example, PGPcrack is designed to go after PGP- encrypted systems). A few more worth mentioning include CrypTool (www.cryptool .org), Cryptobench (www.addario.com), and Jipher (www.cipher.org.uk).
S/MIME (Secure/Multipurpose Internet Mail Extensions) (Secure Communications)
When e-mail is the topic, I'd be remiss in not mentioning S/MIME (Secure/Multipurpose Internet Mail Extensions). It was originally developed by RSA Data Security, Inc., and is a standard for public key encryption and signing of MIME data. The primary difference between PGP and S/MIME is that PGP can be used to encrypt not only e-mail messages but also files and entire drives.
Steganography
While not an encryption algorithm in and of itself, steganography is a great way to send messages back and forth without others even realizing it. Steganography is the practice of concealing a message inside another medium (such as another file or an image) in such a way that only the sender and recipient even know of its existence, let alone the manner in which to decipher it. Steganography can be as simple as hiding the message in the text of a written correspondence or as complex as changing bits within a huge media file to carry a message. For example, you could let the recipient know that each letter starting a paragraph is relevant. Or you could simply write in code, using names of famous landmarks to indicate a message. In another example, and probably closer to what most people associate steganography with, if you had an image file, you could simply change the least meaningful bit in every byte to represent data—anyone looking at it would hardly notice the difference in the slight change of color or loss of sharpness.
DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) (Encrypted Communication Attacks)
a "serious vulnerability that affects HTTPS and other services that rely on SSL and TLS (essential cryptographic protocols for Internet security). DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, and financial data." As of March 2016, 33 percent of Internet HTTPS servers tested were vulnerable to the attack. Mitigation for DROWN is much like that for POODLE—turn off support for the offending encryption (in this case, SSLv2). Additionally, "server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS."
Collision Attack
a collision occurs when two or more files create the same output, which is not supposed to happen. When a hacker can create a second file that produces the same hash value output as the original, he may be able to pass off the fake file as the original, causing goodness knows what kinds of problems. Collisions, no matter which hash we're discussing, are always a possibility. By definition, there are only so many combinations the hash can create given an input (MD5, for example, will generate only 2^128 possible combinations). Therefore, given the computation speed of modern computing systems, it isn't infeasible to assume you could re-create one. Matter of fact, you can even download tools to do it for you (www.bishopfox.com/resources/tools/other-free-tools/md4md5- collision-code/).
Certificate Authoritys (CAs)
a trusted entity that issues and revokes public key certificates. In a network, a CA is a trusted entity that issues, manages, and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infrastructure (PKI), the CA works with registration authorities (RAs) to verify information provided by the requestor of a digital certificate. The system starts at the top, with a (usually) neutral party known as the certificate authority (CA). The CA acts as a third party to the organization, much like a notary public; when it signs something as valid, you can trust, with relative assuredness, that it is. Its job is to create and issue digital certificates that can be used to verify identity. The CA also keeps track of all the certificates within the system (using a certificate management system) and maintains a certificate revocation list (CRL), used to track which certificates have problems and which have been revoked.
POODLE (Padding Oracle On Downgraded Legacy Encryption) (Encrypted Communication Attacks)
discovered by Google's security team and announced to the public on October 14, 2014. This time it was a case of backward compatibility being a problem. The Transport Layer Security (TLS) protocol had largely replaced SSL for secure communication on the Internet, but many browsers would still revert to SSL 3.0 when a TLS connection was unavailable. They did this because many TLS clients performed a handshake effort, designed to degrade service until something acceptable was found. For example, the browser might offer TLS 1.2 first and, if it fails, retry and offer 1.0. Supposing a hacker could jump in the connection between client and server, he could interfere with these handshakes, making them all fail—which results in the client dropping to SSL 3.0. So what's the big deal? Well, it seems SSL 3.0 uses RC4, and that opens up a whole world of issues. SSL 3.0 has a design flaw that allows the padding data at the end of a block cipher to be changed so that the encryption cipher becomes less secure each time it is passed. Defined as "RC4 biases" in OpenSSL's paper on the subject (https://www .openssl.org/~bodo/ssl-poodle.pdf ), if the same secret—let's say a password—is sent over several sessions, more and more information about it will leak. Eventually, the connection may as well be plain text (per the same source, an attacker need only make 256 SSL 3.0 requests to reveal one byte of encrypted messages), and the attacker sitting in the middle can see everything. Mitigation for POODLE is straightforward: just don't use SSL 3.0 at all. Completely disabling SSL 3.0 on the client and server sides means the "degradation dance" can't ever take things down to SSL 3.0. Of course, in a recurring vein that frustrates and angers security professionals while simultaneously filling hackers with glee and joy, there are old clients and servers that just don't support TLS 1.0 and above. [Insert sigh here.] Therefore, you can implement TLS_FALLBACK_SCSV (a fake cipher suite advertised in the Client Hello message, which starts the SSL/TLS handshake) to hopefully prevent the attack. Another mitigation is to implement something called "anti-POODLE record splitting." In short, this splits records into several parts, ensuring none of them can be attacked. However, although this may frustrate the exploit's ability to gather data, it also may cause compatibility issues due to problems in server-side implementations.