Please enable JavaScript.
Coggle requires JavaScript to display documents.
Hacker101 (Crypto Attacks) (Good practice (Padding (data encrypted block…
Hacker101
(Crypto Attacks)
Stream Cipher Reuse
generate stream of random bytes
XORed
plaintext
produce ciphertext
feed a given key
into stream cipher
generate same
output bytes
decryption works same as encryption
Exclusive OR
binary opetation
ECB Block Reordering
(Electronic Codebook)
DES-ECB encrypted cookie
DES uses 8 byte blocks
encrypted form new cookie
decrypts to valid admin cookie
ECB Decryption
Mitigation
MACing data after encryption
validating MAC bef decryption
Good practice
Never Mac-then-encrypt
decrypt data
validate MAC
introduce problems
padding orcales
Padding
PKCS#7
a byte padding
01 byte
2 bytes padding
02 bytes
padding oracle
CBC-mode data
padded with PKCS#7
CBC (Cipher block chaining)
Initialization vector(IV)
certain length
chaining mechanism
decryption
block of ciphertext
behave differently
decrypting improperly padded data VS
properly padded data
????
data encrypted block cipher
not fall neatly on block boundary
nothing stopping chopping blocks off the end
data truncated
decrypt properly
always pad data
even if multiple block size
Initialization vector
arbitrary number
used along with secret key
data encrytion
nonce
employed only one time
Hash Extension
MD5, SHA1,
Merkle-Damgard construction hashes
digest returned
internal state of
hash algorithm
Hash
1) initialize hash state
2) for each block of data
a. mix it into hash state
3) pad the hash
4) output internal hash state