Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crypto for CTFs.

Published byStéphanie Alizée Laframboise Modified over 5 years ago

Similar presentations

Presentation on theme: "Crypto for CTFs."— Presentation transcript:

1 Crypto for CTFs

2 In This Talk (I promise there won’t be any math)
Security Services Classical (Substitution) Ciphers Why those suck Bitwise encodings Random Number Generators Entropy Frequency Analysis

3 XKCD, “Security” available at https://xkcd
XKCD, “Security” available at under Creative Commons Attribution-NonCommercial 2.5 License

4 Security Keywords Give you hints as to what the question is asking
‘Plaintext’ ‘Ciphertext’ ‘Encrypt’ ‘Decrypt’ ‘Key’ ‘Sign’

5 Security Services Confidentiality - ensure that data is hidden
Authentication - ensure that data comes from who it says it does Integrity - ensure that data isn’t altered in transit Non-repudiation - ensure that when Alice sends Bob data, Alice can’t take back later that she sent it

6 Encodings Base64 Base32 Hex encoding - H(0xdeadbeef) => “deadbeef”

7 Substitution (classical) ciphers
Caesar Cipher - shift each letter by a constant amount Atbash Cipher - Convert each letter to the l-26 % 26 letter Vignere Cipher - shift each letter by a corresponding letter in the codeword Oftentimes, non-alpha characters stay the same

8 How to solve: Atbash No key: A always maps to Z, etc
Ciphertext: R nfhg hzb, Nrgxs rh ollprmt tivzg glwzb!

9 How to solve: Caesar Key fact: There are only 26 possible shifts
Ciphertext: Hdoxc dn vi zsxzggzio ozvxczm Try each possible key, see if ciphertext makes sense: Key 1: Iepyd eo wj atyahhajp pawydan Key 2: Jfqze fp xk buzbiibkq qbxzebo ….

10 How to solve: Vignere Short ciphertexts: brute force
Long ciphertexts: frequency analysis Certain characters in the english alphabet are more common than others 2-character sequences… 3-character sequences…

11 Why substitution ciphers are bad
Kerckhoff's Principle - A cryptosystem should be secure even if an attacker knows everything about the system (other than a secret key) In contrast to “Security through obscurity” (All three previous examples, Windows). You should assume attackers will gain access to system details Modern ciphers combine Substitution and Permutation - if you change one number or input it completely, seemingly randomly changes occur throughout the new ciphertext

12 Why substitution ciphers are bad
Modern ciphers combine Substitution and Permutation - if you change one number or input it completely, seemingly randomly changes occur throughout the new ciphertext Modern concept of “perfect secrecy” - none of these are perfectly secret - or even close

13 Perfect Secrecy Ciphertext conveys no information about the plaintext
Key length > plaintext length Ex. vignere cipher with keyword longer than message (eh…) Key: thisisakey, Message: hello, ciphertext: altdw One-Time Pads

14 Bitwise Encoding Messages are often represented as binary strings (ASCII, etc) XOR encoding ⊕ A B Result 1

15 Bitwise encoding continued (Need to know for interviews!)
Very nice mathematical properties! A ⊕ 0 = A A ⊕ A = 0, A ⊕ B = R => A ⊕ R = B Example: A=1100 B=1010 A ⊕ 0000 = A, A ⊕ A = 0000, A ⊕ B = 0110, A ⊕ 0110 = 1010 Critical for symmetric cryptography Good for CTFs

16 One-Time Pad Random sequence of 1s and 0s Bitwise XOR encrypt
Ciphertext: No way to get what the plaintext is without info on the key Don’t use twice! (hence one-time) Crib-drag: xor ciphertext with different offsets ciphertexts crib-drag.html

17 Random Number Generators
Goal: Create a stream of random numbers to create a one-time pad without needing to reuse any bits Problem: How to implement this? Problem: How to share this information secretly?

18 How to implement?

19 How to share this info?

20 Pseudo Random Number Generators (PRNG)
Idea: Create a “sharable” RNG The only parameter you need to share for reproducibility is a key and/or seed Goal: It should be practically impossible for attacker to guess the inner state or any future states from a subsequence of output Goal: It should be practically impossible for an attacker to guess previous subsequence given an inner state Subgoal: There should be about as many 0 bits as 1 bits

21 Pseudo Random Number Generators (PRNG)
Problem: PRNGs must have a finite state, introducing period of generated numbers Problem: Mathematic difficulty creating a proper PRNG

22 PRNG Examples Linear Congruential Generator Mersenne Twister
Blum Blum Shub

23 Example: Blum Blum Shub
Generate two large primes p and q and a seed s (= x-1) Calculate xn+1 = x2n mod M

24 Modular Arithmetic science/cryptography/modarithmetic/a/what-is-modular-arithmetic

25 Entropy Entropy is a measure of the randomness of data
Many different ways to measure Can you think of any?

26 Entropy Let’s look at a random byte: “ ”

27 Look Closer:

28 Entropy This byte may not seem random, but it has an equal probability of occuring in a truly random sequence of bytes as any other This is why it is important to measure entropy over large sample sizes

29 Frequency Analysis Fact: Each letter in the english language has a certain frequency of use A simple computation will give us the frequencies - for each letter a through z, divide the total number of times it has been spoken or written and divide by the number of all letters ever spoken or written In practice we use a representative sample to compute these frequencies 2004/cryptography/subs/frequencies.html Why is this useful?

30 Frequency Analysis Substitution Ciphers - Frequency of original letters unchanged, but transferred to new letters I.e. If ‘x’ is the most frequent letter in the ciphertext, it is reasonable to assume this correlates with the plaintext letter ‘e’ Idea can be extended to Single-Byte XOR Letter Bigram and Trigram frequencies can be more useful than single- letter frequencies Idea can be extended to Multi-Byte XOR HW will walk you through a FA problem

Download ppt "Crypto for CTFs."

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Fubswrjudskb Frxuvh qxpehu:4003-482 / 4005-705 Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.

Fubswrjudskb Frxuvh qxpehu: / Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
CS470, A.SelcukIntroduction1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIntroduction1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Cryptography Week-6.

Cryptography Week-6.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Section 2.1: Shift Ciphers and Modular Arithmetic The purpose of this section is to learn about modular arithmetic, which is one of the fundamental mathematical.

Section 2.1: Shift Ciphers and Modular Arithmetic The purpose of this section is to learn about modular arithmetic, which is one of the fundamental mathematical.
Lec. 5 : History of Cryptologic Research II

Lec. 5 : History of Cryptologic Research II
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Symmetric-Key Cryptography

Symmetric-Key Cryptography
Cryptography Lecture 2: Classic Ciphers Piotr Faliszewski.

Cryptography Lecture 2: Classic Ciphers Piotr Faliszewski.
Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.

Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.
Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.

Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.
CRYPTANALYSIS OF STREAM CIPHER Bimal K Roy Cryptology Research Group Indian Statistical Institute Kolkata.

CRYPTANALYSIS OF STREAM CIPHER Bimal K Roy Cryptology Research Group Indian Statistical Institute Kolkata.
Traditional Symmetric-Key Ciphers

Traditional Symmetric-Key Ciphers

Similar presentations

Ads by Google