## 6) Cryptography

Information plays a vital role in business, organisations, military operations, and so on. D.

Information,

which is in the hands of others, can lead to loss of business or catastrophic consequences. To secure communications, businesses can use cryptology to encrypt information

. Cryptology involves converting information into a non-human readable format and vice versa.

In this article, we will introduce you to the world of cryptology and how you can protect information from falling into the wrong hands.

## Topics covered in this tutorial

• What is cryptography?• What is cryptanalysis?

• What is cryptology?

• Encryption algorithms

• Hacking Activities: Hack Now!

## What is cryptography?

Cryptography is the study and application of techniques that hide the real meaning of information, turning it into non-human-readable formats and vice versa.

Let's illustrate this with an example. Suppose you want to send the message “I love apples,” you can replace each letter in the phrase with the third consecutive letter in the alphabet. The encrypted message will be "K NQXG CRRNGV". To decipher our message, we will have to go back three letters in the alphabet using the letter we want to decipher. The image below shows how the conversion is done.

The process of converting information into non-human form is called encryption.

The process of reversing encryption is called

decryption

.

Decryption is carried out using a

secret key that

is known only to the legitimate recipients of the information. The key is used to decrypt hidden messages. This makes the communication secure, because even if an attacker succeeds in obtaining information, it will not make sense to them.

The encrypted information is called a

cipher

.

## What is cryptanalysis?

**Cryptanalysis is the art of trying to decrypt encrypted messages without using the key that was used to encrypt the messages.**Cryptanalysis uses mathematical analysis and algorithms to decipher ciphers. The success of cryptanalysis attacks depends

◇ The amount of time available

◇ Available computing power

◇ Available capacity

Below is a list of the most commonly used cryptanalysis attacks;

◇

**Brute force attack**- This type of attack uses algorithms that try to guess all possible logical combinations of the plaintext, which are then encrypted and compared to the original cipher.

◇

**Dictionary attack**- This type of attack uses a list of words to find a match of either a plaintext or a key. This is mainly used when trying to crack encrypted passwords.

◇

**Rainbow Table Attack**- This type of attack compares the ciphertext with pre-computed hashes to find matches.

## What is cryptology?

Cryptology combines the methods of cryptography and cryptanalysis.

## Encryption algorithms

**MD5**is an abbreviation for Message-Digest 5. It is used to generate 128-bit hash values. In theory, hashes cannot be reverted back to the original text. MD5 is used to encrypt passwords as well as to verify data integrity. MD5 is not collision resistant. Collision resistance is the difficulty in finding two values that give the same hash value.

◇

**SHA**stands for Secure Hash Algorithm. SHA algorithms are used to generate compressed representations of a message (message digest). It has various versions such as;

◇

**SHA-0**: Creates 120-bit hash values. It was taken out of service due to significant flaws and replaced with SHA-1.

◇

**SHA-1**: Produces 160-bit hash values. This is similar to earlier versions of MD5. It has cryptographic weakness and has been deprecated for use since 2010.

◇

**SHA-2**: It has two hash functions, namely SHA-256 and SHA-512. SHA-256 uses 32-bit words, while SHA-512 uses 64-bit words.

◇

**SHA-3**: This algorithm was formally known as Keccak.

◇

**RC4**- This algorithm is used to generate stream ciphers. It is primarily used in protocols such as

**Secure Socket Layer (SSL)**to encrypt internet communications and

**Wired Equivalent Privacy (WEP)**to secure wireless networks.

◇

**BLOWFISH**- This algorithm is used to create symmetric locking ciphers. It can be used to encrypt passwords and other data.

## Hacking Activities: Use CrypTool

In this hands-on scenario, we will create a simple cipher using the RC4 algorithm. Then we will try to decipher it with a brute attack. For this exercise, assume that we know that the secret encryption key is 24 bits. We will use this information to break the cipher.

We will be using CrypTool 1 as our cryptology tool. CrypTool 1 is an open source educational tool for cryptological research. You can download it from https://www.cryptool.org/en/ct1-downloads

## Create RC4 Stream Cipher

We will encrypt the following phrase

*Never underestimate the determination of a child who is rich in time and poor.*

We will use 00 00 00 as the encryption key.

◇ Open CrypTool 1

◇ Replace the text “Never underestimate the determination of a child who is rich in time and poor.”

◇ Click on the encryption / decryption menu

◇ Point to Symmetrical (modern), then select RC4 as shown above.

◇ The following window will appear

◇ Choose 24 bits as encryption key

◇ Set the value 00 00 00

◇ Click on the Encrypt button

◇ You will get the following stream cipher

## Attack stream cipher

◇ Click on the analysis menu

◇ Specify symmetric encryption (modern), then select RC4 as shown above.

◇ You will get the following window

◇ Remember the assumption made that the secret key is 24 bits. So make sure you choose 24 bits as the key length.

◇ Click on the Start button. You will get the following window

◇ Note: The time it takes to complete a brute force analysis attack depends on the processing power of the machine used and the key length. The longer the key length, the longer it takes to complete the attack.

◇ When the analysis is complete, you will receive the following results.

◇ Note: A lower entropy number means that this is the most likely correct result. Perhaps the correct result will be higher than the lowest entropy value found.

◇ Select the line that best suits your needs, then click the Accept button when done.

## Summary

◇ Cryptography is the science of encrypting and decrypting messages.

◇ A cipher is a message that has been converted to a human-readable format.

◇ Decryption is the reverse encryption back to the original text.

◇ Cryptanalysis is the art of decrypting ciphers without knowing the key used to encrypt them.

◇ Cryptology combines the methods of both cryptography and cryptanalyst.

Post a Comment (0)