Crypto Lab - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary

Doc Link

Lab Link

---

Ceasar Cipher

Caesar Cipher uses a key called a Shift, which transposes cleartext ‘x’ amount of times to the right, which results in ciphertext.

Encrypt & decrypt the following without online resources, just like the Romans!

• (ROT3) smegael = vphjdho
• (ROT4) frodo = jvshs
• (ROT9) gandalf = pjwmjuo
• (ROT13) caesar salad = pnrfne fnynq

Brute force time ... There’s no shift provided, so try all possibilities to decode!

• Maxr tkx mtdbgz max ahuubml mh blxgztkw = They are taking the hobbits to isengard. (ROT19)

Vigenère

Vigenère technique switches the alphabet used on each letter (called polyalphabetic), based upon a secret keyword. We start with a table of shifted alphabets:

Now, let’s encode the message “cyber is life” using the keyword “cncs”. We start by repeating the key

Railfence

When you rearrange plaintext in a "wave" pattern (down, down, up, up, down, down, etc.), it is called railfence encryption.

Decrypt the following ciphertext “crsyectba” built using 3 rails

• cybercats

Is Railfence a substitution or transposition cipher? Explain why.

• It is a transposition cipher because the letters are rearranged but they are not changed(ie not substituted for other letters)

Hashes

We learned how different hash functions produce a unique fixed string of data that should always match to verify data integrity, as long as the data doesn't change.

• open this link: https://defuse.ca/checksums.htm
• put in the plaintext "Cryptography is as much fun as a person can have!"

Are the checksums the same?

• No

How many characters long is each checksum?

• MD5 - 32
• SHA1 - 40
• SHA512 - 128

Change the phrase you typed in by removing one character and click "Calculate.”

Changed the capital C to a lowercase c

Is the checksum different from the previous computation?

• yes

HMAC

go to https://beautifytools.com/hmac-generator.php

Copy "Cryptography is as much fun as a person can have!" into the text box, then type a random string of text in the box "Key" that is displayed when you clicked on HMAC.

My HMAC

Partner HMAC

Is the checksum the same for you and your partners?

• No it is not because we both used different keys

Both of you type in “SEC250” as the HMAC key

My HMAC

Partner HMAC

download & check an ISO’s integrity, something you’ll be doing in our program frequently

• download the CentOS-7 Minimal 2009 ISO here(Or latest minimal build).

• open the sha265.sum.txt file. This checksum is what we are going to check the download’s checksum against.

• go to https://md5file.com/calculator and select the ISO you just downloaded.

• sha265.sum.txt file compared to the ISO file

• Do the both sets of checksums match? Yes

Fun with Public-Private Keys!

1. Download from gpg4win.org (select $0 to download for free) on your Windows 10 VM.

• There’s an extensive product tech guide with screenshots on how to install & operate this tool (https://files.gpg4win.org/doc/gpg4win-compendium-en.pdf)

2. Start the install after downloading

• select all components during install

The finished installation(it downloads an application called Kleopatra)

3. Creating a Key pair & Digital Certificate

• file > Key Pair > Create a personal OpenPGP key pair
• Insert your First & Last name, along with an email address.

passphrase is james

Fingerprint of the new certificate: A914 B7C6 3145 027B 9EA7 E38E 01B0 6060 3003 3800

4. File > Export your Secret Keys & name your output file your First_Last name, and then save it.

5. Download another key from https://ssl.intevation.de/Intevation-Distribution-Key.asc and save it to your Desktop.

6.Import the new key from your desktop, and after selecting it, you should get a message that 2 public keys are read & imported.

7. Right-click the keys, and now you can sign both which sets the trust for the keys after you've verified it is legit. (Here, we are assuming the verification process has occurred!)

• Now both certificates are certified

8. There’s a key created on 2010 & another on 2016. When selecting the Details tab ...

• What are the Key Types? 1,024 DSA and 3,072 RSA
• What are their precise expiration dates? 11/2/2021 and 3/16/2020
• What level is the Owner Trust (that’s you!)? full

9. Right-click on both keys, and Set Owners Trust to “ultimate”

• Are you able to set the permissions to ultimate? Why or why not? No you are not, in the older version you can, but they disabled that ability because its generally not a good idea to be able to change the trust to ultimate. I was not able to change from full to ultimate.

• What level is the Owner Trust on the keys now? For the key that I own I have unlimited trust, and for the key that I downloaded I have full trust.

Certificates: