mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-12-15 07:53:43 -05:00
crypto
This commit is contained in:
bt3gl
parent
e36532ca5e
commit
37268762e1
2 changed files with 228 additions and 0 deletions
|
|
@ -1,5 +1,8 @@
|
|||
# Cryptography
|
||||
|
||||
* Often data is just encoded in base64 or hex. Other thimes it's just compressed (gzip).
|
||||
|
||||
|
||||
|
||||
|
||||
## MD5
|
||||
|
|
@ -225,7 +228,34 @@ $ ./openssl s_client --no_tls1 --no_ssl3 --connect <WEBSITE>:443
|
|||
* For Identification and verification of encoding supported by the Website we can use **EcoScan34**.
|
||||
|
||||
|
||||
---
|
||||
|
||||
## Block Cipher Encryption
|
||||
|
||||
* Electronic code book (ECB) mode.
|
||||
* Simplest and default block cipher mode.
|
||||
* Message is split into blocks and each is encrypted separately.
|
||||
* Disavantage: identical plaintext block encrypts to identical cipher text block (for example, figures).
|
||||
|
||||
### Attacking Randomness
|
||||
|
||||
* Good Randomness is vital for cryptographic operations.
|
||||
|
||||
* Two common attack against a PRNG :
|
||||
- PRGN state is reconstructed from its output.
|
||||
- Same PRNG is used more than once.
|
||||
|
||||
* Statistically random is not secure random!
|
||||
- if a PRNG is seeded with a value the attacker can influence, the state of the PRNG is likely compromised.
|
||||
|
||||
* Seed race condition attacks:
|
||||
- System clock often used to seed PRNG
|
||||
- Submit 10's or 100's of rquests at a time. Seed a PRNG with the same system clock and the output will be the same.
|
||||
|
||||
|
||||
|
||||
|
||||
----
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue