## Cryptographic Attacks

Attacks that are used by cryptanalysts to recover the plaintext without the key.

### Brute force

Brute force attacks works on generating the entire key space. Given enough time it will recover the plaintext. Effective against key based ciphers except for one-time pad.

### Social Engineering

Involves using the human mind, by tricking, the key holder to reveal the secret key, or to perform a password reset, or directly bribe.

### Rainbow Tables

Pre-computed compilation of plaintexts and matching cipher texts (typically passwords and their matching hashes). Rainbow tables achieve s faster processing by forming long chains (rainbow chains) of password hashes using a reducton function. At the end everything in the chain maybe removed, except the first and last entry. These chains maybe rebuilt as needed, reconsituting all intermediate entries, saving large amounts of storage in exchange for time and CPU cycles.

### Known Plaintext

Relies on recovering and analyzing a matching plaintext and cipher text pair in order to recover the key so you can use the key for other ciphertexts.

### Chosen Plaintext and Adaptive chosen plaintext

A crypt analyst chooses the plaintext to be encrypted in a chosen plaintext attack; the goal is to derive the key. Adaptive chosen plaintext begins with a chosen plaintext attack in round 1. The crypt analyst then adapts further rounds of encryption based on previous rounds.

### Chosen Ciphertext and Adataptive chosen ciphertext

Chosen ciphertext attacks mirror chosen plaintext attacks: the difference is that the cryptanalyst chooses the ciphertext to be decrypted. This attack is usually launched against asymmetric cryptosystems, where the cryptanalsyt may choose public documents to decrypt that are signed with the user’s public key. Adaptive-chosen ciphertext also mirros it’s plaintext cousin: it begins with a chosen ciphertext attack in round 1. The cryptanalyst then adapts further rounds of decryption based on the previous round.

### Meet in the middle attack

A meet in the middle attack encrypts on onside and decrypts on the other side, and meets in the middle. This attack is done on double DES by using a known plaintext attack to recover the two keys in the “encrypt, encrypt” order. The attacker generates every value for key 1 used to encrypt the plaintext and generates every value for key 2 used to decrypt the ciphertext. If there is a match the attacker has found both key1 and key2 – allowing the attempts to be a total of 2^56+2^56=2^57 which is much less than 112 bits key length. This works on 3TDES too making it’s effective strength to 112bit.

### Known Key

Misleading name – what it really refers to is that attacker knows “something” about the key, ie number of characters, if it only uses lowercase etc, which helps reduce the effort used to attack.

### Differential Cryptanalysis

Seeks to find the difference between related plaintext that are encrypted. The cryptanalsyt analyzes the ciphertext for differences (by using a adaptive chosen plaintext attack). Every bit of related ciphertexts should have a 50/50 chance of flipping adding to the clues to recover the key.

### Linear Cryptanalysis

Is a known plaintext attack where the crypt analyst finds large amounts of plaintext/ciphertext pairs created with the same key and analyse them to derive the key. The combined Differential and Linear analysis is called *differential linear analysis*.

### Side-Channel Attacks

Uses physical data such as monitoring CPU cycles, power consumption used while encrypting/decrypting to break the cryptosystem.

### Implementation Attacks

Exploits a mistake (vulnerability) made while implementing the application. Such as searching for plaintext left in memory, virtual memory, temporary files that could be left behind due to poor application implementation and design.

### Birthday Attack

Based on the birthday paradox where the odds are greater than 50% that two will share the same birthday. The birthday attack is used to create hash collisions. Finding any input that creates a colliding has with any other input is easier due to the birthday attack.

### Key Clustering

Key clustering occurs when two symmetric keys applied to the same plaintext price the same ciphertext. This allows two different keys to decrypt the ciphertext.

## Implementing Cryptography

### Digital Signatures

Digital signatures are used to cryptographically sign documents to provide non-repudiation, which includes authentication of the identity of the signer and proof of the document’s integrity.

Here’s how:

- Sender writes email in plaintext and generates a SHA-1 hash of his plaintext
- Sender then creates a digital signature by encrypting the has with his RSA private key
- Sender then attaches his signature and sends it along with is plaintext email.
- The receiver opens the email and generates his own SHA-1 hash of the email
- He decrypts the signature with the sender’s public key to obtain the hash
- If the two hashes match, we know the sender must have sent the email (authenticates) as only the sender knows his private key and also the email (integrity) did not change. The sender cannot deny having sent this email (non-repudiation) as the hashes match

Authentication + integrity = nonrepudiation

### Message Authentication Code

A message authentication code (MAC) is a hash function that uses a key. A common MAC implementation is Cipher Block Chaining Message Authentication Code (CBC-MAC), which users CBC mode of a symmetric block cipher such as DES to create a MAC. Message authentication codes provide integrity and authenticity (proof that the sender possesses the shared key)

### HMAC

A hashed message authentication code (HMAC) combines a shared key with hashing. IPSEC uses HMACS.

Two parties must pre-share a key. Once shared, the sender uses XOR to combine the plaintext with a shared key, and then hashes the output using an algorithm such as MD5 (called HMAC-MD5) or SHA1 (called HMAC-SHA-1). That hash is then combined with the key again, creating an HMAC. The receiver does the same and compares the senders HMAC. If the two match, the sender is authenticated (proves the sender knows the key) and the message’s integrity is assured.