# [ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography

This entry is part 22 of 30 in the series [ Certified Ethical Hacker Training ]

## Cryptography

### History to Know for the Exam

Polybius Square

Caesar Cipher (ROT12)

### Vocabulary

Cryptography: encoding/securing communications

Cryptoanalysis: cracking encrypted communications

Steganography

Algorythms / Ciphers

XOR

–>Hashing is not Encryption!

–>Encoding is not Encryption!

### Study and  Practice Sites

Cryptool: A site to practice crypto and learn how it works
https://www.cryptool.org/en/

### Tools to Know

CryptoBench: a Windows GUI tool that lets you create hashes, and encrypt and decrypt using both symmetric and asymmetric algorithms.

Cryptoforge is a free-trial/commercial tool for Windows, for encrypting/decrypting files:

https://www.cryptoforge.com/download/

Cryptr is a command-line tool that comes with Kali, and can encrypt/decrypt files using OpenSSL.

https://www.youtube.com/watch?v=JZvqqd942N4

## Types of Encryption

### Other Algorythms

Substitution Ciphers, like the Caesar Cipher, which is an alphabet rotation (ROT) tool.
See ROT in action at https://www.dcode.fr/rot-cipher
There’s a nice tool to unscramble these at https://quipqiup.com/

ROT Ciphers, like Morse Code. Is it encryption? Loosely speaking, yes. Try it out.
https://md5decrypt.net/en/Morse-code/
https://www.theproblemsite.com/reference/mathematics/codes/morse-code

The Atbash Cypher uses a reversed alphabet as the key.
https://www.hanginghyena.com/solvers_a/atbash-cipher-decoder

## Uses for Encryption

…of course

Diffie-Hellman

DSA

RSA

### PKI and Certificates (X.509)

CAs

RAs

CRLs

OCSP

Parts of a Cert:

• Version
• Serial number
• Subject
• Algorithm ID (Structure Algorithm)
• Issuer
• Valid From / Valid To
• Key usage (purpose of key, encryption or signature)
• Subject’s Public Key (the whole purpose)
• Optional fields

## Things That Are Like Crypto, But Are Not Crypto

MD5

SHA

### Steganography (Stego)

steghide (command)

### Encoding

Encoding is not encryption, though it used to be used for “secure” password storage and similar crappy confidentiality.

For example, Base64 encoding is a common tool:

“Base64 is not encryption — it’s an encoding. It’s a way of representing binary data using only printable (text) characters.” – https://stackoverflow.com/questions/4070693/what-is-the-purpose-of-base-64-encoding-and-why-it-used-in-http-basic-authentica

Most Linuxes will have a Base64 encoding/decoding tool built in:

```# To encode a file

base64 <filename>

# To decode an encoded file

base64 -d <filename>```

For more examples, like encoding a string instead of a file:

https://askubuntu.com/questions/178521/how-can-i-decode-a-base64-string-from-the-command-line

You will also run into:

HTML Encoding (for within page text)
https://www.urldecoder.org/

URL Encoding (for URLs, of course)

Hex Encoding

Unicode

Check out this primer:

https://skorks.com/2009/08/different-types-of-encoding-schemes-a-primer/

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering >>