Posted on by Glenn

[ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography

This entry is part 22 of 30 in the series [ Certified Ethical Hacker Training ]

[ Certified Ethical Hacker Training ]

Cryptography

History to Know for the Exam

Polybius Square

Caesar Cipher (ROT12)

Vocabulary

Cryptography: encoding/securing communications

Cryptoanalysis: cracking encrypted communications

Steganography

Algorythms / Ciphers

XOR

–>Hashing is not Encryption!

–>Encoding is not Encryption!

Study and  Practice Sites

Cryptool: A site to practice crypto and learn how it works
https://www.cryptool.org/en/

Tools to Know

CryptoBench: a Windows GUI tool that lets you create hashes, and encrypt and decrypt using both symmetric and asymmetric algorithms.

CryptoBench

Cryptoforge is a free-trial/commercial tool for Windows, for encrypting/decrypting files:

https://www.cryptoforge.com/download/

Cryptr is a command-line tool that comes with Kali, and can encrypt/decrypt files using OpenSSL.

https://www.youtube.com/watch?v=JZvqqd942N4

 Types of Encryption

Symmetric

Asymmetric

Other Algorythms

Substitution Ciphers, like the Caesar Cipher, which is an alphabet rotation (ROT) tool.
See ROT in action at https://www.dcode.fr/rot-cipher
There’s a nice tool to unscramble these at https://quipqiup.com/

ROT Ciphers, like Morse Code. Is it encryption? Loosely speaking, yes. Try it out.
https://md5decrypt.net/en/Morse-code/
https://www.theproblemsite.com/reference/mathematics/codes/morse-code

The Atbash Cypher uses a reversed alphabet as the key.
https://www.hanginghyena.com/solvers_a/atbash-cipher-decoder

Uses for Encryption

Confidentiality

…of course

Key Exchange

Diffie-Hellman

Signatures

DSA

RSA

PKI and Certificates (X.509)

CAs

RAs

CRLs

OCSP

Parts of a Cert:

    • Version
    • Serial number
    • Subject
    • Algorithm ID (Structure Algorithm)
    • Issuer
    • Valid From / Valid To
    • Key usage (purpose of key, encryption or signature)
    • Subject’s Public Key (the whole purpose)
    • Optional fields

Things That Are Like Crypto, But Are Not Crypto

Hashing

MD5

SHA

Steganography (Stego)

steghide (command)

Encoding

Encoding is not encryption, though it used to be used for “secure” password storage and similar crappy confidentiality.

For example, Base64 encoding is a common tool:

“Base64 is not encryption — it’s an encoding. It’s a way of representing binary data using only printable (text) characters.” – https://stackoverflow.com/questions/4070693/what-is-the-purpose-of-base-64-encoding-and-why-it-used-in-http-basic-authentica

Most Linuxes will have a Base64 encoding/decoding tool built in:

# To encode a file

base64 <filename>

# To decode an encoded file

base64 -d <filename>

For more examples, like encoding a string instead of a file:

https://askubuntu.com/questions/178521/how-can-i-decode-a-base64-string-from-the-command-line

You will also run into:

HTML Encoding (for within page text)
https://www.urldecoder.org/

URL Encoding (for URLs, of course)

Hex Encoding

Unicode

Check out this primer:

https://skorks.com/2009/08/different-types-of-encoding-schemes-a-primer/

 

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering >>