Cryptography
History to Know for the Exam
Polybius Square
Caesar Cipher (ROT12)
Vocabulary
Cryptography: encoding/securing communications
Cryptoanalysis: cracking encrypted communications
Steganography
Algorythms / Ciphers
XOR
–>Hashing is not Encryption!
–>Encoding is not Encryption!
Study and Practice Sites
Cryptool: A site to practice crypto and learn how it works
https://www.cryptool.org/en/
Tools to Know
CryptoBench: a Windows GUI tool that lets you create hashes, and encrypt and decrypt using both symmetric and asymmetric algorithms.
Cryptoforge is a free-trial/commercial tool for Windows, for encrypting/decrypting files:
https://www.cryptoforge.com/download/
Cryptr is a command-line tool that comes with Kali, and can encrypt/decrypt files using OpenSSL.
https://www.youtube.com/watch?v=JZvqqd942N4
Types of Encryption
Symmetric
Asymmetric
Other Algorythms
Substitution Ciphers, like the Caesar Cipher, which is an alphabet rotation (ROT) tool.
See ROT in action at https://www.dcode.fr/rot-cipher
There’s a nice tool to unscramble these at https://quipqiup.com/
ROT Ciphers, like Morse Code. Is it encryption? Loosely speaking, yes. Try it out.
https://md5decrypt.net/en/Morse-code/
https://www.theproblemsite.com/reference/mathematics/codes/morse-code
The Atbash Cypher uses a reversed alphabet as the key.
https://www.hanginghyena.com/solvers_a/atbash-cipher-decoder
Uses for Encryption
Confidentiality
…of course
Key Exchange
Diffie-Hellman
Signatures
DSA
RSA
PKI and Certificates (X.509)
CAs
RAs
CRLs
OCSP
Parts of a Cert:
-
- Version
- Serial number
- Subject
- Algorithm ID (Structure Algorithm)
- Issuer
- Valid From / Valid To
- Key usage (purpose of key, encryption or signature)
- Subject’s Public Key (the whole purpose)
- Optional fields
Things That Are Like Crypto, But Are Not Crypto
Hashing
MD5
SHA
Steganography (Stego)
steghide (command)
Encoding
Encoding is not encryption, though it used to be used for “secure” password storage and similar crappy confidentiality.
For example, Base64 encoding is a common tool:
“Base64 is not encryption — it’s an encoding. It’s a way of representing binary data using only printable (text) characters.” – https://stackoverflow.com/questions/4070693/what-is-the-purpose-of-base-64-encoding-and-why-it-used-in-http-basic-authentica
Most Linuxes will have a Base64 encoding/decoding tool built in:
# To encode a file base64 <filename> # To decode an encoded file base64 -d <filename>
For more examples, like encoding a string instead of a file:
https://askubuntu.com/questions/178521/how-can-i-decode-a-base64-string-from-the-command-line
You will also run into:
HTML Encoding (for within page text)
https://www.urldecoder.org/
URL Encoding (for URLs, of course)
Hex Encoding
Unicode
Check out this primer:
https://skorks.com/2009/08/different-types-of-encoding-schemes-a-primer/