SlideShare ist ein Scribd-Unternehmen logo

No-Knowledge Crypto Attacks

Als PPTX, PDF herunterladen
B
BaronZor

Attacks against badly implemented cryptography that don't require in-depth knowledge of cryptography.

Technologie
1 von 42
COPYRIGHT TRUSTWAVE 2011 Presented by: No-Knowledge Crypto Attacks Daniel Crowley
Structure › Background › Attack! › Potential Win
IDENTIFYING CIPHERTEXT “Yep, it‟s wood”
Properties of ciphertext › Appears random › Generally encoded › Decoded length often multiple of 8/16/32 –Block ciphers
Example › Base64 encoded › Decodes to 80 bytes › Ent shows strong signs of randomness › Probably ciphertext (okay, it is, I generated it)
REPLAY ATTACK Bait and switch
Background › Reuse of cryptovariables › Trust in decrypted data
Attack! › Reuse ciphertext OR › Find two places where ciphertext is being accepted › Swap them around
Potential Win › Ciphertext from “article.php?id=(ciphertext)” › Placed in “doPasswordReset.php?userid=(ciphertext)” › Reset password for another user
DECRYPTION ORACLE Decrypt ALL the things!
Background › Application takes encrypted input › Application decrypts input › Application gives you decrypted output
Identifying Decryption Oracles › Look for encrypted input › Modify input and look for garbled response
Attack! › Take ciphertext from another location › Plug into decryption oracle
Potential Win › “Password” cookie with encrypted value › Plug cookie into decryption oracle › PASSWORDS!
ENCRYPTION ORACLE Encrypt ALL the things!
Background › Application takes plaintext input › Application encrypts input › Application gives you encrypted output
Identifying Encryption Oracles › Look for ciphertext in responses › Modify input and look for modified ciphertext › Length is often the giveaway
Attack! › Encrypt strings like ‘ or 1=1# › Plug encrypted string into any encrypted input › Cross your fingers
Potential Win › resetpass.php?id=(ciphertext) › resetpass.php?id=( ENC(„ or 1=1 #) ) › SQLi!
STREAM CIPHER BIT FLIPPING Flipping easy
Background › Construction is simple › Same key & IV means same keystream › Reusing cryptovariables means catastrophic failure
0 1 1 0 0 1 0 0 1 0 1 0 1 0 1 0 1 1 0 0 1 1 1 0
0 1 1 0 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 0 1 1 1 1
Attack! › Flip bits in ciphertext input › Same bits in plaintext are flipped › No modification to other parts of message
Potential Win › Plaintext –username=fred&admin=0 › Flip lots of bits until… –username=fred&admin=1
STREAM CIPHER KEYSTREAM RECOVERY I couldn‟t think of anything funny for this one
Attack! › Guess plaintext of an encrypted message › XOR plaintext and ciphertext to get suspected keystream › XOR suspected keystream with unknown ciphertext –Attempt to read message
Definite Win › Ability to encrypt and decrypt anything – In byte positions where known plaintext resides
ECB BLOCK SHUFFLING Every day I‟m shufflin‟
Background › ECB is a block cipher mode › Each block is encrypted independent of others › Blocks can be reordered, removed, duplicated
BLOCK 1 CIPHER BLOCK 1 BLOCK 2 CIPHER BLOCK 2 BLOCK 3 CIPHER BLOCK 3 PLAIN TEXT CIPHER TEXT
Attack! › Shuffle blocks around randomly in encrypted messages › Cross your fingers!
Plaintext before modification 0 1 2 3 4 5 6 7 L A S T V I S I T E D = / E N / H O M E . J S P & U S E R I D = 1 2 3 4 x04 x04 x04 x04 lastVisited=/en/home.jsp&userId=1234
Plaintext after modification 0 1 2 3 4 5 6 7 L A S T V I S I T E D = / E N / H O M E . J S P & U S E R I D = 1 & F O O = B A 1 2 3 4 x04 x04 x04 x04 lastVisited=/en/home.jsp&userId=1&foo=ba1234
CBC BIT FLIPPING Flipping awesome
Background › CBC is a block cipher mode › When decrypting, each block affects next block › Flipping bits in ciphertext block n – Garbles plaintext block n – Flips same bits in plaintext block n+1
BLOCK A IV CIPHER BLOCK A BLOCK B CIPHER BLOCK B BLOCK C CIPHER BLOCK C PLAIN TEXT CIPHER TEXT
BLOCK A IV CIPHER BLOCK A BLOCK B CIPHER BLOCK B BLOCK C CIPHER BLOCK C PLAIN TEXT CIPHER TEXT
Attack! › Submit ciphertext multiple times › Flip a different bit each time › Cross your fingers!
Potential Win › Plaintext is: –lastVisited=http://example.com/home.jsp&u id=124%01 –(lastVisited=http)(://example.com/h)(ome.js p&uid=124%01) • Split into 16 byte blocks › Flip bits in bytes 13-15 in block 2 –Block 2 becomes garbage –“124” in block 3 has bits flipped in plaintext
MISCELLANEOUS Bonus round!
Other Fun Attacks › Padding Oracles – padBuster.pl › Hash length extension attacks – Hash_extender

Empfohlen

Lecture 2
Lecture 2Lecture 2
Lecture 2
fadwa_stuka
 
CISSP Week 18
CISSP Week 18CISSP Week 18
CISSP Week 18
jemtallon
 
Classic Information encryption techniques
Classic Information encryption techniquesClassic Information encryption techniques
Classic Information encryption techniques
Jay Nagar
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
Classical Encryption
Classical EncryptionClassical Encryption
Classical Encryption
Shafaan Khaliq Bhatti
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
Hossain Md Shakhawat
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Janani S
 
Cryptography
CryptographyCryptography
Cryptography
Harry Potter
 

Empfohlen

Lecture 2
Lecture 2Lecture 2
Lecture 2
fadwa_stuka
 
CISSP Week 18
CISSP Week 18CISSP Week 18
CISSP Week 18
jemtallon
 
Classic Information encryption techniques
Classic Information encryption techniquesClassic Information encryption techniques
Classic Information encryption techniques
Jay Nagar
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
Classical Encryption
Classical EncryptionClassical Encryption
Classical Encryption
Shafaan Khaliq Bhatti
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
Hossain Md Shakhawat
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Janani S
 
Cryptography
CryptographyCryptography
Cryptography
Harry Potter
 
Cryptography basics
Cryptography basicsCryptography basics
Cryptography basics
Shellmates
 
Security Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - BeliaievSecurity Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - Beliaiev
Nazar Tymoshyk, CEH, Ph.D.
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
saqib1611
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
Asad Ali
 
Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!) Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!)
Breanne Boland
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
Mohd Arif
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
Mohamed Loey
 
Ch02
Ch02Ch02
Ch02
Joe Christensen
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network security
sathu30
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
nathanurag
 
Doing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthDoing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions South
Tom Croucher
 
Pack/Unpack: manipulate binary data
Pack/Unpack: manipulate binary dataPack/Unpack: manipulate binary data
Pack/Unpack: manipulate binary data
Lambert Lum
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2
Mohamed Loey
 
00-Review of Linux Basics
00-Review of Linux Basics00-Review of Linux Basics
00-Review of Linux Basics
behrad eslamifar
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward Schaefer
Information Security Awareness Group
 
CryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptxCryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptx
BhavikaGianey
 
Cool crypto concepts JavaZone
Cool crypto concepts JavaZoneCool crypto concepts JavaZone
Cool crypto concepts JavaZone
Roy Wasse
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
0xdec0de
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
Vlad Garbuz
 
Hollywood style decryption
Hollywood style decryptionHollywood style decryption
Hollywood style decryption
idsecconf
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
faffyman
 
SIGNAL - Practical Cryptography
SIGNAL - Practical CryptographySIGNAL - Practical Cryptography
SIGNAL - Practical Cryptography
Kelley Robinson
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - BeliaievSecurity Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - Beliaiev
Nazar Tymoshyk, CEH, Ph.D.
 
Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!) Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!)
Breanne Boland
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
Mohd Arif
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network security
sathu30
 

Was ist angesagt? (15)

Cryptography basics
Cryptography basicsCryptography basics
Cryptography basics
 
Security Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - BeliaievSecurity Hole #11 - Competitive intelligence - Beliaiev
Security Hole #11 - Competitive intelligence - Beliaiev
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!) Etc services is made of ports! (and people!)
Etc services is made of ports! (and people!)
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
 
Ch02
Ch02Ch02
Ch02
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network security
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
 
Doing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthDoing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions South
 
Pack/Unpack: manipulate binary data
Pack/Unpack: manipulate binary dataPack/Unpack: manipulate binary data
Pack/Unpack: manipulate binary data
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2
 
00-Review of Linux Basics
00-Review of Linux Basics00-Review of Linux Basics
00-Review of Linux Basics
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward Schaefer
 

Ähnlich wie No-Knowledge Crypto Attacks

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
0xdec0de
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
tarekiceiuk
 

Ähnlich wie No-Knowledge Crypto Attacks (20)

CryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptxCryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptx
 
Cool crypto concepts JavaZone
Cool crypto concepts JavaZoneCool crypto concepts JavaZone
Cool crypto concepts JavaZone
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
 
Hollywood style decryption
Hollywood style decryptionHollywood style decryption
Hollywood style decryption
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
SIGNAL - Practical Cryptography
SIGNAL - Practical CryptographySIGNAL - Practical Cryptography
SIGNAL - Practical Cryptography
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attack
 
Daniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesDaniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic Oracles
 
FormacaoCrypto
FormacaoCryptoFormacaoCrypto
FormacaoCrypto
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Cool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFOCool Crypto Concepts CodeOne SFO
Cool Crypto Concepts CodeOne SFO
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - Overview
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynote
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
 
DEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackersDEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackers
 

Mehr von BaronZor

Mehr von BaronZor (6)

The Patsy Proxy
The Patsy ProxyThe Patsy Proxy
The Patsy Proxy
 
Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013
 
Why UPnP is awesome and terrifying
Why UPnP is awesome and terrifyingWhy UPnP is awesome and terrifying
Why UPnP is awesome and terrifying
 
Advanced SQL Injection with SQLol
Advanced SQL Injection with SQLolAdvanced SQL Injection with SQLol
Advanced SQL Injection with SQLol
 
Jack of all Formats
Jack of all FormatsJack of all Formats
Jack of all Formats
 
Windows File Pseudonyms
Windows File PseudonymsWindows File Pseudonyms
Windows File Pseudonyms
 

Kürzlich hochgeladen

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 

Kürzlich hochgeladen (20)

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 

No-Knowledge Crypto Attacks

Hinweis der Redaktion

  1. If you care how it works, pay attention to the Background slidesBuy me a beer and ask for more detailsMore understanding makes these attacks more effective
  2. Ciphertext generated using a sound algorithm shows signs of randomnessEnt is a nice tool for testing randomness of datahttp://fourmilab.ch/randomRandom bytes play hell with lots of protocolsUsual suspects:Base64URL-safe Base64ASCII hexURL encodingDecoded length is often a multiple of 8/16/32 bytesAuthenticated crypto generally adds another 4 bytes
  3. Developers reuse cryptovariablesKeyIVCipherDevelopers usually reuse cryptovariables and trust that the data they have decrypted using their application is sane, due to the poor assumption that no one can generate or alter the encrypted data without the key.No input validationNo error handling
  4. Similar to fuzzing for XSSBit flipping should produce garbled dataWith authenticated crypto, swapping ciphertext might work
  5. Similar to fuzzing for XSS
  6. Stream ciphersProduce pseudo-random bytes (keystream) using key & IVEncryption/Decryption: XOR with keystreamIV reuse was the downfall of WEP
  7. Here is a multi-byte XOR operation. We assume this to be a part of a stream cipher. The middle row is the keystream, which is XORed with the ciphertext to decrypt the message.
  8. We do not know the keystream, but we know that flipping the bits of the ciphertext results in corresponding bits of the plaintext being flipped.
  9. Other messages’ blocks can be used tooRequires key reuse