Encryption Cracking and Tools

Apply Your Knowledge

Cryptography forms an important part of the CIA triad of security. Confidentiality is primarily protected with encryption. In this Apply Your Knowledge, you are going to look at some cryptographic tools and techniques.

Exercises

12.1. Examining an SSL Certificate

To get a better understanding of how SSL works, this exercise will have you examine an SSL certificate.

Estimated Time: 10 minutes.

  1. Open your browser and navigate to: http://mail2web.com. After you're there, choose the secure login option. To view a secured page, a warning will appear indicating that you are about to view pages over a secure connection.
  2. Click OK.
  3. Double-click the SSL icon. (The padlock icon in the status bar.)
  4. Review the certificate information.
  5. Click the Details tab.
  6. Click each field. To view the contents of each field, the following information is provided:

    • Version The version of X.509 used to create the certificate.
    • Serial Number The unique serial number for the certificate.
    • Signature Algorithm The encryption algorithm used to create the certificate's signature.
    • Issuer The issuer of the certificate.
    • Valid From The date from which the certificate is valid.
    • Valid To The date after which the certificate expires.
    • Subject Used to establish the certificate holder, which typically includes the identification and geographic information.
    • Public Key The certificate's encrypted public key.
    • Thumbprint Algorithm The encryption algorithm used to create the certificate's thumbprint.
    • Thumbprint The encrypted thumbprint of the signature (for instance, message digest).
    • Friendly Name The descriptive name assigned to the certificate.
  7. Click the Certification Path tab.
  8. Click View Certificate to view the certificate of the CA.
  9. Return to https://www.mail2web.com certificate. When does the certificate expire? Is it valid? Hopefully so; otherwise, you should have seen an error message displayed.
  10. What algorithm was used to create the message digest? Was it MD5 or SHA-1?
  11. What is the algorithm used to sign the certificate?
  12. How does the browser indicate whether an HTTPS page was displayed? It should show https in the URL window and display a small lock in the lower right-hand corner of the browser.

12.2. Using PGP

In this exercise, you will install PGP.

Estimated Time: 10 minutes.

  1. Install the trial version of PGP desktop from http://www.pgp.com/downloads/freeware/.
  2. Notice that after PGP is installed and you have created a passphrase, the program creates two files, which include pubring.pkr and secring.skr. These are your public and private keys.
  3. Use PGP tools to encrypt a file on your hard drive. You can create a file such as test.txt if you do not want to use an existing file.
  4. Now that you have encrypted a file, how secure is it? It should be secure given that you used a strong passphrase.
  5. What is the most vulnerable part of PGP? What is the easiest way an attacker could gain access to your encrypted file? If an attacker can steal the secring.skr file, there is no need for him to attempt to crack the file, as he has the passphrase.

12.3 Using a Steganographic Tool to Hide a Message

In this exercise, you will use a tool to hide information with a SPAM email. The tool is SPAM Mimic.

Estimated Time: 5 minutes.

  1. SPAM Mimic is a tool that can be used to hide a message inside a SPAM message. It can be found at http://www.spammimic.com.
  2. After you're on the site, enter a short message into the SPAM Mimic program.
  3. Within a few seconds, it will convert your message into an unrecognizable SPAM message. You could not send this message to the recipient.
  4. To decode the message, just load it back into the SPAM Mimic decoder to see the results revealed.

Exam Prep Questions

1.

This symmetric encryption is considered weak, as the same cleartext input will produce the same ciphertext output.

A. DES CBC

B. MD5

C. DES ECB

D. Diffie-Hellman

2.

Which of the following can be used to provide confidentiality and integrity?

A. Steganography

B. Asymmetric encryption

C. A hash

D. Symmetric encryption

3.

Jake has just been given a new hacking tool by an old acquaintance. Before he installs it, he would like to make sure that it is legitimate. Which of the following is the best approach?

A. Ask his friend to provide him with the digital certificate of the tools creator.

B. Ask his friend to provide him with a digital certificate.

C. Load the tool and watch it closely to see if it behaves normally.

D. Compare the tool's hash value to the one found on the vendor's website.

   
4.

Diskprobe can be used for which of the following tasks?

A. Spoofing a PKI certificate

B. Recovery of the last EFS encrypted file

C. Recovery of a entire folder of EFS encrypted files

D. Cracking an MD5 hash

5.

Which of the following is not correct about the registration authority?

A. The RA can accept requests.

B. The RA can take some of the load off the CA.

C. The RA can issue certificates.

D. The RA can verify identities.

6.

Ginny has a co-worker's WinZip file with several locked documents that are encrypted, and she would like to hack it. Ginny also has one of the lock files in its unencrypted state. What's the best method to proceed?

A. Ciphertext only attack

B. Known plaintext attack

C. Chosen ciphertext attack

D. Reply attack

7.

You have become worried that one of your co-workers accessed your computer while you were on break and copied the secring.skr file. What would that mean?

A. Your Windows logon passwords have been stolen.

B. Your Linux password has been stolen.

C. Your PGP secret key has been stolen.

D. Nothing. That is a bogus file.

8.

Which of the following is a symmetric algorithm?

A. El Gamal

B. Diffie-Hillman

C. ECC

D. Rijindael

   
9.

What is the key length of 3DES?

A. 192 bit

B. 168 bit

C. 64 bit

D. 56 bit

10.

Which of the following binds a user's identity to a public key?

A. Digital signature

B. Hash value

C. Private key

D. Digital certificate

11.

George has been sniffing the encrypted traffic between Bill and Al. He has noticed an increase in traffic and believes the two are planning a new venture. What is the name of this form of attack?

A. Inference attack

B. Ciphertext attack

C. Chosen ciphertext attack

D. Replay attack

12.

How many bits of plaintext can DES process at a time?

A. 192 bit

B. 168 bit

C. 64 bit

D. 56 bit

13.

What are collisions?

A. When two cleartext inputs are fed into an asymmetric algorithm and produce the same encrypted output.

B. When two messages produce the same digest or hash value.

C. When two clear text inputs are fed into a symmetric algorithm and produce the same encrypted output.

D. When a steganographic program produces two images that look the same, except that one has text hidden in it.

   
14.

While shoulder surfing some co-workers, you noticed one executing the following command: ./john /etc/shadow. What is the co-worker attempting to do?

A. Crack the users PGP public key

B. Crack the users PGP secret key

C. Crack the password file

D. Crack an EFS file

15.

How long is the DES encryption key?

A. 32 bit

B. 56 bit

C. 64 bit

D. 128 bit

Answers to Exam Questions

A1:

1. C. With DES electronic code book (ECB), the identical plaintext encrypted with the same key will always produce the same ciphertext. Answer A is incorrect because DES cipher block chaining is considered more secure, as it chains the blocks together. Answer B is incorrect because MD5 is a hashing algorithm. Answer D is incorrect, as Diffie-Hellman is an asymmetric algorithm.

A2:

2. B. Asymmetric encryption can provide users both confidentiality and authentication. Authentication is typically provided through digital certificates and digital signatures. Answer A is incorrect because steganography is used for file hiding and provides a means to hide information in the whitespace of a document, a sound file, or a graphic. Answer C is incorrect, as it can provide integrity but not confidentiality. Answer D is incorrect because symmetric encryption only provides confidentiality.

A3:

3. D. Jake should compare the tools hash value to the one found on the vendor's website. Answer A is incorrect, as having a copy of the vendor's digital certificate only proves the identity of the vendor; it does not verify the validity of the tool. Answer B is incorrect because having the digital certificate of his friend says nothing about the tool. Digital certificates are used to verify identity, not the validity of the file. Answer C is incorrect and the worst possible answer because loading the tool could produce any number of results, especially if the tool has been Trojaned.

A4:

4. B. When a standalone file is encrypted with EFS, a temp file is created named efs0.tmp. Diskprobe or a hex editor can be used to recover that file. All other answers are incorrect because Diskprobe is not used for spoofing a PKI certificate; it can only recover the last file encrypted, not an entire folder of encrypted files. Diskprobe is not used to crack an MD5 hash.

   
A5:

5. C. Because the question asks what the RA cannot do, the correct answer is that RA cannot generate a certificate. All other answers are incorrect, as they are functions the RA can provide, including reducing the load on the CA, verifying an owner's identity, and passing along the information to the CA for certificate generation.

A6:

6. B. The known plaintext attack requires the hacker to have both the plaintext and ciphertext of one or more messages. For example, if a WinZip file is encrypted and the hacker can find one of the files in its non-encrypted state, the two form plaintext and ciphertext. Together, these two items can be used to extract the cryptographic key and recover the remaining encrypted, zipped files. Answer A is incorrect, as ciphertext attacks don't require the hacker to have the plaintext; they require a hacker to obtain encrypted messages that have been encrypted using the same encryption algorithm. Answer C is incorrect because a chosen ciphertext occurs when a hacker can choose the ciphertext to be decrypted and can then analyze the plaintext output of the event. Answer D is incorrect, as an attack occurs when the attacker tries to repeat or delay a cryptographic transmission.

A7:

7. C. The secring.skr file contains the PGP secret key. PGP is regarded as secure because a strong passphrase is used and the secret key is protected. The easiest way to break into an unbreakable box is with the key. Therefore, anyone who wants to attack the system will attempt to retrieve the secring.skr file before attempting to crack PGP itself. Answer A is incorrect, as the Windows passwords are kept in the SAM file. Answer B is incorrect because Linux passwords are generally kept in the passwd or shadow file. Answer D is incorrect, as secring.skr is a real file and holds the user's PGP secret key.

A8:

8. D. Examples of symmetric algorithms include DES, 3DES, and Rijindael. All other answers are incorrect because El Gamal, ECC, and Diffie-Helman are all asymmetric algorithms.

A9:

9. B. 3DES has a key length of 168 bits. Answer A is incorrect because 3DES does not have a key length of 192 bits. Answer C is incorrect because 3DES does not have a key length of 64 bits. Answer D is incorrect because 56 bits is the length of DES not 3DES.

A10:

10. D. A digital certificate binds a user's identity to a public key. Answers A, B, and C are incorrect because a digital signature is electronic and not a written signature. A hash value is used to verify integrity, and a private key is not shared and does not bind a user's identity to a public key.

A11:

11. A. An inference attack involves taking bits of non-secret information, such as the flow of traffic, and making certain assumptions from noticeable changes. Answer B is incorrect, as ciphertext attacks don't require the hacker to have the plaintext; they require a hacker to obtain messages that have been encrypted using the same encryption algorithm. Answer C is incorrect because a chosen ciphertext occurs when a hacker can choose the ciphertext to be decrypted and then analyze the plaintext output of the event. Answer D is incorrect, as an attack occurs when the attacker tries to repeat or delay a cryptographic transmission.

A12:

12. C. DES processes 64 bits of plaintext at a time. Answer A is incorrect, as 192 bits is not correct. Answer B is incorrect, but it does specify the key length of 3DES. Answer D is incorrect, as 56 bits is the key length of DES.

   
A13:

13. B. Collisions occur when two message digests produce the same hash value. This is a highly undesirable event and was proven with MD5 in 2005 when two X.509 certificates were created with the same MD5sum in just a few hours. Answer A is incorrect because collisions address hashing algorithms, not asymmetric encryption. Answer C is incorrect, as collisions address hashing algorithms, not symmetric encryption. Answer D is incorrect, as the goal of steganography is to produce two images that look almost identical, yet text is hidden in one.

A14:

14. C. John is a password cracking tool available for Linux and Windows. Answer A is incorrect, as John is not used to crack PGP public keys. Also, because the key is public, there would be no reason to attempt a crack. Answer B is incorrect, as John is not a PGP cracking tool. Answer D is incorrect because John is not used to crack EFS files.

A15:

15. B. DES uses a 56-bit key, whereas the remaining eight bits are used for parity. Answer A is incorrect as 32 bits is not the length of the DES key. Answer C is incorrect as 64 bits is not the length of the DES key, as eight bits are used for parity. Answer D is incorrect as 128 bits is not the length of the DES key; it is 56 bits.

Suggested Reading and Resources

www.youdzone.com/signature.htmlDigital /signatures

www.spammimic.com/encode.cgiSPAM steganographic tool

www.howstuffworks.com/carnivore.htmCarnivore

www.eff.org/Privacy/Crypto/Crypto_misc/DESCrackerCracking DES

www.ciscopress.com/articles/article.asp?p=369221&seqNum=4&rl=1Components of WPA

www.e-government.govt.nz/see/pki/attack-scenarios.asp50 ways to attack PKI

http://axion.physics.ubc.ca/pgp-attack.htmlCracking PGP

www.pgpi.org/doc/pgpintroPublic key encryption

Physical Security and Social Engineering

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net