SlideShare a Scribd company logo

comp security lab.ppsx

Download as PPSX, PDF
D
DesuWajana

the cosc lab ppt to computer science students

Technology
1 of 19
• Lab 1: Installing and configuring OpenSSL • Lab 2: Introduction and commands used in openSSL • Lab 3: Encryption using conventional algorithms • Lab 4: Symmetric encryption with OpenSSL • Lab 5: Encrypting file using RSA • Lab 6: Asymmetric encryption with OpenSSL
• Run OpenSSL Installer • using CMD paste the following command • set OPENSSL_CONF=C:Program FilesOpenSSL-Win64binopenssl.cfg • set Path=%Path%;C:Program FilesOpenSSL-Win64bin
First steps • Open cmd and type openssl • For commands: type help • description of some commands  ca To create certificate authorities.  dgst To compute hash functions.  enc To encrypt/decrypt using secret key algorithms. It is possible to generate using a password or directly a secret key stored in a file.  genrsa This command permits to generate a pair of public/private key for the RSA algorithm.  password Generation of “hashed passwords”.  rsa RSA data management.  rsautl To encrypt/decrypt or sign/verify signature with RSA.
AES cipher-commands • cipher-commands • aes-128-cbc • aes-128-ecb • aes-192-cbc • aes-192-ecb • aes-256-cbc • aes-256-ecb • base64 • Cbc stands for Cipher Blocker Chaining • Ecb stands for Electronic Codebook
example • Let us create text document named TEST.txt • Write the message that you want To encrpt the test.txt • Open cmd write openssl >enter • Openssl enc -aes-256-ecb -a -salt -in TEST.txt - out cipher.txt • Enter password and verify it
To decrypt • enc -d -aes-256-ecb -a -salt -in cipher.txt -out plain.txt • Enter the pass word that entered before • Done
• Conventional Encryption involves transforming plaintext messages into cipher text messages that are to be decrypted only by the intended receiver. Both sender and receiver agree upon a secrete key to be used in encrypting and decrypting. Usually the secrete key is transmitted via public key encryption methods. .
• Triple DES(Data Encryption Standard) Encryption: • RSA Encryption. ... • Advanced Encryption Standards (AES) • Twofish encryption algorithm. • Blowfish encryption algorithm. • IDEA encryption algorithm. • MD5 encryption algorithm. • HMAC encryption algorithm etc
• Symmetric encryption is a means of protecting data using a secret key to encrypt (lock) and decrypt (unlock) it. • The sender and recipient share the key or password to gain access to the information. • AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption.
• Asymmetric encryption is also a process of encrypting data between two parties — but instead of using a single key (as with conventional cryptographic systems), • it uses two unique yet mathematically related keys to do so. • The first key, known as the public key, encrypts your data before sending it over the internet; the other private key decrypts the data on the recipient’s end of the exchange.
• GENERATING A RSA PRIVATE KEY • Openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem • TO GENERATE A PASSWORD PROTECTED PRIVATE KEY Openssl genpkey -aes256 -algorithm RSA -pkeyopt r • sa_keygen_bits:2048 -out private-key.pem
• Openssl> pkey -in private-key.pem -out public- key.pem –pubout • TO SEE THE PUBLIC KEY • Openssl> pkey -in public-key.pem -pubin –text
• example, I will be hashing an arbitrary file on my system using the MD5, SHA1, and SHA384 algorithms. • OpenSSL dgst -md5 use.mp4 • OpenSSL dgst -sha1 use.mp4 • OpenSSL dgst -sha384 use.mp4 Encrypting video file • Openssl enc -aes-256-cbc -e -iter 1000 -salt -in use.mp4 -out unuse.enc
• Openssl enc -aes-256-cbc -d -iter 1000 -in unuse.enc -out prime.mp4
Hashing vs Encryption Differences • Hashing is a digital signature orignally designed to check if data was modified Password hashing is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function which is practically infeasible to invert or reverse the computation
Cracking • Cracking file passwords using passfab • Cracking windows passwords using usb • Cracking rar passwords using kraken

Recommended

Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
Computer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdfComputer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdfDebebeKebede
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Pulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterPulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterShivji Kumar Jha
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting DataRed Gate Software
 

Recommended

Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
Computer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdfComputer Security Laboratory Manual .pdf
Computer Security Laboratory Manual .pdfDebebeKebede
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Pulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterPulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterShivji Kumar Jha
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting DataRed Gate Software
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityssuserec53e73
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labDeploy360 Programme (Internet Society)
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptographyErik LaBianca
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptxGebrehanaAlemaw
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptxHabtamuHaileMichael2
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化Taro Matsuzawa
 
Information Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric VanderburgInformation Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric VanderburgEric Vanderburg
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1AsrithaKorupolu
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
Risk Management for Data: Secured and Governed
Risk Management for Data: Secured and GovernedRisk Management for Data: Secured and Governed
Risk Management for Data: Secured and GovernedCloudera, Inc.
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
RSA APJ Velociraptor Lab
RSA APJ Velociraptor LabRSA APJ Velociraptor Lab
RSA APJ Velociraptor LabVelocidex Enterprises
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

More Related Content

Similar to comp security lab.ppsx

OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityssuserec53e73
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化Taro Matsuzawa
 
Information Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric VanderburgInformation Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric VanderburgEric Vanderburg
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1AsrithaKorupolu
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
Risk Management for Data: Secured and Governed
Risk Management for Data: Secured and GovernedRisk Management for Data: Secured and Governed
Risk Management for Data: Secured and GovernedCloudera, Inc.
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 

Similar to comp security lab.ppsx (20)

OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber security
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
 
Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptx
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptx
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloud
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
 
Information Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric VanderburgInformation Security Lesson 8 - Cryptography - Eric Vanderburg
Information Security Lesson 8 - Cryptography - Eric Vanderburg
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
Risk Management for Data: Secured and Governed
Risk Management for Data: Secured and GovernedRisk Management for Data: Secured and Governed
Risk Management for Data: Secured and Governed
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
RSA APJ Velociraptor Lab
RSA APJ Velociraptor LabRSA APJ Velociraptor Lab
RSA APJ Velociraptor Lab
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

comp security lab.ppsx

  • 1.
  • 2. • Lab 1: Installing and configuring OpenSSL • Lab 2: Introduction and commands used in openSSL • Lab 3: Encryption using conventional algorithms • Lab 4: Symmetric encryption with OpenSSL • Lab 5: Encrypting file using RSA • Lab 6: Asymmetric encryption with OpenSSL
  • 3. • Run OpenSSL Installer • using CMD paste the following command • set OPENSSL_CONF=C:Program FilesOpenSSL-Win64binopenssl.cfg • set Path=%Path%;C:Program FilesOpenSSL-Win64bin
  • 4. First steps • Open cmd and type openssl • For commands: type help • description of some commands  ca To create certificate authorities.  dgst To compute hash functions.  enc To encrypt/decrypt using secret key algorithms. It is possible to generate using a password or directly a secret key stored in a file.  genrsa This command permits to generate a pair of public/private key for the RSA algorithm.  password Generation of “hashed passwords”.  rsa RSA data management.  rsautl To encrypt/decrypt or sign/verify signature with RSA.
  • 5. AES cipher-commands • cipher-commands • aes-128-cbc • aes-128-ecb • aes-192-cbc • aes-192-ecb • aes-256-cbc • aes-256-ecb • base64 • Cbc stands for Cipher Blocker Chaining • Ecb stands for Electronic Codebook
  • 6. example • Let us create text document named TEST.txt • Write the message that you want To encrpt the test.txt • Open cmd write openssl >enter • Openssl enc -aes-256-ecb -a -salt -in TEST.txt - out cipher.txt • Enter password and verify it
  • 7. To decrypt • enc -d -aes-256-ecb -a -salt -in cipher.txt -out plain.txt • Enter the pass word that entered before • Done
  • 8. • Conventional Encryption involves transforming plaintext messages into cipher text messages that are to be decrypted only by the intended receiver. Both sender and receiver agree upon a secrete key to be used in encrypting and decrypting. Usually the secrete key is transmitted via public key encryption methods. .
  • 9. • Triple DES(Data Encryption Standard) Encryption: • RSA Encryption. ... • Advanced Encryption Standards (AES) • Twofish encryption algorithm. • Blowfish encryption algorithm. • IDEA encryption algorithm. • MD5 encryption algorithm. • HMAC encryption algorithm etc
  • 10. • Symmetric encryption is a means of protecting data using a secret key to encrypt (lock) and decrypt (unlock) it. • The sender and recipient share the key or password to gain access to the information. • AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption.
  • 11.
  • 12. • Asymmetric encryption is also a process of encrypting data between two parties — but instead of using a single key (as with conventional cryptographic systems), • it uses two unique yet mathematically related keys to do so. • The first key, known as the public key, encrypts your data before sending it over the internet; the other private key decrypts the data on the recipient’s end of the exchange.
  • 13.
  • 14. • GENERATING A RSA PRIVATE KEY • Openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem • TO GENERATE A PASSWORD PROTECTED PRIVATE KEY Openssl genpkey -aes256 -algorithm RSA -pkeyopt r • sa_keygen_bits:2048 -out private-key.pem
  • 15. • Openssl> pkey -in private-key.pem -out public- key.pem –pubout • TO SEE THE PUBLIC KEY • Openssl> pkey -in public-key.pem -pubin –text
  • 16. • example, I will be hashing an arbitrary file on my system using the MD5, SHA1, and SHA384 algorithms. • OpenSSL dgst -md5 use.mp4 • OpenSSL dgst -sha1 use.mp4 • OpenSSL dgst -sha384 use.mp4 Encrypting video file • Openssl enc -aes-256-cbc -e -iter 1000 -salt -in use.mp4 -out unuse.enc
  • 17. • Openssl enc -aes-256-cbc -d -iter 1000 -in unuse.enc -out prime.mp4
  • 18. Hashing vs Encryption Differences • Hashing is a digital signature orignally designed to check if data was modified Password hashing is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function which is practically infeasible to invert or reverse the computation
  • 19. Cracking • Cracking file passwords using passfab • Cracking windows passwords using usb • Cracking rar passwords using kraken