This document provides an overview of stream ciphers and their vulnerabilities. It discusses how stream ciphers work by generating a keystream from a key and initialization vector (IV) that is XOR'd with the plaintext. Key reuse is a major vulnerability as it allows an attacker to recover plaintext if they have multiple ciphertexts encrypted with the same key. The document also discusses weaknesses of deterministic pseudorandom number generators and the importance of using cryptographically secure PRNGs and long random IVs to prevent key reuse attacks against stream ciphers. It provides an example of how statistical analysis and differential cryptanalysis can exploit these weaknesses.
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
A lecture for a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
A lecture for a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
The JVM memory model describes how threads in the Java eco-system interact through memory. While the memory model impact on developing for the JVM may not be obvious, it is the cause for certain number of "anomalies" that are, well, by design.
In this presentation we will explore the aspects of the memory model, including things like reordering of instructions, volatile members, monitors, atomics and JIT.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
We show that it is possible to write remote stack buffer overflow exploits without possessing a copy of the target binary or source code, against services that restart after a crash. This makes it possible to hack proprietary closed-binary services, or open-source servers manually compiled and installed from source where the binary remains unknown to the attacker. Traditional techniques are usually paired against a particular binary and distribution where the hacker knows the location of useful gadgets for Return Oriented Programming (ROP). Our Blind ROP (BROP) attack instead remotely finds enough ROP gadgets to perform a write system call and transfers the vulnerable binary over the network, after which an exploit can be completed using known techniques. This is accomplished by leaking a single bit of information based on whether a process crashed or not when given a particular input string. BROP requires a stack vulnerability and a service that restarts after a crash. The attack works against modern 64-bit Linux with address space layout randomization (ASLR), no-execute page protection (NX) and stack canaries.
Padding oracle attacks are a class of relatively misunderstood attacks. Whilst they are generally well understood on the theoretical side, there practical impact is generally less clear. The talk will take a tour of padding oracle attacks, from discovery to remediation through exploitation.
It will focus mostly on the Bleichenbacher attack on PKCS1 padding, but will take a detour through the better understood PKCS7 attack on CBC mode if time permits.
I will present a tool I have written to exploit Bleichenbacher type attacks.
The JVM memory model describes how threads in the Java eco-system interact through memory. While the memory model impact on developing for the JVM may not be obvious, it is the cause for certain number of "anomalies" that are, well, by design.
In this presentation we will explore the aspects of the memory model, including things like reordering of instructions, volatile members, monitors, atomics and JIT.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
We show that it is possible to write remote stack buffer overflow exploits without possessing a copy of the target binary or source code, against services that restart after a crash. This makes it possible to hack proprietary closed-binary services, or open-source servers manually compiled and installed from source where the binary remains unknown to the attacker. Traditional techniques are usually paired against a particular binary and distribution where the hacker knows the location of useful gadgets for Return Oriented Programming (ROP). Our Blind ROP (BROP) attack instead remotely finds enough ROP gadgets to perform a write system call and transfers the vulnerable binary over the network, after which an exploit can be completed using known techniques. This is accomplished by leaking a single bit of information based on whether a process crashed or not when given a particular input string. BROP requires a stack vulnerability and a service that restarts after a crash. The attack works against modern 64-bit Linux with address space layout randomization (ASLR), no-execute page protection (NX) and stack canaries.
Padding oracle attacks are a class of relatively misunderstood attacks. Whilst they are generally well understood on the theoretical side, there practical impact is generally less clear. The talk will take a tour of padding oracle attacks, from discovery to remediation through exploitation.
It will focus mostly on the Bleichenbacher attack on PKCS1 padding, but will take a detour through the better understood PKCS7 attack on CBC mode if time permits.
I will present a tool I have written to exploit Bleichenbacher type attacks.
Hash Functions, the MD5 Algorithm and the Future (SHA-3)Dylan Field
This was filmed at the Sonoma State University mathematics colloquium on November 5th, 2008. In the talk, Dylan speaks about hash functions, their applications and attacks on them. He specifically focuses on the design of the MD5 algorithm. Dylan also gives a preview of what is in store for the future of hashes- the SHA-3 competition put on by the NIST. For a video of this presentation, visit http://www.vimeo.com/2409021
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
How can a digital marketing consultant help your business? In this resource we'll count the ways. 24 additional marketing resources are bundled for free.
A lecture at CCSF (updated 8-27-2020)
More info: https://samsclass.info/141/141_F20.shtml
Based on Serious Cryptography: A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson
these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slides include software project managment. these slide
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
2. Intro
•Why do I need to learn about Crypto generally?
• It’s often used to create Cookies, hidden parameters
• To do TLS the right way
• For hashes and data integrity checks
• Password and sensitive info storage
• To have more marketable skills during an interview
•To whom is this useful?
• Devs, QA, anyone interested in security and crypto
•What do I need to understand this?
• School math knowledge
• Desire to learn
3. Overview
•Symmetric encryption
• Stream ciphers
• Block ciphers
• Modes of operation
•Cryptographic hash
• Key derivation
• Authenticated Encryption, AEAD
•Asymmetric encryption
•Conclusions and best practices
5. Symmetric Crypto basics
•To Encrypt is to take Plaintext, key and convert
them into Ciphertext: C = E(P, k)
•To Decrypt is to take Ciphertext, key and convert
them back into Plaintext: P = D(C, k)
•An attacker must, ideally, try (bruteforce) all
possible keys – for 256 bit key – 1077 combinations
7. Symmetric Crypto basics
•OK, what’s a cryptographic attack?
• Anything better than bruteforce
•What’s a practical attack?
• Any attack an adversary with best technology available
can conduct in “reasonable” amount of time
• “reasonable” is determined based on how long the plaintext keeps it’s
value
• Normally, due to exponential nature of cryptanalytic difficulty, attacks
are either impossible or very much possible
8. Symmetric Crypto basics
Main cryptanalytic methods, at a glance
•Known plaintext
•Chosen plaintext (encryption oracles)
•Chosen ciphertext (decryption oracles, bit
flipping)
•Statistical cryptanalysis
•Differential cryptanalysis
•Side-channel attacks
11. Symmetric Crypto basics
XOR ⊕ Refresher
1. A ⊕ A = 0
2. A ⊕ 0 = A
3. A ⊕ B = B ⊕ A (commutativity)
4. A ⊕ ( B ⊕ C ) = ( A ⊕ B) ⊕ C (associativity)
5. Let K ⊕ M = C , then:
C ⊕ K = K ⊕ M ⊕ K = K ⊕ K ⊕ M = 0 ⊕ M = M
12. Stream ciphers
•Historic stream cipher example – One-time Pads
• Sender and Receiver must have identical Pads
• Pads fully filled with random data
• Sender computes Message ⊕ Pad and sends result
• Receiver does Ciphertext ⊕ Pad to get Message
•One-time Pads are mathematically proven to be
unbreakable! YAY! VICTORY! Let’s all go home now.
14. Stream ciphers
•Historic stream cipher example – One-time Pads
• Sender and Receiver must have identical Pads
• Pads fully filled with random data
• Sender computes Message ⊕ Pad and sends result
• Receiver does Ciphertext ⊕ Pad to get Message
•One-time Pads are mathematically proven to be
unbreakable! YAY! VICTORY! Let’s all go home now.
•Cons? One-time Pads are horribly impractical
• And unbreakable, well… Only as long as Pads’ data is
truly random and they are never used twice
15. Stream ciphers
•Modern electronic Stream Ciphers
• Were inspired by One-time pads
• Have almost all of their problems + some more!
• Derive high entropy Key from Passphrase
• Generate Keystream via a PRNG algorithm from Key
• It’s output is effectively used instead of one-time pads
• Employ Initialization Vectors - transmitted in cleartext
• They are mixed with the Key to avoid key reuse (pad reuse)
16. Stream ciphers
Basic vulnerabilities: bit flipping
•With Steam Ciphers, a flipped bit in the Ciphertext
ALWAYS results in a flipped bit in the Plaintext
•Having only a Ciphertext, an attacker can make it
say ANYTHING when decrypted!
• Needs to know the target position in the plaintext
• How? E.g. via reverse engineering the app or Crib-dragging
•Requires no knowledge of the encryption key
•Every stream cipher is vulnerable to it!
17. Stream ciphers
Basic vulnerabilities: bit flipping example
•Given: an encrypted cookie with data like
…&user=john.doe&admin=0&…
•Whose encrypted bytes in binary look like
…10010011 11011001 01101000…
•A flip of only 1 bit of ciphertext is necessary
…10010011 11011000 01101000…
•To make the decrypted plaintext say
…&user=john.doe&admin=1&…
18. Stream ciphers
Basic vulnerabilities: key reuse
What’s so terrible about key (pad) reuse?
•So we have 2 plaintexts P1 and P2, and we encrypt
them separately under the same Key, IV pair:
C1=P1⊕F(Key,IV)
C2=P2⊕F(Key,IV)
When attacker intercepts them, he can then
compute:
C1⊕C2=P1⊕P2
•“Oh, please! How bad could that possibly be?..”
20. Stream ciphers
Basic vulnerabilities: key reuse
•Edge case: if one of the plaintexts, e.g. P1, is known,
restoring the other one is trivial
C1⊕C2⊕P1 = (P1⊕K)⊕(P2⊕K)⊕P1 = 0⊕P2 = P2
•Edge case: if a portion of Plaintext is known, the
Keystream in corresponding position is revealed
C = P⊕E(Key,IV) C⊕P = E(Key,IV)
• Now, having the Keystream at some position, we can
decrypt data at that position from ALL other ciphertexts
• We can also change and re-encrypt any data there
21. Stream ciphers
Basic vulnerabilities: Why does key reuse happen?
•No IV is used
•Static IV
• For example, the encryption key itself
• Or a hash of the password – good entropy, still useless
•Very short IV
• E.g. WEP had a 24 bit IV == 16777216 values
• Birthday paradox - in 4096 packets IV is reused with P=0.5
• Birthday paradox??
22. Stream ciphers
Birthday paradox
• For what number of people, the chances that two of them
share a birthday are 50-50?
• 𝑛 ≈ 2𝑚 × 𝑝 𝑛 → 2 × 224 × 0.5 = 212 = 4096
23. Stream ciphers
Basic vulnerabilities: Why does key reuse happen?
•Bad IV
• Caused by bad random
• Specifically, where a PRNG is used instead of CSPRNG
• “Oh please, what’s the difference?”
27. Stream ciphers: random
Hacking Java’s Random(): predicting the future
•Linear Congruential PRNG:
seed = (seed * multiplier + addend) mod (2 ^ precision)
• Has 48 bits of state, but discloses only 32 at a time e.g. nextInt()
• The remaining 16 bits are easily bruteforcible on modern PCs:
28. Stream ciphers: random
Hacking Java’s Random(): peeking into the past
• Long story short, one bit at a time we unwind the changes a
previous seed would’ve had on the current number
• And can do so recursively as far back as we wish
29. Stream ciphers
Case-study
•Used a circular XOR cipher
• Meaning, “keystream”, the passphrase, was reused
• Well, not exactly XOR operation but close enough
•With a hardcoded key
• That had barely any entropy
•Without an IV
•All this made it vulnerable to every kind of attack
30. Stream ciphers
Case-study
Differential Cryptanalysis via chosen plaintext attack
1. ‘aaaaa’ user session cookie, first 10 “bytes” :
131!167!208!205!204!194!184!192!164!124!...
2. ‘bbbbb’ user session cookie:
131!167!209!206!205!195!185!192!164!124!...
3. This is basically an “encryption” oracle
4. From this, we can already deduce the
“keystream”
5. But it’s revealed clearly if we use ‘0’ for
username
6. But what if we couldn’t control the plaintext?..
31. Stream ciphers
Case-study
Statistical analysis
• Only the end part of cookies changed between sessions
• We can already see what’s encrypted here
• Now just bruteforce 1 byte for each column
• Voila! We have our keystream symbol!
32. Stream ciphers
So, how to do it right?
•NEVER be clever and invent your own crypto!
•Use well-known Crypto suits, e.g. Bouncy Castle
•Never use a vulnerable cipher! E.g., RC4
• Instead, go for ChaCha20 – no known attacks
•When you’re asked for an IV, get it from CSPRNG!
• And make it LOOOOONG
•Never use the Passphrase as the Key!
• Instead, google how to use PBKDF2 from RFC 2898