This document discusses Cryptool2, an open-source framework for learning cryptography. Cryptool2 allows users to visually program and analyze cryptographic algorithms. It provides tools to safely experiment with and gain understanding of cryptography, cryptanalysis, and common mistakes. The document recommends Cryptool2 for training and as an introduction to cryptography, as it is free to download and use.

1. Cryptool2
«
the
101
experiments
crypto
lab
»
AppSec
Forum
Western
Switzerland
Rump
Session
–
6
nov
2014
Bruno.Kerouanton.net
@kerouanton
@kerouanton

2. QuesKon
to
the
audience
• Do
you
really
know
Crypto
?
(really,
really?)
• Do
you
want
to
understand
something
?
(or
want
to
impress
your
friends
and
family
during
the
dinner)
• Do
you
like
to
play
safely
with
crypto
?
(and
invent
your
New
Revolu9onnary
Algorithm*)
This
rump-­‐session
is
for
YOU
*
Disclaimer
:
build
at
your
own
risk
@kerouanton

3. Figure
1
:
Bring
Your
Own
Algo
@kerouanton

4. KerSpielWanton™
v0.97b
according
to
my
point
of
Ipv6
view
(mileage
may
vary)
Dhcp
LAN
Minecra`
PoE
DNS
SSA
Wifi
Token
Ring
WAN
WLAN
BOOT
ARP
BCP
DRP
ATM
FTP
HTTP
HTTPS
SSL
TLS
PKI
ü DAN
ü CAN
ü SAN
ü LAN
ü WAN
ü PADAWAN
ü MAN
ü SUPERMAN
ü PYROMAN
ü WLAN
ü CPU
ü FPGA
ü ASIC
ü BASIC
ü SSL
TLS
ü PKI
ü Saas-­‐Daas-­‐Paas
Iaas-­‐Wazaa
ü Ipv6,7,8
ü FcIP
ü WP
ü IoT
ü VoIP
ü ConfidenKality
ü Availability
ü Integrity
ü AuthenKcity
ü Audacity
ü SimCity
ü Brute-­‐force
Resistance
–
n!
>>
2^n
ü Use
the
Brute-­‐Force,
Luke
ü Non-­‐weakest
link
ü Non-­‐predicKble
key
ü Non-­‐sequenKal
ü Syntaxic
break
ü SemanKc
break
ü Byte
<>
Octet
ü Asynchronous
ü OmniChannellity
ü Ubiquity
ü Flow
ü File
ü Disk
ü Symetric
cryptography
ü ?
Asymetric
cryptography
ü Biometric
calligraphy
ü Discardable
Mask
(Verr-­‐Num)
ü BCP
ü DRP
ü HP
ü Key
&
Quantum
ü InformaKon
&
IP
ü Work
&
CollaboraKon
ü ?
Clear
text
anack
ü ?
Apparented
key
anack
è
ASFWS-­‐14
ü Mask
same
size
as
text
ü Random
mask
ü One-­‐use
mask
ü Anonymous
masks
ü AbsoluKvity
according
to
John
Lennon
&
Shannon
ü IncondiKonnally
safe
&
lucridiously
insane
speed
@kerouanton

5. Back
to
serious
play
:
What
is
Cryptool
?
• Open-­‐Source
Framework
for
crypto
learning
• Cryptool1
:
not
maintained
anymore,
but
sKll
useful
in
some
cases.
• Cryptool2
:
.NET4
h1p://www.cryptool.org
Free
to
download,
just
run
and
play
@kerouanton

6. Cryptool2
• Modern
Plug-­‐n-­‐Play
interface
• Visual
Programming
• VisualizaKon
of
Algorithms
• Comprehensive
Cryptanalysis
Diffie-­‐Hellman
Key
Exchange
Very
useful
for
trainings
and
introducKon
to
crypto,
cryptanalysis,
and
understanding
common
crypto
mistakes
@kerouanton

7. Enigma
animaKon
@kerouanton

8. Cryptanalysis
@kerouanton

9. Conclusion
Cryptool2
is
fun
to
use,
to
experiment
and
to
learn
Spread
the
word
!
@kerouanton