The document discusses encryption and certificate management. It describes how certificates expire after a validity period, but can be renewed if the keys are still valid. Certificates can also be revoked for reasons like a user leaving a company or a private key being compromised. A Certificate Revocation List tracks revoked certificates. The document also outlines best practices for backing up keys and setting up a Microsoft Root Certificate Authority.

1. Ethical Hacking
CHAPTER 12 – ENCRYPTION
ERIC VANDERBURG

2. Expiration, Revocation, and
Suspension of Certificates
 A period of validity is assigned to each certificate
 After that date, the certificate expires
 A certificate can be renewed with a new expiration date assigned
 If the keys are still valid and remain uncompromised
 Reasons to suspend or revoke a certificate
 A user leaves the company
 A hardware crash causes a key to be lost
 A private key is compromised

3. Expiration, Revocation, and
Suspension of Certificates
(continued)  Certificate Revocation List (CRL)
 Contains all revoked and suspended certificates
 Issued by CAs
 Suspension of a certificate might be done when one or more parties
fail to honor agreements
 Suspension makes it easier to restore if the parties come to an
agreement at a later date

4. Backing Up Keys
 Backing up keys is critical
 If keys are destroyed and not backed up properly, encrypted business-critical
information might be irretrievable
 The CA is usually responsible for backing up keys
 A key recovery policy is also part of the CA’s responsibility

5. Microsoft Root CA
 Available in Windows Server 2003 and Windows 2000 Server
 Steps for setting up a Microsoft Root CA
 Install the Certificate Services
 Note that after installing this service the name of the domain or
computer cannot change
 Configuring a Windows server as a CA (four options)
 Enterprise root CA
 Enterprise subordinate CA
 Stand-alone root CA
 Stand-alone subordinate CA

6. Microsoft Root CA (continued)
 Steps for setting up a Microsoft Root CA (continued)
 Specify options to generate certificates, including
 Cryptographic Service Provider
 Hash algorithm
 Key length

7. Understanding Cryptographic
Attacks
 Attacks studied so far are passive attacks
 Active attacks attempt to determine the secret key being used to
encrypt plaintext
 Cryptographic algorithms are usually public
 Follows the open-source culture

8. Birthday Attack
 Old adage
 If 23 people are in a room, two will share the same birthday
 Birthday attacks are used to find the same hash value for two
different inputs
 A birthday attack is used to reveal any mathematical
weaknesses in hashing algorithms
 SHA-1 uses a 160-bit key
 Theoretically, it would require 280 computations to break
 SHA-1 has already been broken

9. Mathematical Attacks
 Properties of the algorithm are attacked by using mathematical
computations
 Categories
 Ciphertext-only attack
 The attacker has the ciphertext of several messages but not the plaintext
 Attacker tries to find out the key used to encrypt the messages
 Attacker can capture ciphertext using a sniffer program such as Ethereal or
Tcpdump

10. Mathematical Attacks (continued)
 Categories (continued)
 Known plaintext attack
 The attacker has messages in both encrypted form and decrypted forms
 This attack is easier to perform than the ciphertext-only attack
 Looks for patterns in both plaintext and ciphertext
 Chosen-plaintext attack
 The attacker has access to plaintext and ciphertext
 Attacker has the ability to choose which message to encrypt

11. Mathematical Attacks (continued)
 Categories (continued)
 Chosen-ciphertext attack
 The attacker has access to the ciphertext to be decrypted and to the
resulting plaintext
 Attacker needs access to the cryptosystem to perform this type of attack

12. Brute Force Attack
 An attacker tries to guess passwords by attempting every possible
combination of letters
 Requires lots of time and patience
 Password-cracking program
 John the Ripper

13. Man-in-the-Middle Attack
 Attackers place themselves between the victim computer and
another host computer
 They then intercept messages sent from the victim to the host and
pretend to be the host computer
 This type of attack follows this process
 Gloria sends her public key to Bruce, and you, the attacker, intercept
the key and send Bruce your public key
 Bruce sends Gloria his public key. You intercept this key and send your
public key to Gloria

14. Man-in-the-Middle Attack
(continued)
 This type of attack follows this process (continued)
 Gloria sends an encrypted message to Bruce but uses your key
 You can decrypt the message with your private key
 You reencrypt the message using Bruce’s public key and send it to
Bruce
 Bruce answers Gloria with another encrypted message with your public
key
 You can decrypt the message with your private key
 You reencrypt the message using Gloria’s public key and send it to
Gloria

15. Dictionary Attack
 Attacker uses a dictionary of known words to try to guess passwords
 There are programs that can help attackers run a dictionary attack

16. Replay Attack
 The attacker captures data and attempts to resubmit the
captured data
 The device thinks a legitimate connection is in effect
 If the captured data was logon information, the attacker
could gain access to a system and be authenticated

17. Understanding Password Cracking
 Password cracking is illegal in the United States
 It is legal to crack your own password if you forgot it
 You must first obtain the password file from the system that
stores user names and passwords
 File is stored in the /Etc/Passwd or /Etc/Shadow directory for *NIX
systems
 A dictionary attack can be performed on the file by using
automated programs

18. Understanding Password Cracking
(continued)
 Password cracking programs
 John the Ripper
 Hydra (THC)
 EXPECT
 L0phtcrack
 Pwdump3v2
 Steps for cracking passwords
 Run the Pwdump2 program to get hash values of user accounts
 Perform a brute force attack using John the Ripper

19. Summary
 Cryptography has been in existence since the dawn of
civilization
 Ciphertext: data that has been encrypted
 Cleartext or plaintext: data than can be intercepted and read
by anyone
 Symmetric cryptography: uses one key to encrypt and decrypt
data
 Examples: DES, DEA, 3DES, and AES
 Asymmetric cryptography: uses two keys, one key to encrypt
and another to decrypt data
 Examples: RSA, Elgamal, Diffie-Hellman

20. Summary (continued)
 Digital Signature Standard (DSS): ensures that digital signatures
can be verified
 PGP: free public key encryption program to encrypt e-mail
messages
 Hashing algorithms are used to verify data integrity
 Public key infrastructure (PKI): structure made up of many
different components used to encrypt data
 Digital certificate: binds a public key to information about its
owner
 Issued by a Certificate Authority (CA)

21. Summary (continued)
 Active attacks
 Birthday attacks
 Brute force attacks
 Man-in-the-middle attacks
 Replay attacks
 Dictionary attacks