Questions about this topic? Sign up to ask in the talk tab.


From NetSec
Jump to: navigation, search


Cryptography is the study of secure storage of information and communication.


One-way encryption was originally designed to solve the "login prompt" problem. When older operating systems first made their way to the public market, passwords were often stored in plaintext or easily reversible encoding. The LM (not to be confused with NTLM, circa 1995) algorithm, for example, was a 7 Byte xor encoding method which could be reversed using pencil and paper if a calculator couldn't be found. Given physical access to a machine, or even network access, an attacker could quickly reproduce the password for log-in. And thus, one-way hashing came about. Enter /encryption/ rather than /encoding/. While encoding can be reversed using pencil and paper in many cases, encryption works on a different level. Encoding requires only that something have the ability to read the 'code', whereas encryption requires a unique addition to the encrypted data in order to make the data readable. Most modern encryption uses what are called bitwise instructions. Bits can be rotated or shifted by these algorithms. One way hashing uses rotation and shifting to an extent that if you encrypt "password", and then run the algorithm backwards against the "hash" that is generated by the algorithm, it will not come back as "password". But, if you encrypt "password" again, the hash will be the same. Modern applications will hash the user's input, then compare the hashed input to the password hash stored in a database. By comparing the two hashes, a decision about whether or not to let the user log-in can be reached.


Salting is used to further add security to a hash. For example, say your username is "admin" and your password is "password". The encryption algorithm may add the last three letters of your username to the end of the password before hashing it, ultimately changing the hash. The salt could be taken from the username, the password, some combination thereof, or from a part of the hashed username, etc. It is at the programmer's discretion and makes cracking encryption a bit more difficult.

Type of encryption

There are generally two types of encryption: symmetric and asymmetric. Symmetric encryption relies on a single key, while asymmetric encryption relies on a "private" and "public" key pair. In symmetric encryption, the key is used both to encrypt and to decrypt the data. In asymmetric encryption, the private key is used to encrypt the data and the public key is used to decrypt the data. This has multiple benefits, including prevention of forgeries. Some types of encryption require multiple key exchanges. For example, the SSH protocol. The server sends the client a public key as does client to the server. Once this is done, a combination of the public key for the client and the private key on the server is used to encrypt the data. When the client receives the data, it uses its own private key as well as the server's public key in order to decrypt it. This ensures that ony the intended recipients of the traffic will be able to read the traffic.

Encryption Attack Methods

Two methods are primarily used when attacking encryption: brute-force, and cryptanalysis. These attacks have vast differences. As an example, we'll take the MD5 algorithm. The MD5 algorithm is quite complex, so we will look at it from a high level. No matter how much data is encrypted into a one-way hash, the hash is always 32 bits in length. Assuming an attacker were to gain a hash for a password, and the password were to be unsalted, an attacker could always write a program to try different combinations of letters and numbers and symbols encrypted through the md5 algorithm until the hash matches. This is called a brute-force attack. Alternatively, there is another type of brute force attack called a hash-lookup attack. If the attacker is seasoned and used to running these types of attacks, s/he may have stored all of the possible hashes in a database. Then when a hash is obtained, the attacker can simply "look up" that hash in the database to determine what value will generate that hash. The third choice is a cryptanalysis attack. In cryptanalysis attacks we realize that an algorithm is nothing more than a vastly complex equation, used to generate (in this case) 32 bits from any amount of data. Knowing that this is the case, does it really matter if the attacker discovers the user's password, as long as the attacker knows some data that can be put through the same equation to generate the same 32 bits? It doesn't. By analyzing the encryption algorithm itself, a weakness can be found. The attacker doesn't need to actually find the user's password. The attacker need only find some data that will come out with the same hash value.

Commandline Tools

Many applications and command line tools are available for encryption. Additionally there are many open libraries that developers can use. Many encryptions have open documentation for developers to write their own implementations as well. Truecrypt and Dmcrypt are two well known applications used for encrypted hard drive partitions. The linux command line tools "md5sum" and "sha1sum" can be used to generate md5 and sha1 hashes from files or from user input. Internet services similar to can be used to encrypt binary files for applications to protect intellectual property. There are many full featured cracking applications as well.

Linux Tools

Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux

A linux command line multiple algorithm password hash cracker

A linux command line ZIP file password cracker

linux command line PDF file password cracker

linux command line wireless password cracker

A linux command line rainbowtable generator

linux command line rainbowtable cracker

A plugin for Pidgin to encrypt your chats!

Windows Tools

A windows utility that attempts to emulate bash. Very handy.

A windows command line rainbowtable generator

A full-featured "swiss army knife" of windows password crackers for many algorithms

A full featured ntlmv2 password cracker for windows log-ins

A remote FTP and HTTP brute forcing tool

A plugin for Pidgin to encrypt your chats!



  • MD6
  • RC4
  • AES
  • DES
  • RSA
  • DSA
  • PGP
  • GPG
  • SSL
  • Anubis
  • Blowfish
  • Twofish
  • Khazad


A hash is a one-way function that produces a X bit ACSII representation of the file that is input. An example would be taking 'file.txt' and running through the 'md5sum' program. The output would be simalar to this: f69170d4bf01f483e4f572bd4fb7b09b file.txt

  • MD5
  • RipeMD
  • Whirlpool
  • SHA


  • CBC
  • CTR
  • ECB