Crypto

Crypto¶

Complete List of Cyphers

Small Crypto Lib
Breaking a Toy Hash Function
The Definitive 2019 Guide to Cryptographic Key Sizes and Algorithm Recommendations
Contains tools for solving RSA and other crypto problems in CTFs.

Stenography¶

Python program to stenography files into images using the Least Significant Bit
Aletheia is an open source image steganalysis tool for the detection of hidden messages in images.
Hide any data within a image file or Watermarking image with an invisible signature to detect unauthorized file copying.

Encrypted file system¶

Single User Encrypted Disk Key Generation:

#Stored on Chip
#-----------------------------------------------------------------------------
# user1_stored_verification_salt | user1_stored_derivation_salt | user1_stored_hash | 
#-----------------------------------------------------------------------------
user1_test_hash = HashFunction(user_password + user1_stored_verification_salt)
if(user1_test_hash == user1_stored_hash):
	data_encryption_key = HashFunction(user1_password + user1_stored_key_salt)

Multi User Encrypted Disk Key Generation:

#Stored on Chip
#-----------------------------------------------------------------------------------------------------------------------------------
# user1_stored_verification_salt | user1_stored_derivation_salt | user1_stored_verification_hash | user1_stored_key_encryption_key |
#-----------------------------------------------------------------------------------------------------------------------------------
# user2_stored_verification_salt | user2_stored_derivation_salt | user2_stored_verification_hash | user2_stored_key_encryption_key |
#-----------------------------------------------------------------------------------------------------------------------------------
# stored_encrypted_disk_encryption_key |
#---------------------------------------
user1_test_hash = HashFunction(user1_password + user1_stored_conformation_salt)
if(user1_test_hash == user1_stored_hash):
	user1_symetric_key_encryption_key = HashFunction(user1_password + user1_stored_key_salt)

	decrypted_shared_key = DecryptionFunction(key=user1_symetric_key_encryption_key, input=user1_stored_key_encryption_key)

	data_encryption_key = DecryptionFunction(key=decrypted_shared_key, input=stored_encrypted_disk_encryption_key)

AEAD¶

Authenticated Encryption with Additional Data (AEAD)
https://en.wikipedia.org/wiki/Authenticated_encryption

Encrypt-then-MAC (EtM)
- MAC the encrypted data
- Best Option

Encrypt-and-MAC (E&M)
- Encrypt and concat the mac of the plaintext

MAC-then-Encrypt (MtE)
- Padding oracle attacks

Use AES-GCM, XSalsa20-Poly1305 or AES in CTR mode with a polynomial MAC.

Avoid:
AES-CBC, AES-CTR by itself, block ciphers with 64-bit blocks — most especially Blowfish, which is inexplicably popular, CTR mode. Don’t ever use RC4, which is comically broken.

Symmetric key length¶

• 256 bit keys.

Symmetric “Signatures”¶

• use HMAC

Avoid:
custom “keyed hash” constructions, HMAC-MD5, HMAC-SHA1, complex polynomial MACs, encrypted hashes, CRC.

Hashing algorithm:¶

• Use SHA-512/256

Avoid:
SHA-1, MD5, MD6.

Random IDs¶

• Use 256-bit random numbers. From /dev/urandom.

Avoid:
userspace random number generators, the OpenSSL RNG, havaged, prngd, egd, /dev/random.

Password handling¶

In order of preference, use Argon2id, Scrypt, bcrypt, and then if nothing else is available PBKDF2

Avoid:
SHA-3, naked SHA-2, SHA-1, MD5.

Asymmetric encryption¶

• Use Nacl/libsodium (box / crypto_box). Curve25519
• Don’t use RSA.

Avoid: Systems designed after 2015 that use RSA, RSA-PKCS1v15, ElGamal, I don’t know, Merkle-Hellman knapsacks? Just avoid RSA.

EEC vs RSA¶

Here are several reasons you should stop using RSA and switch to elliptic curve:

RSA (and DH) drag you towards “backwards compatibility” (ie: downgrade-attack compatibility) with insecure systems.
RSA begs implementors to encrypt directly with its public key primitive, which is usually not what you want to do
RSA has too many knobs. In modern curve systems, like Curve25519, everything is pre-set for security.

Asymmetric signatures¶

• Use Nacl or Curve25519.

Avoid:
RSA-PKCS1v15, RSA, ECDSA, DSA; really, especially avoid conventional DSA and ECDSA.

Diffie-Hellman¶

• Probably nothing. Or use Curve25519.

Avoid:
conventional DH, SRP, J-PAKE, handshakes and negotiation, elaborate key negotiation schemes that only use block ciphers, srand(time()).*

Website security¶

• Use AWS ALB/ELB or OpenSSL, with LetsEncrypt

Avoid:
offbeat TLS libraries like PolarSSL, GnuTLS, and MatrixSSL.

Client-server application security¶

Use AWS ALB/ELB or OpenSSL, with LetsEncrypt

Online backups¶

• Tarsnap