Crypton – Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from “Capture The Flag" contests and their respective write-ups. Individuals who are already acquainted (or are into CTFs) with this field can use Crypton as a tool to solve challenges based on a particular existing vulnerability.The library will be continuously updated with attack explanations and CTF challenges!WARNING: The author in no way guarantees that the code is secure. The library is only meant for educational purposes and the code should not be used for implementing in real world. All the example scripts in the library are trivial implementations.There are different sections in this README:Motivation- What motivated me to create this libraryLibrary Structure- Directory structure of CryptonDomain Coverage- What all cryptosystems and attacks are covered in this libraryFuture Plans/TODO- Attacks/concepts that are to be included soonMotivationHelp CTF players and individuals interested in the field of Cryptography provide a platform for learning attacks in crypto and for experienced CTF players to practice challenges systematically divided into attacks associated with different sub-domains in crypto. Also, illustrate through various attack explanations how proper implementation of protocols is crucial.Library StructureDomain Coverage1. Block Ciphers S.No. Topic Explanation Impl./Exploit Challenge# 1 Block Cipher Basics- working of block ciphers, padding etc. [link] 2 Modes of Encryption- different modes of operation on block ciphers: ECB, CBC, CTR [link] 3 Block Size Detection- detect blocksize of a block cipher encrypting data on a remote service [link] 4 Mode Detection- detect type of mode of encryption: independent or dependent encryption of blocks [link] 5 ECB Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode [link] [link] 6 CBC IV Detection- detect the value of Initialisation Vector on a remote service that is encrypting our input using a block cipher in CBC mode [link] [link] 7 CBC Bit Flipping Attack- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode [link] [link] 8 CBC Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode [link] [link] 9 CBC Padding Oracle Attack- decryption of data encrypted by a vulnerable service providing encryption/decryption [link] [link] 10 CTR Bit Flipping- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode [link] [link] 2. RSA Encryption S.No. Topic Explanation Impl./Exploit Challenge# 1 Unpadded RSA Enc/Dec- key generation, distribution, encryption/decryption, verification of decryption formula and padding in RSA [link] 2 Direct Root Attack- attack on unpadded RSA with low public key exponent [link] 3 Fermat’s Factorisation- technique used to factor modulus n when p and q values are in proximity [link] [link] [link] 4 Pollard’s p-1 Factorisation- technique to factorise n when both of it’s factors p & q, p-1 and q-1 have very small prime divisors [link] [link] [link] 5 Common Modulus Attack- decrypt ciphertext when it’s corresponding plaintext is encrypted two different times with the same modulus n [link] [link] [link] 6 Common Prime Attack- retrieve factors of moduli n1 and n2 when they have a common factor  [link]  [link] 7 Wiener’s Attack- get value of decryption key exponent d when d < N0.25 [link] [link] [link] 8 Wiener's Attack Variant- get value of decryption key exponent d when d is a few bits greater than N0.25 or d < N0.25 [link]  [link]  [link] 9 Coppersmith's Attack- coppersmith's theorem, attack on stereotyped messages and factoring n with high bits known [link] [link] [link] 10 Franklin Reiter Related Message Attack- attack to retrieve related messages encrypted using the same modulus [link]  [link]  [link] 11 Hastad's Broadcast Attack- with extension- attack to retrieve a message broadcasted among different people, encrypted using same exponent but different moduli  [link] [link]- script needs to be fixed [link] 12 PKCS1-v1.5-Padded-RSA-Encryption/Decryption- ASN1 encoding, padded RSA encryption (needs to be fixed) 13 Intro-RSA-Challenges- basic challenges in RSA related to Number Theory [link]  [link] 3. Message Authentication Codes (MACs) S.No. Topic Explanation Impl./Exploit Challenge# 1 Message Authentication Code- internals and security analysis of MACs [link] 2 CBC MAC Forgery- generating two message M1 and M2 having the same CBC-MAC authentication tag [link]  [link] 3 Length Extension Attack on CBC-MAC- generate a valid authentication tag of message M1 || M2 (concatenation) given MAC(M1) [link] [link] 4. Discrete Logarithm Problem S.No. Topic Explanation Impl./Exploit Challenge# 1 DLP- cyclic groups, discrete logarithm problem, Baby-Step-Giant-Step algorithm [link]  [link] 2 Elliptic Curve DLP- defining identity element, inverse of a point, cyclic groups over points on an EC, Hasse's theorem, ECDLP [link] 5. ElGamal Encryption S.No. Topic Explanation Impl./Exploit Challenge# 1 ElGamal Cryptosystem- Encryption/Decryption- key generation, encryption, decryption in ElGamal Cryptosystem [link] [link] [link] 6. Authenticated Encryption (AE) S.No. Topic Explanation Impl./Exploit Challenge# 1 AE basics & internals- working of authenticated encryption [link] 2 AE with MACs- different techniques of implementing AE with MACs: Encrypt and MAC, MAC then encrypt and encrypt then MAC [link] 3 Authenticated Ciphers  [link] 4 AE with Associated Data  [link] 5 AES-GCM- encryption in AES-GCM, Wegman-Carter MAC [link] [link] 6 Forbidden Attack on AES-GCM- attack on AES-GCM due to nonce-reuse  [link] [link] 7. Elliptic Curves S.No. Topic Explanation Impl./Exploit Challenge# 1 Elliptic Curve Internals- defining Elliptic Curves, point addition, point doubling and scalar multiplication [link] 8. Digital Signatures S.No. Topic Explanation Impl./Exploit Challenge# 1 ElGamal Signatures- key generation, signature generation, signature verification and correctness of ElGamal Signature scheme [link] [link] [link] 2 Elliptic Curve DSA- signature generation, signature verification and correctness of signature algorithm [link] 3 Attack k-reuse ECDSA- forging of ECDSA signatures due to reuse of k  [link] 4 Unpadded RSA Digital Signatures- signature generation and verification in RSA digital signature scheme [link] [link] 5 PKCS1-v1.5 padded RSA Digital Signatures [link]  [link] 6 e=3 Bleichenbacher's Attack [link]  [link]  [link] TODORSA EncryptionChosen Ciphertext Attack on RSA Cryptosystem- Byte by Byte decryptionPadding Oracle Attack on PKCS1 padded RSA encryption systematFermat's FactorisationSieve ImprovementCoppersmith's AttackBoneh Durfee AttackHastad's Broadcast AttackImplementation of HBA on padded messagesPKCS1-v1.5 Padded RSA encryption[More to be added]AuthorAshutosh AhelleyaTwitter: https://twitter.com/ashutosha_Blog: https://masterpessimistaa.wordpress.comEmailID: [email protected] Crypton

Link: http://feedproxy.google.com/~r/PentestTools/~3/pV9GKrjPU_4/crypton-library-consisting-of.html

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

Cryptocurrency angel investor Michael Terpin seeks damages for “gross negligence" by the carrier, alleging it turned a blind eye to store employees’ malicious activities.

Link: https://threatpost.com/att-faces-224m-legal-challenge-over-sim-jacking-rings/136645/

Attackers Cashing In On Cryptocurrency With Increased Scams

As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”

Link: https://threatpost.com/attackers-cashing-in-on-cryptocurrency-with-increased-scams/132275/

James Comey: FBI Faces Deep Tech-Related Questions

Cloud migration and automated systems, data privacy and encryption all remain central issues for the FBI as it considers its mandate and role in the modern digital age.

Link: https://threatpost.com/james-comey-fbi-faces-deep-tech-related-questions/132219/

Parrot Security 4.0 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.0 is now available for download. The development process of this version required a lot of time, and many important updates make this release an important milestone in the history of our project.This release includes all the updated packages and bug fixes released since the last version (3.11), and it marks the end of the development and testing process of many new features experimented in the previous releases since Parrot 3.9.Experimental Netinstall ImagesNetinstall images are a powerful tool to install only the bare core of the system or just the software components you really need, you can even use them to install another desktop environment and to build your own system exactly as you want.Parrot 4.0 provide netinstall images too as we would like people to use Parrot not only as a pentest distribution, but also as a framework to build their very own working environment with ease.Docker imagesDocker is a powerful container technology that allows our users to quickly download a Parrot template and immediately spawn unlimited and completely isolated parrot instances on top of any host OS.Parrot on Docker gives you access to all the Parrot containers you need on top of Windows, Mac OS, or any other system supported by docker, no matter if it is just your laptop or a whole docker cluster running on an entire datacenter. You will always have access to all the parrot tools in all the isolated environments you need.Linux Kernel 4.16The introduction of the new Linux 4.16 kernel is a very important step forward for the distro, as newer kernels always introduce many important new features, broader hardware support and important bugfixes.SandboxThe Parrot system is known to be secure and sandboxed thanks to its custom firejail profiles with the underlying apparmor support. Parrot 4.0 is the final result of months of testing on this field, and now the sandboxed applications are stable and reliable.MATE 1.20The MATE Desktop Environment was updated to its 1.20 release, with many graphic bugfixes and new features, like HiDPI support, or the ability to auto-resize windows by dragging them to the corner of the screen and divide them in new layouts.Full list of updated packagesWant to see the full list of packages that were upgraded between 3.11 and 4.0.1?Follow this link https://archive1.parrotsec.org/parrot/iso/4.0.1/updated-packages.txtHow to upgradeIf you have a previous version of Parrot and want to upgrade the system, follow these steps:Open a terminal window and type the following commands:sudo apt updatesudo apt purge tomoyo-toolssudo apt full-upgradesudo apt autoremoveDownload Parrot Security 4.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/KrrCv-US7ZA/parrot-security-40-security-gnulinux.html