chg: [workshop] smallkey crypto hands-on

master
Jean-Louis Huynen 2019-11-21 11:34:16 +01:00
parent cf331db122
commit 0b8215bdcb
No known key found for this signature in database
GPG Key ID: 64799157F4BD6B93
12 changed files with 167 additions and 7 deletions

View File

@ -0,0 +1 @@
*.venv

View File

@ -0,0 +1,2 @@
Parts of this material (the key) has been borrowed to Sjoerd Langkemper
https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/

View File

@ -0,0 +1,2 @@
#!/bin/bash
openssl rsa -in privateSmallKey.pem -text -check -noout

View File

@ -0,0 +1,6 @@
n = 8464481006489090994506453371545747140045883416875197642486592854169
print("Factorizing n = {}".format(n))
p, q = factor(n)
print("p = {}".format(p[0]))
print("q = {}".format(q[0]))
print("{} * {} = {}".format(p[0], q[0], p[0]*q[0]))

View File

@ -0,0 +1,13 @@
# This file was *autogenerated* from the file crackSmallKey.sage
from sage.all_cmdline import * # import sage library
_sage_const_8464481006489090994506453371545747140045883416875197642486592854169 = Integer(8464481006489090994506453371545747140045883416875197642486592854169); _sage_const_0 = Integer(0)
n = _sage_const_8464481006489090994506453371545747140045883416875197642486592854169
print("Factorizing n = {}".format(n))
p, q = factor(n)
print("p = {}".format(p[_sage_const_0 ]))
print("q = {}".format(q[_sage_const_0 ]))
print("{} * {} = {}".format(p[_sage_const_0 ], q[_sage_const_0 ], p[_sage_const_0 ]*q[_sage_const_0 ]))

View File

@ -0,0 +1,43 @@
#!/usr/bin/env python3
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography import x509
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
gcd, x, y = egcd(a, m)
if gcd != 1:
return None # modular inverse does not exist
else:
return x % m
n = 8464481006489090994506453371545747140045883416875197642486592854169
p = 2209828846356855715679030504831459
#p = 3830378547390089828095201542724691
e = 3
q = int(n // p)
phi_n = (p-1)*(q-1)
d = modinv(e, phi_n)
dmp1 = rsa.rsa_crt_dmp1(d, p)
dmq1 = rsa.rsa_crt_dmq1(d, q)
iqmp = rsa.rsa_crt_iqmp(p, q)
pn = rsa.RSAPublicNumbers(e, n)
compositen = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, pn)
compositek = compositen.private_key(backend=default_backend())
pem = compositek.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
f = open("privateSmallKey.pem", "wb")
f.write(pem)
f.close()

View File

@ -0,0 +1,2 @@
#!/bin/bash
openssl rsa -in ../smallkey.pem -pubin -modulus -noout

View File

@ -0,0 +1,2 @@
#!/bin/bash
openssl rsa -in ../smallkey.pem -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc

View File

@ -0,0 +1,6 @@
-----BEGIN RSA PRIVATE KEY-----
MIGTAgEAAhxQYAN2VlMPtKrui/RsMRcuEm/IG9yv2ZJfsFiZAgEDAhw1lVekOYy1
IxyfB/hIH/OVSn0/9RK1C2sDZSxDAg5s8/YaxE3yp2QRpeu54wIPALzaLJkj3k34
5GA0rNxTAg5IoqQR2DP3GkK2bp0mlwIOfebIZhfpiVCYQCMd6DcCDhNdZhgUmUdJ
GqvHAVkq
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MDUwDQYJKoZIhvcNAQEBBQADJAAwIQIcUGADdlZTD7Sq7ov0bDEXLhJvyBvcr9mS
X7BYmQIBAw==
-----END PUBLIC KEY-----

View File

@ -1,6 +1,7 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\usepackage{tikz}
\usepackage{listings}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\usepackage{transparent}
@ -198,6 +199,7 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
\begin{figure}
\centering
\includegraphics[width=\textwidth]{d4-ecb.pdf}
\caption{Image encrypted with AES-ECB}
\end{figure}
\end{frame}
@ -205,14 +207,20 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
\begin{frame}
\frametitle{Semantic Security}
For instance AES-ECB is not semantically secure - An attacker can build a
codebook to crack it.
No Semantic Security without randomness
IND-CPA should not leak information about the PlainText as long as the
key is secret:
\begin{itemize}
\item
\item $C^1 = E(K, P^1)$, $C^2 = E(K, P^2)$, what are the couples?
\item the same message encrypted twice should return two different CipherText,
\item one way to achieve this is to introduce randomness in the
encryption process: $C = E(K ,R ,P )$ where R is fresh random bits,
\item C should not be distinguishable from random bits.
\end{itemize}
{\bf No Semantic Security without randomness}
\end{frame}
\begin{frame}
@ -261,12 +269,12 @@ codebook to crack it.
\end{frame}
\begin{frame}
\frametitle{Type of encryption}
\begin{itemize}
\item
\item Symmetric encryption,
\item Asymmetric encryption.
\end{itemize}
\end{frame}
@ -413,16 +421,87 @@ codebook to crack it.
\end{frame}
\begin{frame}
\frametitle{When cryptography helps investigations}
\begin{itemize}
\item crypto provides authentication mechanisms.
\item
\item
\item
\end{itemize}
\end{frame}
\begin{frame}
\begin{center}
{\bf Hands-on: Understanding RSA}
\end{center}
\end{frame}
\begin{frame}
\frametitle{With only one key}
Several potential weaknesses:
\begin{itemize}
\item Key size too small: keys up to 1024 bits are breakable given the
right means,
\item
\item
\item
\item
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{With a bunch of keys}
\end{frame}
\begin{frame}
\begin{center}
{\bf Cryptography and Network captures}
{\bf Hands-on: Exploiting Weaknesses in RSA}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Using Sage}
\end{frame}
\begin{frame}[fragile]
\frametitle{Breaking small keys}
\begin{itemize}
\item Go into:
\begin{lstlisting}
~/smallKey
\end{lstlisting}
\item what is the key size of smallkey?
\item what is n?
\item what is the public exponent?
\item what is n in base10?
\item what are p and q?
\end{itemize}
\vspace{8mm}
{\bf Let's generate the private key.}
\end{frame}
\begin{frame}
\frametitle{Using Snake-Oil-Crypto}
\end{frame}
\begin{frame}
\begin{center}
{\bf D4 passiveSSL Collection}