### add: [workshop] more content for SOC

master
parent 94109782df
commit 8b7e53afd3
No known key found for this signature in database
GPG Key ID: 64799157F4BD6B93
3 changed files with 184 additions and 0 deletions

#### 8 docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md View File

 @ -1,4 +1,12 @@ * Parts of this material (the keys) has been borrowed to Sjoerd Langkemper https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/   * Some Algorithms were borrowed from Daniel J. Bersntein's website: http://facthacks.cr.yp.to/fermat.html   * The "shared prime" key material comes from the challenge hosted here: http://www.loyalty.org/~schoen/rsa/   * Pictures https://www.freecodecamp.org/news/how-does-pretty-good-privacy-work-3f5f75ecea97/ https://upload.wikimedia.org/wikipedia/commons/4/4e/Web_of_Trust-en.svg

#### 176 docs/workshop/5-snake-oil-crypto/rsabasics.tex Normal file View File

 @ -0,0 +1,176 @@ \begin{frame}  \begin{center}  {\bf Understanding RSA}  \end{center} \end{frame}   \begin{frame}  \frametitle{RSA Basics}  Ron {\bf R}ivest, Adi {\bf S}hamir, and Leonard {\bf A}dleman in 1977:  \begin{itemize}  \item asymmetric crypto system,  \item can encrypt and sign,  \item messages are big numbers,  \item encryption is basically multiplication of big numbers,  \item creates a \textit{trapdoor permutation}: turning x in y is easy, but  finding x from y is hard.  \end{itemize}   \end{frame}   \begin{frame}[fragile]  \frametitle{RSA - Use with openssl}  \begin{itemize}  \item {\bf Hands-on}:   \begin{lstlisting} ~/hands-on/UsingRSA \end{lstlisting}    \item Decrypt message.bin  \item generate a new private key,  \item generate the corresponding public key,  \item use this new key to encrypt a message,  \item use this new key to decrypt a message.     \end{itemize} \end{frame}     \begin{frame}[fragile]  \frametitle{RSA by hand''} run: sage rsa.sage at the folder's root: \begin{lstlisting}[basicstyle=\tiny] PlainText is: 1234567890 p = random_prime(2^32) = 2312340619 q = random_prime(2^32) = 2031410981 n = p*q = 4697314125248937239 phi = (p-1)*(q-1) = 4697314120905185640 e = random_prime(phi) = 2588085603940229747 d = xgcd(e,phi)[1] = -2102894211931680277 Does d*e == 1?  mod(d*e, phi) = 1 CipherText y = power_mod(x, e, n) = 1454606910711062745 Decrypted CT is: 1234567890 \end{lstlisting}   \end{frame}   \begin{frame}  \frametitle{With only one key}  Several potential weaknesses:  \begin{itemize}  \item Key size too small: keys up to 1024 bits are breakable given the  right means,  \item close p and q,  \item unsafe primes, smooth primes,  \item broken primes (FactorDB, Debian OpenSSL bug).  \item signing with RSA-CRT (instead of RSA-PSS)  \end{itemize}   \end{frame}   \begin{frame}  \frametitle{With a set of keys}  Several potential weaknesses:  \begin{itemize}  \item share moduli: if n1 = n2 then the keys share p and q,  \item share p or q,  \end{itemize}  \vspace{10mm}  {\bf In both case, it is trivial to recover the private keys.} \end{frame}     \begin{frame}[fragile]  \frametitle{Breaking small keys\footnote{https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/}}  \begin{itemize} \item {\bf Hands-on}:   \begin{lstlisting} ~/hands-on/SmallKey \end{lstlisting}    \item what is the key size of smallkey?  \item what is n?  \item what is the public exponent?  \item what is n in base10?  \item what are p and q?    \end{itemize}    \vspace{8mm}  {\bf Let's generate the private key: }using p, then using q.   \end{frame}   \begin{frame}[fragile]  \frametitle{Close Prime Factors}  \begin{itemize} \item {\bf Hands-on}:   \begin{lstlisting} ~/hands-on/ClosePQ \end{lstlisting}    \item use Fermat Algorithm\footnote{\url{http://facthacks.cr.yp.to/fermat.html}} to find {\bf both p and q:}   \begin{lstlisting}[basicstyle=\tiny] def fermatfactor(N):  if N <= 0: return [N]  if is_even(N): return [2,N/2]  a = ceil(sqrt(N))  while not is_square(a^2-N):  a = a + 1  b = sqrt(a^2-N)  return [a - b,a + b] \end{lstlisting}    \end{itemize}   \end{frame}   \begin{frame}[fragile]  \frametitle{Shared prime factors}  Researchers have shown that several devices generated their keypairs  at boot time without enough entropy\footnote{Bernstein, Heninger, and Lange: \url{http://facthacks.cr.yp.to/}}:   \begin{lstlisting}[language=python, basicstyle=\tiny] prng.seed(seed) p = prng.generate_random_prime() // prng.add_entropy() q = prng.generate_random_prime() n = p*q \end{lstlisting}   Given n=pq and n' = pq' it is trivial to recover the shared p by computing their {\bf Greatest Common Divisor (GCD)}, and therefore {\bf both private  keys}\footnote{\url{http://www.loyalty.org/~schoen/rsa/}}.\\ \vspace{5mm} They cracked cracked about 13000 of them'' \end{frame}   \begin{frame}[fragile]  \frametitle{Shared prime factors}  \begin{itemize} \item {\bf Hands-on}:   \begin{lstlisting} ~/hands-on/SharedPrimeFactor \end{lstlisting}   \item Read README.txt, you have a challenge to solve :    \begin{itemize}  \item the \emph{answers} folder should be left alone for now,  \item \emph{scripts} contains scripts that may be useful  to solve the challenge,  \item \emph{attempts} may hold your attempt are  generating private keys.   \item \emph{bgcd-bd.sage} contains Daniel J. Berstein's algorithm for computing RSA  collisions in batches.  \end{itemize}    \end{itemize}   \end{frame}

#### BIN docs/workshop/5-snake-oil-crypto/soc.pdf View File

Binary file not shown.
Loading…