chg: [workshop] closePQ crypto hands-on

2019-11-21 18:02:25 +01:00 · 2019-11-21 18:02:25 +01:00 · bac5506db8
parent 5b447b180e
commit bac5506db8
10 changed files with 137 additions and 32 deletions
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md
@ -0,0 +1,4 @@
+* Parts of this material (the keys) has been borrowed to Sjoerd Langkemper
+https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/
+* Some Algorithms were borrowed from Daniel J. Bersntein's website:
+http://facthacks.cr.yp.to/fermat.html
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage
@ -0,0 +1,22 @@
+def fermatfactor(N):
+  if N <= 0: return [N]
+  if is_even(N): return [2,N/2]
+  a = ceil(sqrt(N))
+  while not is_square(a^2-N):
+    a = a + 1
+  b = sqrt(a^2-N)
+  return [a - b,a + b]
+
+# Very CloseQP
+#n = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007
+
+# Not so ClosePQ
+n = 490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701 
+
+print("n = {}".format(n))
+
+p, q = fermatfactor(n)
+
+print("p = {}".format(p))
+print("q = {}".format(q))
+print("p * q = {}".format(p * q))
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage.py
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage.py
@ -0,0 +1,29 @@
+
+
+# This file was *autogenerated* from the file fermat.sage
+from sage.all_cmdline import *   # import sage library
+
+_sage_const_0 = Integer(0); _sage_const_2 = Integer(2); _sage_const_1 = Integer(1); _sage_const_490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701 = Integer(490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701)
+def fermatfactor(N):
+  if N <= _sage_const_0 : return [N]
+  if is_even(N): return [_sage_const_2 ,N/_sage_const_2 ]
+  a = ceil(sqrt(N))
+  while not is_square(a**_sage_const_2 -N):
+    a = a + _sage_const_1 
+  b = sqrt(a**_sage_const_2 -N)
+  return [a - b,a + b]
+
+# Very CloseQP
+#n = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007
+
+# Not so ClosePQ
+n = _sage_const_490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701  
+
+print("n = {}".format(n))
+
+p, q = fermatfactor(n)
+
+print("p = {}".format(p))
+print("q = {}".format(q))
+print("p * q = {}".format(p * q))
+
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/getModulusBase10.sh
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/getModulusBase10.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+openssl rsa -in $1 -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc | tr -d '\\\n' 
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/notsoclosepq.pem
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/notsoclosepq.pem
@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQK7J6hkZs8eu5gmwWk7oK2IEtDt
+zEeWixZ1JS2F2ISZeR5gy3THt7dtesDCIkXse3cFe+HURmct9B7wUob65GG1gTI1
+jLEBtb1/Da0R9suVXn2ef42SIZLR+dW+uUf8iQUkxB4z8OM/9d/lb/wxW3JZogke
+jcysnFAJBVkHqWCG9QIDAQAB
+-----END PUBLIC KEY-----
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/veryclosepq.pem
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/veryclosepq.pem
@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgGAFd1hdbe7FIq14C4Zfe2ox9
+TVWB66OTQH/3IyMfH5Fm+WoUcwaxf+n2viH/aGW2LtW2iQc+kXRufwyLJHyKPZCx
+r3cyYF9s2MbUPfGb2ToySdWziGzO9CPqW5IasCwEH85XYPczMOm+h/FgBublKcXQ
+Nfe3pNQ2q2m2SJG8dwIDAQAB
+-----END PUBLIC KEY-----
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md
@ -1,2 +0,0 @@
-Parts of this material (the key) has been borrowed to Sjoerd Langkemper
-https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh
@ -1,2 +1,2 @@
 #!/bin/bash
-openssl rsa -in ../smallkey.pem -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc 
+openssl rsa -in $1 -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc | tr -d '\\\n' 
--- a/docs/workshop/5-snake-oil-crypto/soc.pdf
+++ b/docs/workshop/5-snake-oil-crypto/soc.pdf
--- a/docs/workshop/5-snake-oil-crypto/soc.tex
+++ b/docs/workshop/5-snake-oil-crypto/soc.tex
@ -28,10 +28,13 @@

        \begin{itemize}
          \item Cryptography 101,
-          \item Cryptography and Network captures,
+          \item Encryption an Law Enforcement,
+          \item Use-Case: RSA,
+          \item First Hands-on: Understanding RSA,
+          \item Snake-Oil-Crypto: a primer,
+          \item Second Hands-on: RSA in Snake-Oil-Crypto,
          \item D4 passiveSSL Collection,
-          \item Leveraging OpenPGP metedata,
-          \item Checking for weak crypto.
+          \item Interactions with MISP.
        \end{itemize}

 \end{frame}
@ -444,21 +447,25 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
  \begin{itemize}
    \item Key size too small: keys up to 1024 bits are breakable given the
      right means,
-    \item  
-    \item
-    \item
-    \item
+    \item close p and q,
+    \item unsafe primes, smooth primes,
+    \item broken primes (FactorDB, Debian OpenSSL bug).
  \end{itemize}

 \end{frame}

-
 \begin{frame}
-  \frametitle{With a bunch of  keys}
+  \frametitle{With a set of  keys}
+  Several potential weaknesses:
+  \begin{itemize}
+   \item share moduli: if n1 = n2 then the keys share p and q,
+   \item share p or q,
+  \end{itemize}
+ \vspace{10mm}
+  {\bf In both case, it is trivial to recover the private keys.}
+
 \end{frame}

-
-
 \begin{frame}
  \begin{center}
    {\bf Hands-on: Exploiting Weaknesses in RSA}
@ -470,7 +477,7 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
 \end{frame}

 \begin{frame}[fragile]
-  \frametitle{Breaking small keys}
+  \frametitle{Breaking small keys\footnote{https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/}}
  \begin{itemize}
  \item Go into:

@ -487,36 +494,45 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
  \end{itemize}

  \vspace{8mm}
-  {\bf Let's generate the private key.}
+  {\bf Let's generate the private key: }using p, then using q.
  
 \end{frame}

+\begin{frame}[fragile]
+  \frametitle{Close Prime Factors}
+  \begin{itemize}
+  \item Go into:
+\begin{lstlisting}
+~/ClosePQ
+\end{lstlisting}

-\begin{frame}
-  \frametitle{Using Snake-Oil-Crypto}
+   \item use Fermat Algorithm\footnote{\url{http://facthacks.cr.yp.to/fermat.html}} to find {\bf both p and q:}
+
+\begin{lstlisting}
+def fermatfactor(N):
+  if N <= 0: return [N]
+  if is_even(N): return [2,N/2]
+  a = ceil(sqrt(N))
+  while not is_square(a^2-N):
+    a = a + 1
+  b = sqrt(a^2-N)
+  return [a - b,a + b]
+\end{lstlisting}
+
+  \end{itemize}
+ 
 \end{frame}



-
-
-
-
 \begin{frame}
-  \begin{center}
-    {\bf D4 passiveSSL Collection}
-  \end{center}
+  \frametitle{Shared prime factors}
 \end{frame}

 \begin{frame}
  \begin{center}
-    {\bf Leveraging OpenPGP metedata}
-  \end{center}
-\end{frame}
-
-\begin{frame}
-  \begin{center}
-    {\bf Checking for weak crypto}
+    {\bf Hands-on: Exploiting Weaknesses in RSA}\\
+    {\bf -- at bigger scale --}\\
  \end{center}
 \end{frame}

@ -653,6 +669,26 @@ Given n=pq and n' = pq' it is trivial to recover the shared p by computing their
 \end{frame}


+\begin{frame}
+  \frametitle{PassiveSSL}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Using Snake-Oil-Crypto}
+\end{frame}
+
+\begin{frame}
+  \begin{center}
+    {\bf Leveraging OpenPGP metedata}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \begin{center}
+    {\bf Checking for weak crypto}
+  \end{center}
+\end{frame}
+

 \begin{frame}
 \frametitle{Get in touch if you want to join/support the project, host a passive ssl sensor or contribute}
@ -663,6 +699,8 @@ Given n=pq and n' = pq' it is trivial to recover the shared p by computing their
 \end{itemize}
 \end{frame}

+
+
 \nocite{*} 
 \begin{frame}[allowframebreaks]
        \frametitle{References}