题目:
Lab 1: Symmetric Cryptography and Classic Cryptography
- Symmetric Cryptography
1.1 Lab Preparations
This first part of lab can be completed on any Linux machine that has OpenSSL 1.0.1 or later installed. The Openssl program can perform a wide variety of cryptographic operations. Extensive documentation is available through the man pages, and through the program itself. In this part, we will use the OpenSSL package to experiment with encryption and decryption using symmetric encryption algorithms.
Verify that the version of OpenSSL is 1.0.1 or later.
$ openssl version $ openssl version
Examine the list of encryption algorithms provided by OpenSSL. Lower case names followed by an ASCII arrow (=>) are aliases for the longer upper case names on the right side of the arrow.
$ openssl list $ openssl list -ciphercipherciphercipherciphercipher-algorithms
Q1: How many ciphers, including aliases, are supported by this version of OpenSSL? Provide both the command line you used for counting ciphers and the number.
References
The command man openssl will provide short descriptions of how the command works. See the OpenSSL command HOWTO at http://www.madboa.com/geek/openssl/ to obtain more details.
Acknowledgment
This lab was adapted from the Lab #17 in CIT 480 instructed by Dr. James Walden affiliated with Northern Kentucky University
1.2 Encryption and Decryption with Passwords
In the cryptography basics lab, we used OpenSSL to encrypt using a password. OpenSSL converts the password into a key of the appropriate length for the specified cipher. While this usage is convenient, it is subject to password guessing attacks.
Create a txt file as our plaintext named ‘passwd.txt’. And try the following lines:
$ openssl aes -128 -cbc cbc cbc cbc -salt -in passwd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txt -out ciphertext out ciphertext
$ ls -l passwd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txt ciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertext
$ file passwd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txt ciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertextciphertext
$ xxd passwd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txt
$ xxd ciphertext $ xxd ciphertext
$ strings -6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext6 ciphertext
Compare the sizes and types of the resulting files. It will quickly become obvious that the encrypted file is stored in a binary format, not as ASCII text, so we will need to use commands like xxd and strings to investigate the ciphertext rather than just using cat.
Q2: Describe how the original and encrypted files differ in your own words. Are there any interesting strings in the ciphertext file?
Decrypt the file, then compare the resulting plaintext with the original file using the diff command to verify that decryption worked correctly. If the diff command produces no output (and a return value of zero), then the files match. Any output indicates a discrepancy between the two files.
$ openssl aes -128 -cbc cbc cbc cbc -d -salt -in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext -out plaintext out plaintext
$ diff passwd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txtpasswd.txt plaintextplaintextplaintextplaintextplaintextplaintextplaintextplaintextplaintext
$ echo $?
Q3: List the output of diffdiffdiffdiff (if any) and the return value from diff (as stored in the $? shell variable).
Guess the password of the file using the shell loop below, which simply tries each password in a file with openssl one by one. First, create a file named words.lst with the following contents:
123456
password
foobar
foobaz
Add your password to the middle of the list. Do not make it the first item in the list.
$ for PASSWORD in $(cat words.lst); $ for PASSWORD in $(cat words.lst); $ for PASSWORD in $(cat words.lst); $ for PASSWORD in $(cat words.lst);
do
export PASSWORD export PASSWORD
echo; echo “Trying $PASSWORD”; echo; echo “Trying $PASSWORD”; echo; echo “Trying $PASSWORD”; echo; echo
“Trying $PASSWORD”; if openssl if openssl aes -128128128-cbc -d -salt salt salt salt salt -in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext -pass pass pass pass pass env:PASSWORD >/dev/null 2>&1 env:PASSWORD >/dev/null 2>&1 env:PASSWORD >/dev/null 2>&1
then
echo ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORDecho ‘Password for file:’ $PASSWORD
openssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aesopenssl aes-128128128-cbc -d -salt salt salt salt salt -in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext in ciphertext -pass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORDpass env:PASSWORD
fi
done
Q4: What was the output for the correct password (don’t include the decrypted file; just include the output of the code). What was the output for (one of the) incorrect passwords?
1.3 Encryption and Description with Keys
In this part of the lab, we will encrypt and decrypt by explicitly specifying the encryption key and initialization vector (IV), which will ensure that our stored data cannot be decrypted using a password guessing attack. Note that keys are only resistant to guessing attacks if they are random, so we will first learn how to generate random numbers with OpenSSL. The initialization vector is similar to a salt, so it must also be random, though it does not have to be kept secret like an encryption key.
Generate an 8 byte (64 bit) random number
$ openssl rand $ openssl rand –hex 8
Generate the key and initialization vector, storing them in shell variables so that we can reuse them, then encrypt the file with them. Note that specifying options, like the key and initialization vector on the command line exposes them to other users on the same machine who run the ps command, so this technique should only be used when your threat model does not include local users.
$ key=$(openssl rand $ key=$(openssl rand –hex 16 )
$ echo key
$ iv=$(openssl rand $ iv=$(openssl rand –hex 16 )
$ echo iv
$ openssl aes -128 -cbc cbc cbc cbc -K $key -iv $iv $iv $iv $iv $iv $iv $-in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd in /etc/passwd -out ciphertext out ciphertext
$ xxd -l 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertextl 16 ciphertext
While you are not yet expected to understand all the terms used, briefly this command is doing the following:
We are telling openssl to encrypt testfile.txt and put its output in testfile.txt.aes.
We are telling it to use 128 bit AES and in electronic code book mode.
We are specifying the key to use (using -K).
We are specifying the initialization vector (using -iv).
Q5: List your key, initialization vector, and first 16 bytes of the ciphertext as listed by xxd.
Decrypt the file, then compare the plaintext output with the original file using the diff command to verify that decryption worked correctly. If the diff command produces no output, then the files match. Any output indicates a discrepancy between the two files.
Q6: You should be able to decrypt the file with a similar command, but including the -d option to decrypt, and making a couple other small changes. What exact command did you use?
Q7: List the output of diff (if any) and the return value from diff (as stored in the $? shell variable).
You can use the xxd command to get a hex dump of your encrypted file (you will have to pipe the output to another file). Modify one byte somewhere in the middle of the hex dump, then use xxd -r to convert the hex dump back to a binary file. Now, try to decrypt the modified encrypted file.
Q8: What is the extent of the effect of the ciphertext modification on the plaintext? Explain your observations.
Q9: Can you figure out a way to change the ciphertext to produce a desired (specific) modified plaintext on decryption? If so, explain how. If not, explain why this is difficult to do.
Now, make a copy of your plaintext, but try changing (replacing, not adding or deleting) a couple characters in the middle of it. Encrypt the modified version, and compare the result with the encrypted original version (it may be easier to compare hex dumps of each).
Q10: How does the ciphertext (encrypted file) from this encryption differ from the ciphertext based on the original plaintext (what is the extent of the differences)?
Q11: Repeat the above exercise, only this time encrypting and decrypting using aes-128-ecb. What differences do you observe in your results? Does this difference seem important for security? - Classic Cryptography
You can use any techniques to solve the following questions.
Q12: Decrypt the following encrypted quotation and explain/illustrate how do you decrypt it?
pbegu uymiq icuuf guuyi qguuy qcuiv fiqgu uyqcu qbeme vp
Q13: Decrypt the following encrypted quotation and explain/illustrate how do you decrypt it?
auqrq rkrzd dmhxk ageho kfalu hkmog rlagm hznhf fhglm hkrlh mvzmr znvir klhgl vhodw krnra przgr jozdl vzkra gmvrw almka xomah gmvrf zbhka mtqho dwxre dzwmh mzcro imvra khqgz gwwri zkm
解答:
答案就不公开放出来了,不会的可以提问