Encryption - Cryptography 101
The link for this lab is located here: https://tryhackme.com/room/encryptioncrypto101
In this room, we will cover various things including why cryptography matters, RSA, two main classes of cryptography and their uses, key exchange and the future of cryptography.
Task 1 - Key Terms
Here is a list of all the key terms needed for this particular room:
Ciphertext - the result of encrypting a plaintext, encrypted data
Cipher - a method of encrypting or decrypting data. Modern ciphers are cryptographic but there are many non cryptographic ciphers like Caesar
Plaintext - data before encryption, often text but not always
Encryption - transforming data into ciphertext, using a cipher
Encoding - NOT a form of encryption, just a form of data representation like base64 (immediately reversible)
Key - some information that is needed to correctly decrypt the ciphertext and obtain the plaintext
Passphrase - separate to the key, similiar to a password and used to protect a key
Asymmetric encryption - uses different keys to encrypt and decrypt
Symmetric encryption - uses the same key to encrypt and decrypt
Brute force - attacking cryptography by trying every different password or every different key
Cryptanalysis - attacking cryptography by finding a weakness in the underlying maths
Alice and Bob - used to represent 2 people who generally want to communicate
Questions
Q1: Are SSH keys protected with a passphrase or a password?
A: Doing a quick Google search for "how are ssh keys protected" reveals the answer
Task 2 - Why is Encryption Important?
Cryptography is used to protect confidentiality, ensure integrity and ensure authenticity. When logging into various websites, your credentials are sent to the server. These would be encrypted - otherwise, someone would be able to capture them by snooping on your connection.
When you connect to SSH, your client and the server establish an encrypted tunnel so that no one can snoop on your session.
When you connect to your bank, there is a certificate that uses cryptography to prove that it is actually your bank.
When you download a file, how do you check if it downloaded right? You use cryptography to verify a checksum of the data.
Whenever sensitive user data needs to be store, it should be encrypted. Standards like PCI-DSS state that the data should be encrypted both at rest AND while being transmitted. If you are handling payment card details, you need to comply with these PCI regulations.
Medical data has similiar standards. With legislation like GDPR and California's data protection, data breaches are extremely costly and dangerous to you as either a consumer or a business.
Questions
Q1: What does SSH stand for?
A: Secure ShellQ2: How do web servers prove their identity?
A: Looking at the bank example above, we see they use certificatesQ3: What is the main set of standards you need to comply with if you store or process payment card details?
A: PCI-DSS
Task 3 - Crucial Crypto Maths
There is a little bit of maths that comes up relatively frequently in cryptography - the modulo operator. When learning division for the first time, you were probably taught to use remainders in your answer. X%Y is the remainder when X is divided by Y.
Some examples are:
25 % 5 = 0 (5*5 = 25 so it divides exactly with no remainder)
23 % 6 = 5 (23 does not divide evenly by 6, there would be a remainder of 5)
An important thing to rememver about modulo is that it is NOT reversible
Questions
Q1: What is 30 % 5?
A: 0Q2: What is 25 % 7?
A: 4Q3: What is 118613842 % 9091?
A: 3565
Task 4 - Types of Encryption
The two main categories of encryption are symmetric and asymmetric.
Symmetric encryption uses the same key to encrypt and decrypt the data. Examples of Symmetric encryption are DES (Broken) and AES. These algorithms tend to be faster than asymmetric cryptography and use smaller keys (128 or 256 bit keys are common for AES, DES keys are 56 bits long)
Asymmetric encryption uses a pair of keys - one to encrypt and other to decrypt. Examples are RSA and Elliptic Curve Cryptography. Normally, these keys are referred to as a public key and a private key. Data encrypted with the private key can be decrypted with the public key and vice versa.
The private key needs to be kept private. Asymmetric encryption tends to be slower and uses larger keys - RSA typically uses 2048 or 4096 bit keys.
RSA and Elliptic Curve Cryptography are based around different mathematically difficult problems which give them their strength.
Questions
Q1: Should you trust DES?
A: NayQ2: What was the result of the attempt to make DES more secure so that it could be used for longer?
A: Triple DESQ3: Is it ok to share your public key?
A: Yea
Task 5 - RSA (Rivet Shamir Adleman)
RSA is based on the mathematically difficult problem of working out the factors of a large number. It is very quick to multiply two prime numbers together but is incredibly difficult to work out what two prime numbers multiple together to make that number.
The maths behind RSA seems to come up relatively often in CTFs, normally requiring you to calculate variables or break some encryption based on them. There are some excellent tools for defeating RSA challenges in CTFs including RSACTFTool or RSATool.
The key variables that you need to know about for RSA in CTFs are p, q, m, n, e, d and c.
p and q are large prime numbers
n is the product of p and q
Public key is n and e
Private key is n and d
m is used to represent the message
c represents the ciphertext
Crypto CTF challenges often present you with a set of these values and you need to break the encryption and decrypt a message to retrieve the flag.
If you want to learn the maths behind RSA, I recommended reading this.
Questions
Q1: If p = 4391 and q = 6659, what is the value of n?
A: Simply multiple them together to get 29239669
Task 6 - Establishing Keys Using Asymmetric Cryptography
A very common use of asymmetric cryptography is exchanging keys for symmetric encryption. Asymmetric encryption tends to be slower, so for things like HTTPS symmetric encryption is better.
Imagine you have a secret code, and instructions for how to use the secret code. If you want to send your friend the instructions without anyone else being able to read it, what you could do is ask your friend for a lock.
Only they have the key for this lock, and we will assume you have an indestructible box that you can lock with it. If you send the instructions in a locked box to your friend, they can unlock it once it reaches them and read the instructions.
After that, you can communicate in the secret code without risk of people snooping.
In this metaphor, the secret code represents a symmetric encryption key, the lock represents the server's public key and the key represents the server's private key.
You have only used asymmetric cryptography once, so it's fast and you can now communicate privately with symmetric encryption.
In reality, you need a little more cryptography to verify the person you are talking to is who they say they are, which is done using digital signatures and certificates. You can find a lot more detail on how HTTPS really works from here.
Task 7 - Digital Signatures and Certificates
Digital signatures are a way to prove the authenticity of files, to prove who created or modified them. Using asymmetric cryptography, you produce a signature with your private key and it can be verified using your public key. As only you should have access to your private key, this proves you signed the file.
The simplest form of digital signature would be encrypting the document with your private key and then if someone wanted to verify this signature they would decrypt it with your public key and check if the files match.
Certificates are also a key use of public key cryptography linked to digital signatures. A common place where they are used is for HTTPS.
The web server has a certificate that says it is the real website. The certificates have a chain of trust, starting with a root CA (certificate authority). Root CAs are automatically trusted by your device, OS or browser from install.
Certs below that are trusted because the Root CAs say they trust that organization. Certificates below that are trusted because the organization is trusted by the Root CA and so on.
There are long chains of trust. To see more detailed information, check this blog post here.
Questions
Q1: What company is TryHackMe's certificate issued to?
A: CloudFlare
Task 8 - SSH Authentication
By default, SSH is authenticated using usernames and passwords in the same way that you would log in to the physical machine. At some point, you will alsmost certainly hit a machine that has SSh configured with key authentication instead. This uses public and private keys to prove that the client is a valid and authorized user on the server.
By default, SSH keys are RSA keys. You can choose which algorithm to generate and/or add a passphrase to encrypt the SSH key - done via the "ssh-keygen" command.
You should treat your private SSH keys like passwords. If someone has your private key, they can use it to log in to servers that will accept it unless the key is encrypted. It is important to mention that the passphrase to decrypt the key is NOT used to identify you to the server at all - it simple decrypts the SSH key.
Using tools like John the Ripper, you can attack an encrypted SSH key to attempt to find the passphrase which highlights the importance of using a secure passphrase and keeping it secure.
When generating an SSH key to log in to a remote machine, you should generate the keys on your machine and then copy the public key over as this means the private key never exists on the target machine. For temporary keys generated for access to CTF boxes, this doesn't matter as much.
The "~./ssh" folder is the default place to store these keys for OpenSSH. The "authorized_keys" file in this directoryt holds public keys that are allowed to access the server if key authentication is enabled. By default on many distros, key authentication is enabled as it is more secure than using a password to authenticate.
In order to use a private SSH key, the permissions must be set up correctly otherwise your SSH client will ignore the file with a warning. Only the owner should be able to read or write to the private key (600 or stricter). The syntax "ssh -i keyNameGoesHere user@host" is how you specify a key for the standard Linux OpenSSH client.
Questions
Q3: What algorithm does the downloaded key use?
A: Simply opening the file and reading the top reveals it is using RSA
Q4: Crack the password with John the Ripper and rockyou, what is the passphrase for the key?
A: First, you have to use ssh2john to convert it to a usable format for John via the command /usr/share/john/ssh2john.py /home/complex/Downloads/id_rsa > passtocrack
Next, simply use john to crack the password inside the new file created - john passtocrack --wordlist=/usr/share/wordlists/rockyou.txt
Task 9 - Explaining Diffie Hellman Key Exchange
Key exchange allows 2 people to establish a set of common cryptographic keys without an observer being able to get these keys. Generally, to establish common symmetric keys.
As an example, Alice and Bob want to talk securely. They want to establish a common key, so they can use symmetric cryptography but they do not want to use key exchange with asymmetric crytpography. This is where DH Key Exchange comes in.
Alice and Bob both have secrets that they generate - A and B. They also have some common material that is public (call it C). We need to make some assumptions. Firstly, whenever we combine secrets/material it is impossible or very very difficult to separate. Secondly, the order that they are combined in doesn't matter.
Alice and Bob will combine their secrets with the common material and form AC and BC. They will then send these to each other and combine that with their secrets to form two identical keys both ABC. Now they can use this to communicate.
For more information on this topic, click here.
Task 10 - PGP, GPG and AES
PGP stands for Pretty Good Privacy. It is a software that implements encryption for encrypting files, performing digital signing and more.
GnuPG or GPG is an Open Source implementation of PGP from the GNU project. You may need to use GPG to decrypt files in CTFs. With PGP/GPG, private keys can be protected with passphrases similiar to SSH. You can attempt to crack this passphrase using John the Ripper and gpg2john.
AES stands for Advanced Encryption Standard. It was a replacement for DES which had short keys and other cryptographic flaws. AES and DES both operate on blocks of data (a block is a fixed size series of bits).
AES is complicated to explain and doesn't come up to often. If you want to learn more about it, click here.
Questions
Q2: You have the private key, and a file encrypted with the public key. Decrypt the file. What is the secret word?
A: First, we have to unzip the file using the unzip command - unzip gpg.zip
Next, we have to import the key into gpg using the following - sudo gpg --import tryhackme.key
Next, we simply use GPG to decrypt the message - sudo gpg message.gpg
Finally, we can simply cat out the final message file and get the secret word
Task 11 - The Future (Quantum Computers and Encryption)
While it is unlikely we will have sufficiently powerful quantum computers until around 2030, once these exist encryption that uses RSA or Elliptical Curve Cryptography will be very fast to break. This is because quantum computers can very efficiently solve the mathematical problem that these algorithms rely on for their strength.
AES with 128 bit keys is also likely to be broken by quantum computers in the near future, but 256 bit keys cannot be broken as easily. Triple DES is also vulnerable to attacks from quantum computers.
The NSA recommends using RSA-3072 or better for asymmetric encryption and AES-256 or better for symmetric encryption. There are several competitions currently running for quantum safe cryptographic algorithms and it is likely that we will have a new encryption standard before quantum computers become a threat to RSA and AES.
IF you want to learn more about this, NIST has resources that detail what the issues with current encryption is and the currently proposed solutions for these located here.
