DOCSLIB.ORG

Comptia Security+ SY0-501

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Comptia Security+ SY0-501 CompTIA Security+ 501 CompTIA Security+ SY0-501 Instructor: Ron Woerner, CISSP, CISM CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics – Part 1 Cybrary - Ron Woerner 1 CompTIA Security+ 501 6.2 Cryptography Algorithms PART 1 PART 2 ● Obfuscation ● Asymmetric ● Hashing algorithms ● Symmetric algorithms algorithms ○ MD5 ○ AES ○ RSA ○ SHA ○ DES ○ DSA ○ HMAC ○ 3DES ○ Diffie-Hellman ○ RIPEMD ○ RC4 ○ DHE ● Key stretching algorithms ○ Blowfish/Twofish ○ ECDHE ○ Elliptic curve ● Cipher modes ○ PGP/GPG ○ Stream vs. block ○ CTR ○ CBC ○ GCM ○ ECB 6.2 Cryptography Algorithms PART 1 PART 2 ● Obfuscation ● Asymmetric ● Hashing algorithms ● Symmetric algorithms algorithms ○ MD5 ○ AES ○ RSA ○ SHA ○ DES ○ DSA ○ HMAC ○ 3DES ○ Diffie-Hellman ○ RIPEMD ○ RC4 ○ DHE ● Key stretching algorithms ○ Blowfish/Twofish ○ ECDHE ○ Elliptic curve ● Cipher modes ○ PGP/GPG ○ Stream vs. block ○ CTR ○ CBC ○ GCM ○ ECB Cybrary - Ron Woerner 2 CompTIA Security+ 501 Obfuscation ● The act of making something difficult to understand ● Substitution cipher . Example: ROT13 (rotate 13 places) Obfuscation XOR (eXclusive OR) ● Example: Cybrary - Ron Woerner 3 CompTIA Security+ 501 Symmetric algorithms ● DES – Data Encryption Standard ○ Adopted by NIST in 1977 ○ Block cipher using 64-bit blocks - 56-bit key + 8 bits of parity ○ Short key length subject to brute-force attacks ● 3DES – Triple DES ○ DES algorithm computed three times ○ Using a "key bundle" that comprises three different DES keys, each of 56 bits = Total bit strength of 168 bits (known as 3TDEA) ○ Also options to reuse keys. Symmetric algorithms ● AES – Advanced Encryption Standard ○ Original name Rijndael ○ Free for any use public or private, commercial or non-commercial ○ Adopted by NIST in 2001 ○ Block cipher with 128 bit block size ○ Three key lengths: 128, 192 and 256 bits ○ Uses multiple encryption rounds – 10 rounds for 128-bit keys, 12 rounds for 192- bit keys, and 14 rounds for 256-bit keys Cybrary - Ron Woerner 4 CompTIA Security+ 501 AES Encryption Explained http://www.moserware.com/2009/0 9/stick-figure-guide-to- advanced.html 9 Symmetric algorithms ● RC4 / RC5 / RC6 – Rivest Cipher ○ RC4 is a stream cipher, RC5 & RC6 – block ciphers ○ Works with key sizes between 40 and 2,048 bits, ● Blowfish / Twofish ○ A symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). ○ Twofish uses 128-bit blocks Cybrary - Ron Woerner 5 CompTIA Security+ 501 Symmetric algorithms ● International Data Encryption Algorithm (IDEA) ○ 128-bit key ○ Similar to DES, but more secure ○ Used in Pretty Good Privacy (PGP) ● One-Time Pad (OTP) ○ Most secure crypto implementation ○ Use of a key as long as the plain-text message ○ Only used once and then destroyed ● Skipjack ○ NSA developed block cipher used in clipper chip ○ Uses an 80-bit key to encrypt 64-bit blocks of data Cipher modes ● CTR – Counter Mode ○ Turns a block cipher into a stream cipher ○ Used to generate a keystream ○ Each block combines a nonce or IV with a sequentially assigned number to produce a unique counter block that is then encrypted ● CBC – Cipher-Block Chaining ○ Uses an IV with the first block. ○ Thereafter, each block of plain text is obfuscated with the cipher text from the previous block before it is encrypted ○ Introduces more diffusion & reduces effects of plain-text attacks Cybrary - Ron Woerner 6 CompTIA Security+ 501 Cipher modes ● GCM – Galois/Counter Mode ○ Provides both integrity and confidentiality ○ GCM uses CTR with 128-bit blocks. ○ Each 128-bit block is given an encrypted number. That result is then obfuscated with the plain text, producing the cipher text. ○ GMAC (Galois Message Authentication Code) is an authentication-only variant of the GCM which can be used as an incremental message authentication code ● ECB – Electronic Codebook ○ Divides the message into blocks and then encrypts each block ○ No longer recommended - the same plain-text block is encrypted into the same cipher-text block each time CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics – end of Part 1 Cybrary - Ron Woerner 7 CompTIA Security+ 501 Exam Preparation This block cipher uses a "key bundle" that comprises three different DES keys, each of 56 bits? A. DES B. AES C. RSA D. 3DES Exam Preparation This cryptographic algorithm works by generating a keystream block by encrypting sequential values of some counter and is used to convert a block cipher into a stream cipher. A. GCM B. CTR C. AES D. Twofish Cybrary - Ron Woerner 8 CompTIA Security+ 501 CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics – end of Part 1 CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics – Part 2 Cybrary - Ron Woerner 9 CompTIA Security+ 501 6.2 Cryptography Algorithms PART 1 PART 2 ● Obfuscation ● Asymmetric ● Hashing algorithms ● Symmetric algorithms algorithms ○ MD5 ○ AES ○ RSA ○ SHA ○ DES ○ DSA ○ HMAC ○ 3DES ○ Diffie-Hellman ○ RIPEMD ○ RC4 ○ DHE ● Key stretching algorithms ○ Blowfish/Twofish ○ ECDHE ● Cipher modes ○ Elliptic curve ○ Stream vs. block ○ PGP/GPG ○ CTR ○ CBC ○ GCM ○ ECB Asymmetric Encryption ● Uses two keys – one to encrypt the other to decrypt ● Keys are mathematically related ● Public / Private key encryption ● Only the private key needs to be kept secret Only it can decrypt the message Cybrary - Ron Woerner 10 CompTIA Security+ 501 Asymmetric algorithms ● Extra computational overhead ● Used primarily for ○ Secure exchange of a shared keys used for symmetric encryption ○ Digital signatures ● Solves the issue of key exchange with symmetric encryption Asymmetric algorithms ● Rivest, Shamir, and Adleman (RSA) ○ Used for key exchange and digital signatures ○ Key can be any length ○ Algorithm works by multiplying two large prime numbers ○ Derives two different numbers: one public key and one private key ● Diffie-Hellman key exchange (D-H) ○ Two parties, without prior arrangement can agree on a secret key that is known only to them ○ Only used to generate a shared key (not encryption) ○ Key can be safely / secretly shared on a public network ● Diffie-Hellman Ephemeral (DHE) ○ Uses a different key for every conversation ○ Supports perfect forward secrecy Cybrary - Ron Woerner 11 CompTIA Security+ 501 Asymmetric algorithms ● Elliptic curve cryptography (ECC) ○ Technique using elliptic curves to calculate simple but difficult-to-break encryption keys ○ Uses smaller key sizes to obtain the same level of security [160-bit ECC = 1024-bit RSA] ● Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) ○ Variant of DHE using ECC for perfect forward secrecy ● El Gamal ○ An extension to the Diffie-Hellman using an ephemeral key ● Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) ○ Developed by Phillip R. Zimmerman in 1991 ○ Used to encrypt and sign email messages Hashing ● “Digital fingerprint” ● Work by taking a string of any length and producing a fixed-length string for output ● Changing the original changes the hash value ● Originator takes a hash of the file and provides hash to receiver. Receiver takes hash of file and compares with original to ensure file integrity. Cybrary - Ron Woerner 12 CompTIA Security+ 501 Hashing algorithms ● Secure Hash Algorithm (SHA, SHA-1, SHA-2, SHA-3) ○ Developed by US NSA ○ SHA-1 can generate a 160-bit hash from any variable-length string of data ○ SHA-2 = SHA-224, SHA-256, SHA-384, and SHA-512 (based on their digest lengths) ○ SHA-3, published in 2012. Not widely used yet ● Message Digest Algorithm (MD2, MD4, MD5) ○ The most widely known hashing function. ○ Produces a 16-byte hash value, usually expressed as a 32 digit hexadecimal number. ○ Considered compromised. Rainbow tables have been published which allow people to reverse MD5 hashes made without good salts Hashing algorithms Cybrary - Ron Woerner 13 CompTIA Security+ 501 Hashing algorithms ● Message Authentication Code (MAC) ○ Authentication of messages using a secret key ○ Used in electronic fund transfers to protect against fraud ● Hash-based Message Authentication Code (HMAC) ○ HMAC combines a cryptographic hash function and a secret cryptographic key ○ HMAC does not encrypt the message, only the key. ● RACE Integrity Primitives Evaluation Message Digest (RIPEMD) ○ Design based on MD4 ○ 160-bit version of the algorithm (RIPEMD-160) performs comparably to SHA-1 Rainbow Tables and Salts ● Rainbow table ○ a precomputed table for reversing cryptographic hash functions ○ all of the possible hashes are computed in advance ● Salt - random data that is used as an additional input to hashes Cybrary - Ron Woerner 14 CompTIA Security+ 501 Key Stretching Processes used to take a weak key and make it stronger, usually by making it longer ● Bcrypt ○ Based on the blowfish algorithm ○ provides an adaptive hash function based on a key factor ● PBKDF2 (Password-Based Key Derivation Function 2) ○ Algorithm applies a pseudo-random function to the password, combined with a salt of at least 64 bits, and then repeats the process at least 1,000 times CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics – end of Part 2 Cybrary - Ron Woerner 15 CompTIA Security+ 501 Exam Preparation This hashing algorithm, now considered compromised, produces a 16-byte hash value, usually expressed as a 32 digit hexadecimal number? A. SHA-1 B. Rainbow tables C. MD5 D. HMAC Exam Preparation Alice and Bob want to shared a file over the Internet. They plan on using AES-256 for file encryption, but need to share a secret key between them. Which algorithm is best for this use? A. Diffie-Hellman B. RSA C. SHA-1 D. ECB Cybrary - Ron Woerner 16 CompTIA Security+ 501 Security+ Lab Guide The Encryption and Hashing module provide you with the instructions and devices to develop your hands-on skills. CompTIA Security+ Domain 6 – Cryptography & PKI 6.2 Explain cryptography algorithms and their basic characteristics Cybrary - Ron Woerner 17.
Load more

Recommended publications
  • GPU-Based Password Cracking on the Security of Password Hashing Schemes Regarding Advances in Graphics Processing Units
    Radboud University Nijmegen Faculty of Science Kerckhoffs Institute Master of Science Thesis GPU-based Password Cracking On the Security of Password Hashing Schemes regarding Advances in Graphics Processing Units by Martijn Sprengers [email protected] Supervisors: Dr. L. Batina (Radboud University Nijmegen) Ir. S. Hegt (KPMG IT Advisory) Ir. P. Ceelen (KPMG IT Advisory) Thesis number: 646 Final Version Abstract Since users rely on passwords to authenticate themselves to computer systems, ad- versaries attempt to recover those passwords. To prevent such a recovery, various password hashing schemes can be used to store passwords securely. However, recent advances in the graphics processing unit (GPU) hardware challenge the way we have to look at secure password storage. GPU's have proven to be suitable for crypto- graphic operations and provide a significant speedup in performance compared to traditional central processing units (CPU's). This research focuses on the security requirements and properties of prevalent pass- word hashing schemes. Moreover, we present a proof of concept that launches an exhaustive search attack on the MD5-crypt password hashing scheme using modern GPU's. We show that it is possible to achieve a performance of 880 000 hashes per second, using different optimization techniques. Therefore our implementation, executed on a typical GPU, is more than 30 times faster than equally priced CPU hardware. With this performance increase, `complex' passwords with a length of 8 characters are now becoming feasible to crack. In addition, we show that between 50% and 80% of the passwords in a leaked database could be recovered within 2 months of computation time on one Nvidia GeForce 295 GTX.
    [Show full text]
  • FIPS 140-2 Non-Proprietary Security Policy
    Kernel Crypto API Cryptographic Module version 1.0 FIPS 140-2 Non-Proprietary Security Policy Version 1.3 Last update: 2020-03-02 Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.com © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. Kernel Crypto API Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. Cryptographic Module Specification ..................................................................................................... 5 1.1. Module Overview ..................................................................................................................................... 5 1.2. Modes of Operation ................................................................................................................................. 9 2. Cryptographic Module Ports and Interfaces ........................................................................................ 10 3. Roles, Services and Authentication ..................................................................................................... 11 3.1. Roles .......................................................................................................................................................11 3.2. Services ...................................................................................................................................................11
    [Show full text]
  • Fast Hashing and Stream Encryption with Panama
    Fast Hashing and Stream Encryption with Panama Joan Daemen1 and Craig Clapp2 1 Banksys, Haachtesteenweg 1442, B-1130 Brussel, Belgium [email protected] 2 PictureTel Corporation, 100 Minuteman Rd., Andover, MA 01810, USA [email protected] Abstract. We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low work-factor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a com- mercially available VLIW micro-processor. 1 Introduction Panama is a cryptographic module that can be used both as a cryptographic hash function and a stream cipher. It is designed to be very efficient in software implementations on 32-bit architectures. Its basic operations are on 32-bit words. The hashing state is updated by a parallel nonlinear transformation, the buffer operates as a linear feedback shift register, similar to that applied in the compression function of SHA [6]. Panama is largely based on the StepRightUp stream/hash module that was described in [4]. Panama has a low per-byte work factor while still claiming very high security. The price paid for this is a relatively high fixed computational overhead for every execution of the hash function. This makes the Panama hash function less suited for the hashing of messages shorter than the equivalent of a typewritten page. For the stream cipher it results in a relatively long initialization procedure. Hence, in applications where speed is critical, too frequent resynchronization should be avoided.
    [Show full text]
  • Security + Encryption Standards
    Security + Encryption Standards Author: Joseph Lee Email: joseph@ ripplesoftware.ca Mobile: 778-725-3206 General Concepts Forward secrecy / perfect forward secrecy • Using a key exchange to provide a new key for each session provides improved forward secrecy because if keys are found out by an attacker, past data cannot be compromised with the keys Confusion • Cipher-text is significantly different than the original plaintext data • The property of confusion hides the relationship between the cipher-text and the key Diffusion • Is the principle that small changes in message plaintext results in large changes in the cipher-text • The idea of diffusion is to hide the relationship between the cipher-text and the plaintext Secret-algorithm • A proprietary algorithm that is not publicly disclosed • This is discouraged because it cannot be reviewed Weak / depreciated algorithms • An algorithm that can be easily "cracked" or defeated by an attacker High-resiliency • Refers to the strength of the encryption key if an attacker discovers part of the key Data-in-transit • Data sent over a network Data-at-rest • Data stored on a medium Data-in-use • Data being used by an application / computer system Out-of-band KEX • Using a medium / channel for key-exchange other than the medium the data transfer is taking place (phone, email, snail mail) In-band KEX • Using the same medium / channel for key-exchange that the data transfer is taking place Integrity • Ability to determine the message has not been altered • Hashing algorithms manage Authenticity
    [Show full text]
  • FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS
    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-4.0.0 Date: January 22nd, 2020 Document Version 2.3 © Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux 7 NSS Cryptographic Module Security Policy Date: January 22nd, 2020 Author: Oracle Security Evaluations – Global Product Security Contributing Authors: Oracle Linux Engineering Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 7 NSS Cryptographic Module Security Policy i TABLE OF CONTENTS Section Title
    [Show full text]
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms
    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
    [Show full text]
  • A New Approach in Expanding the Hash Size of MD5
    374 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 10, No. 2, August 2018 A New Approach in Expanding the Hash Size of MD5 Esmael V. Maliberan, Ariel M. Sison, Ruji P. Medina Graduate Programs, Technological Institute of the Philippines, Quezon City, Philippines Abstract: The enhanced MD5 algorithm has been developed by variants and RIPEMD-160. These hash algorithms are used expanding its hash value up to 1280 bits from the original size of widely in cryptographic protocols and internet 128 bit using XOR and AND operators. Findings revealed that the communication in general. Among several hashing hash value of the modified algorithm was not cracked or hacked algorithms mentioned above, MD5 still surpasses the other during the experiment and testing using powerful bruteforce, since it is still widely used in the domain authentication dictionary, cracking tools and rainbow table such as security owing to its feature of irreversible [41]. This only CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level means that the confirmation does not need to demand the compared to the original MD5. Furthermore, the proposed method original data but only need to have an effective digest to could output a hash value with 1280 bits with only 10.9 ms confirm the identity of the client. The MD5 message digest additional execution time from MD5. algorithm was developed by Ronald Rivest sometime in 1991 to change a previous hash function MD4, and it is commonly Keywords: MD5 algorithm, hashing, client-server used in securing data in various applications [27,23,22].
    [Show full text]
  • Cryptanalysis of MD4
    Cryptanalysis of MD4 Hans Dobbertin German Information Security Agency P. O. Box 20 03 63 D-53133 Bonn e-maih dobbert inQskom, rhein .de Abstract. In 1990 Rivest introduced the hash function MD4. Two years later RIPEMD, a European proposal, was designed as a stronger mode of MD4. Recently wc have found an attack against two of three rounds of RIPEMD. As we shall show in the present note, the methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known. An implementation of our attack allows to find collisions for MD4 in a few seconds on a PC. An example of a collision is given demonstrating that our attack is of practical relevance. 1 Introduction Rivest [7] introduced the hash function MD4 in 1990. The MD4 algorithm is defined as an iterative application of a three-round compress function. After an unpublished attack on the first two rounds of MD4 due to Merkle and an attack against the last two rounds by den Boer and Bosselaers [2], Rivest introduced the strengthened version MD5 [8]. The most important difference to MD4 is the adding of a fourth round. On the other hand the stronger mode RIPEMD [1] of MD4 was designed as a European proposal in 1992. The compress function of RIPEMD consists of two parallel lines of a modified version of the MD4 compress function. In [4] we have shown that if the first or the last round of its compress function is omitted, then RIPEMD is not collision-free.
    [Show full text]
  • Efficient Collision Attack Frameworks for RIPEMD-160
    Efficient Collision Attack Frameworks for RIPEMD-160 Fukang Liu1;6, Christoph Dobraunig2;3, Florian Mendel4, Takanori Isobe5;6, Gaoli Wang1?, and Zhenfu Cao1? 1 Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, China [email protected],fglwang,[email protected] 2 Graz University of Technology, Austria 3 Radboud University, Nijmegen, The Netherlands [email protected] 4 Infineon Technologies AG, Germany [email protected] 5 National Institute of Information and Communications Technology, Japan 6 University of Hyogo, Japan [email protected] Abstract. RIPEMD-160 is an ISO/IEC standard and has been applied to gen- erate the Bitcoin address with SHA-256. Due to the complex dual-stream struc- ture, the first collision attack on reduced RIPEMD-160 presented by Liu, Mendel and Wang at Asiacrypt 2017 only reaches 30 steps, having a time complexity of 270. Apart from that, several semi-free-start collision attacks have been published for reduced RIPEMD-160 with the start-from-the-middle method. Inspired from such start-from-the middle structures, we propose two novel efficient collision at- tack frameworks for reduced RIPEMD-160 by making full use of the weakness of its message expansion. Those two frameworks are called dense-left-and-sparse- right (DLSR) framework and sparse-left-and-dense-right (SLDR) framework. As it turns out, the DLSR framework is more efficient than SLDR framework since one more step can be fully controlled, though with extra 232 memory complexi- ty. To construct the best differential characteristics for the DLSR framework, we carefully build the linearized part of the characteristics and then solve the cor- responding nonlinear part using a guess-and-determine approach.
    [Show full text]
  • Extending NIST's CAVP Testing of Cryptographic Hash Function
    Extending NIST’s CAVP Testing of Cryptographic Hash Function Implementations Nicky Mouha and Christopher Celi National Institute of Standards and Technology, Gaithersburg, MD, USA [email protected],[email protected] Abstract. This paper describes a vulnerability in Apple’s CoreCrypto library, which affects 11 out of the 12 implemented hash functions: every implemented hash function except MD2 (Message Digest 2), as well as several higher-level operations such as the Hash-based Message Authen- tication Code (HMAC) and the Ed25519 signature scheme. The vulnera- bility is present in each of Apple’s CoreCrypto libraries that are currently validated under FIPS 140-2 (Federal Information Processing Standard). For inputs of about 232 bytes (4 GiB) or more, the implementations do not produce the correct output, but instead enter into an infinite loop. The vulnerability shows a limitation in the Cryptographic Algorithm Validation Program (CAVP) of the National Institute of Standards and Technology (NIST), which currently does not perform tests on hash func- tions for inputs larger than 65 535 bits. To overcome this limitation of NIST’s CAVP, we introduce a new test type called the Large Data Test (LDT). The LDT detects vulnerabilities similar to that in CoreCrypto in implementations submitted for validation under FIPS 140-2. Keywords: CVE-2019-8741, FIPS, CAVP, ACVP, Apple, CoreCrypto, hash function, vulnerability. 1 Introduction The security of cryptography in practice relies not only on the resistance of the algorithms against cryptanalytical attacks, but also on the correctness and robustness of their implementations. Software implementations are vulnerable to software faults, also known as bugs.
    [Show full text]
  • Computational Security and the Economics of Password Hacking
    COMPUTATIONAL SECURITY AND THE ECONOMICS OF PASSWORD HACKING Abstract Given the recent rise of cloud computing at cheap prices and the increase in cheap parallel computing options, brute force attacks against stolen password databases are a new option for attackers who may not have enough computing power on their own. We take a survey of the current availability and cost of cloud computing as it relates to the idea of computational security in the context of breaking password databases. Rather than look at just the increase in computing power available per computer, we look at how computing as a service is raising the barrier for password protections being computationally secure. We look at the set of key stretching functions meant to defeat brute force password attacks with the current cheapest cloud computing service in order to determine what amount of money and effort an attacker would need to compromise a password database. Michael Phox Zachary Sherin Adin Schmahmann Augusta Niles Context In password-based network security systems, there is a general architecture whereby the password is sent from the user device to a service server, which then hashes the password some number of times using a random oracle before storing the password in a database. Authentication is completed by following the same process and checking if the hashed password is correct. If the password is in the database, access permission is granted (See Figure 1). Figure 1 Password-based Security However, the security system above has been shown to have significant vulnerability depending on the method of password encryption. In contrast to informationally secure (intercepting a ciphertext does not yield any more information to change the probability of any plaintext message.
    [Show full text]
  • A (Second) Preimage Attack on the GOST Hash Function
    A (Second) Preimage Attack on the GOST Hash Function Florian Mendel, Norbert Pramstaller, and Christian Rechberger Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010 Graz, Austria [email protected] Abstract. In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iter- ated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a check- sum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2225 compression function evaluations and a memory requirement of about 238 bytes. First, we show how to construct a pseudo-preimage for the compression function of GOST based on its structural properties. Second, this pseudo- preimage attack on the compression function is extended to a (second) preimage attack on the GOST hash function. The extension is possible by combining a multicollision attack and a meet-in-the-middle attack on the checksum. Keywords: cryptanalysis, hash functions, preimage attack 1 Introduction A cryptographic hash function H maps a message M of arbitrary length to a fixed-length hash value h. A cryptographic hash function has to fulfill the following security requirements: – Collision resistance: it is practically infeasible to find two messages M and M ∗, with M ∗ 6= M, such that H(M) = H(M ∗).
    [Show full text]