DOCSLIB.ORG

How to Use Encrypted Itunes Backups for SMS History Without the 1 Device Or Jailbreaking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How to Use Encrypted Itunes Backups for SMS History Without the 1 Device Or Jailbreaking How to Use Encrypted iTunes Backups for SMS History without the 1 Device or Jailbreaking July 2013 20 How to Use Encrypted iTunes Backups for SMS History without the Device or Jailbreaking Gouthum Karadi, CISSP,CEH, MBA A client comes to our firm to find out whether an intern took unauthorized photos of confidential talking points in order to warn the competition. Though the suspect had a private iPhone, he backed it up to a corporate system. We use the backup to correlate unauthorized activity with corporate policy. Virtual Nexus, LLC 331 Hidalgo Place Davis, CA 95616 !1 Virtual Nexus, LLC TABLE OF CONTENTS WHAT YOU WILL LEARN ..................................................................4 WHAT YOU NEED TO KNOW ..............................................................4 THE CASE ...................................................................................5 Given ...............................................................................................................................................5 Goal ..................................................................................................................................................5 EXECUTIVE SUMMARY .....................................................................6 ITUNES BACKUP CONTENTS .....................................................................................................6 ICLOUD BACKUPS ........................................................................................................................7 BACKUP FORMAT ...........................................................................8 GO TO SYSTEM FOLDERS ........................................................................................................9 MOBILESYNC BACKUP FOLDER ...........................................................................................10 KEY PLIST FILES .........................................................................................................................11 ENCRYPTED BACKUPS ...................................................................13 ITUNES BACKUP DECRYPTION .........................................................15 PASSWORD HASH LOCATION ..................................................................................................15 IPHONE-DATAPROTECTION TOOLS .....................................................................................17 PREREQUISITE STEPS ............................................................................................................17 STEPS FOR INSTALLING SOGETI TOOLS .............................................................................18 IPHONE BACKUP DECRYPT ...................................................................................................18 ITUNES BACKUP HIERARCHY ...............................................................................................19 SMS SQLITE DATABASE ...........................................................................................................20 COMMERCIAL TOOLS .............................................................................................................22 CAVEATS ...................................................................................23 RECOVERING ERASED FILES ................................................................................................25 OPEN SOURCE .........................................................................................................................25 TARGET DISK MODE ...............................................................................................................25 COMMERCIAL ..........................................................................................................................26 SUMMARY ..................................................................................28 BIBLIOGRAPHY ............................................................................28 ON THE WEB ..............................................................................28 !2 How to Use Encrypted iTunes Backups for SMS History without the 3 Device or Jailbreaking TABLES TABLE 1 ITUNES BACKUP CONTENTS ..............................................................................................................6 TABLE 2 ITUNES BACKUP LOCATIONS .............................................................................................................8 TABLE 3 BACKUP .PLIST FILES ........................................................................................................................12 FIGURES FIGURE 1 GO TO FOLDER MENU .......................................................................................................................9 FIGURE 2 <COMMAND + SHIFT + G> DIALOG BOX .........................................................................................9 FIGURE 3 MOBILESYNC FOLDER ....................................................................................................................10 FIGURE 4 PLIST FILES IN BACKUP FOLDERS ....................................................................................................11 FIGURE 5 ENCRYPTED BACKUP FILE CONTENTS .............................................................................................13 FIGURE 6 UNKNOWN FILE ................................................................................................................................... ..........................................................................................................FIGURE 7 SAME FILE IN HEX FIEND 14 FIGURE 9 KEYCHAIN ACCESS .........................................................................................................................17 FIGURE 10 ITUNES BACKUP HIERARCHY ASSEMBLED ...................................................................................19 FIGURE 11 SMS.DB FOLDER ...........................................................................................................................20 FIGURE 12 SMS.DB MESSAGES TABLE ............................................................................................................20 FIGURE 13 SMS ATTACHMENTS FOLDER .......................................................................................................21 FIGURE 14 SMS.DB ATTACHMENTS TABLE .....................................................................................................21 FIGURE 15 IBACKUPBOT MESSAGES VIEW ....................................................................................................22 FIGURE 16 EMPTY TRASH SECURELY. ............................................................................................................23 FIGURE 17 ERASE DISK OPTIONS ...................................................................................................................24 FIGURE 18 TESTDISK&PHOTOREC 6.14 .........................................................................................................25 FIGURE 19 DISK DRILL ...................................................................................................................................26 FIGURE 20 DATA RECOVERY ..........................................................................................................................27 !3 Virtual Nexus, LLC WHAT YOU WILL LEARN • How to use the Apple Macintosh as an iOS Forensics platform • What iTunes 11.04 backs up from your iPhone • Where the backup is stored on • How to decrypt the backup with or without the password • How to extract and correlate files within the backups to mobile activity WHAT YOU NEED TO KNOW • How to use Apple Macintosh OS X 10.8.x • Standard source control management syntax • Basic terminal navigation and sudo • SQL database navigation • How to install and configure software from dmg, binary, or source !4 How to Use Encrypted iTunes Backups for SMS History without the 5 Device or Jailbreaking THE CASE Imagine it is late Friday afternoon at Forensics, Inc. and you get a call from ABC Corp, one of your top clients. It seems that ABC had competitor XYZ cornered and agreeing to submit to a deal before a timely lunch. Yet when talks resumed after the break, XYZ began to negotiate more fiercely. The opponent began to negotiate using not only the exact tactics that ABC prepared for, but even using the exact words in some cases. How could XYZ know what ABC was planning? Someone had to have leaked the internal talking points memorandum the morning of the negotiaton. Whether there was any legal action available at this point was moot, what was more important was that the leak get plugged. The firm called us, their trusty forensics investigators to examine what happened. We immediately reassured them that we could help investigate how a leak may have occurred. Since the time window was so narrow, and the individuals with access to the memo in question so small, this became a simple process of elimination. It seems that only one junior associate had access to the document and for a short period of time. This individual used a company provided Apple MacBook Pro, and a personal iPhone 4. Since there was no Mobile Device Management (MDM) or Mobile Security Policy in place we had only a 13” MacBook Pro as evidence with a standard Acceptable Use Policy naming it as corporate property for corporate use. We focus our investigation on this one device and discover that the employee in question backs up his phone to it religiously. All we have to do then, is to extract photo history, call log, and
Load more

Recommended publications
  • Password Cracking and Countermeasures in Computer Security: a Survey
    Password Cracking and Countermeasures in Computer Security: A Survey Aaron L.-F. Han*^ Derek F. Wong* Lidia S. Chao* * 푁퐿푃2퐶푇 Lab, University of Macau, Macau SAR ^ ILLC, University of Amsterdam, Science Park 107, 1098 XG Amsterdam [email protected] [email protected] [email protected] Abstract—With the rapid development of internet technologies, communicating entities. The peer entity authentication social networks, and other related areas, user authentication provides for the corroboration of the identity of a peer entity becomes more and more important to protect the data of the in an association for use of a connection at the establishment users. Password authentication is one of the widely used or at times during the data transfer phase, which attempts to methods to achieve authentication for legal users and defense provide confidence that an entity is not performing either a against intruders. There have been many password cracking masquerade or an unauthorized replay of a previous methods developed during the past years, and people have connection. been designing the countermeasures against password There are usually four means of authenticating user cracking all the time. However, we find that the survey work identity based on: something the individual knows (e.g. on the password cracking research has not been done very password, PIN, answers to prearranged questions), much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password something the individual possesses (token, e.g. smartcard, cracking, and the countermeasures against password cracking electronic keycard, physical key), something the individual is that are usually designed at two stages including the password (static biometrics, e.g.
    [Show full text]
  • Password Cracker Tutorial
    Password cracker tutorial In cryptanalysis and computer security, password cracking is the process of recovering passwords[1] from data that has been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.[2] The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby system administrators check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file's permissions are restricted. Time needed for password searches The time to crack a password is related to bit strength (see password strength), which is a measure of the password's entropy, and the details of how the password is stored. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. One example is brute-force cracking, in which a computer tries every possible key or password until it succeeds. With multiple processors, this time can be optimized through searching from the last possible group of symbols and the beginning at the same time, with other processors being placed to search through a designated selection of possible passwords.[3] More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc.
    [Show full text]
  • Volume 4, Issue 4 (II): October – December 2017
    Volume 4, Issue 4 (II) ISSN 2394 - 7780 October – December 2017 International Journal of Advance and Innovative Research (Conference Special) Indian Academicians and Researchers Association www.iaraedu.com National Conference On The Advance Computer Science & Information Technologies (NCACSIT-2017) Sponsored By Savitribai Phule Pune University Under Quality Improvement Program Organized By Department of Computer Science, P.�E . S O C I E T Y ’ S Modern College of Arts, Science & Commerce, Pune On 29th & 30th December 2017 in Association with Indian Academicians & Researchers Association Progrssive Education Society’s MODERN COLLEGE OF ARTS, SCIENCE AND COMMERCE Ganeshkhind, Pune -411 016 Best College Award from Savitribai Phule Pune University Accredited by NAAC with ‘A’ grade DST-FIST sponsored college STAR College Scheme sponsored by DBT Chief Patron Prof. Dr. Gajanan R. Ekbote Chairman, Business Council, Progressive Education Society, Pune Scientific Advisory Committee Dr. P. S. Hiremath, Professor and Chairman Dr. Hemant Patil, Professor Department of PG Studies and Research in Dhirubhai Ambani Institute of Information and Computer Science, Gulbarga University, Communication Technology (DA-IICT), Karnataka. Gandhinagar, Gujarat. Dr. Manojkumar Deshpande, Professor, Dr. Dinesh Jain, Professor Associate Dean & Head of Department, Department of Information Technology , Symbiosis University of Applied Sciences Acropolis Institute of Technology & Research, (SUAS), Indore. Indore. Dr. Maya Ingle, Professor Dr. H. S. Fadewar, Assistant Professor School of Computer Science & Information School of Computational Sciences, S.R.T.M. Technology, Devi Ahilya Vishwavidyalaya, Nanded. Indore. Dr. G.V. Chowdhary, Director & Professor Dr. Vishal Goar, Assistant Professor School of Computational Sciences S.R.T.M. Government Engineering College, Nanded. Bikaner Dr. Ashok Narayan Patil, Principal Dr.
    [Show full text]
  • The Busy Lawyer's Guide to Legal Technology, with Wellness
    The Busy Lawyer’s Guide to Legal Technology, with Wellness featuring Barron K. Henley Friday, December 13, 2019 presented by The South Carolina Bar Continuing Legal Education Division http://www.scbar.org/CLE SC Supreme Court Commission on CLE Course No. 197138 The Busy Lawyer’s Guide to Legal Technology, with Wellness featuring Barron K. Henley Friday, December 13, 2019 This program qualifies for 6.0 MCLE Credit Hours, including up to 1.0 LEPR Credit Hour and 1.0 SA/MH Credit Hour. SC Supreme Commission on CLE Course #: 197138 8:30 a.m. Registration & Continental Breakfast 8:55 a.m. Welcome and Opening Remarks 9 a.m. A Lawyer's Guide to PDF Files 10 a.m. Ethical Legal Tech Security Measures Every Lawyer Must Take 11 a.m. Break 11:15 a.m. Microsoft Word Power Tips for Legal Users 12:15 p.m. Lunch (provided) Sponsored by the South Carolina Bar - Solo & Small Firm Section 1 p.m. Champagne Technology on a Beer Budget 2 p.m. 60 Legal Tech Tips, Tricks, Gadgets and Websites in 60 Minutes 3 p.m. Break 3:15 p.m. Stress and Anxiety and the Practice of Law Shannon Furr Bobertz, Esq. S.C. Department of Natural Resources – Columbia 4:15 p.m. Adjourn The Busy Lawyer’s Guide to Legal Technology, with Wellness Speakers Barron K. Henley, Esq. Affinity Consulting Group Columbus, OH BARRON K. HENLEY, ESQ. is one of the founding partners of Affinity Consulting Group, a legal technology consulting firm focused on automating and streamlining law firms and legal departments.
    [Show full text]
  • Use Style: Paper Title
    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/268978314 Password Cracking and Countermeasures in Computer Security: A Survey Technical Report · December 2014 DOI: 10.13140/2.1.2652.8329 CITATIONS READS 9 7,868 3 authors, including: Lifeng Han Derek F. Wong Dublin City University University of Macau 58 PUBLICATIONS 247 CITATIONS 172 PUBLICATIONS 1,457 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: Chit-Chat View project Machine Translation Evaluation View project All content following this page was uploaded by Lifeng Han on 10 December 2014. The user has requested enhancement of the downloaded file. arXiv:1411.7803v1 [cs.CR] Password Cracking and Countermeasures in Computer Security: A Survey Aaron L.-F. Han*^ Derek F. Wong* Lidia S. Chao* * 푁퐿푃2퐶푇 Lab, University of Macau, Macau SAR ^ ILLC, University of Amsterdam, Science Park 107, 1098 XG Amsterdam [email protected] [email protected] [email protected] Abstract—With the rapid development of internet technologies, communicating entities. The peer entity authentication social networks, and other related areas, user authentication provides for the corroboration of the identity of a peer entity becomes more and more important to protect the data of the in an association for use of a connection at the establishment users. Password authentication is one of the widely used or at times during the data transfer phase, which attempts to methods to achieve authentication for legal users and defense provide confidence that an entity is not performing either a against intruders.
    [Show full text]
  • The Hacking Bible
    THE HACKING BIBLE: The Dark secrets of the hacking world: How you can become a Hacking Monster, Undetected and in the best way By Kevin James © Copyright 2015 by WE CANT BE BEAT LLC Table of Contents CHAPTER 1: INTRODUCTION What Hacking is all About The History of hacking Best Hackers of All Time CHAPTER 2: HOW TO BECOME A HACKER A Hackers Style General Hacking Skills Why Do People Hack? CHAPTER 3: TYPES OF HACKING Website Hacking Ethical Hacking Network Hacking Email Hacking Password Hacking Computer Hacking Online Banking Hacking CHAPTER 4: HACKING AND NON-HACKING Hackers and the Law How do Hackers Affect Our Lives How to Know if You’re Hacked How to protect Yourself From Hacking CHAPTER 5: ADVANTAGES AND DISADVANTAGES OF BEING A HACKER CHAPTER 6: HACKING TO CHANGE THE WORLD POSITIVELY An Anonym Hacker Who Could Save the World (based on real case) CHAPTER 7: HACKING TIPS AND TRICKS CONCLUSION Hack Ethically CHAPTER 1: INTRODUCTION What Hacking is all About WWW, and that’s how a new world begins… It’s World Wide Web, a world that is created by humans and where in the 21st century, the century of technology most of the people are more present in the World Wide Web living their lives there and quitting the real life due to the advantages that World Wide Web is offering them almost for free. Technology is a science of an ensemble of methods, processes and operations that are used in order to obtain a product or a result and as Francis Bacon says, knowledge is already power and technology is knowledge so technology is the biggest power of
    [Show full text]
  • A Survey of Possible Attacks on Text & Graphical Password Authentication
    International Journal of Scientific Research in _______________________________ Survey Paper . Computer Science and Engineering Vol.6, Special Issue.1, pp.77-80, January (2018) E-ISSN: 2320-7639 A survey of Possible Attacks on Text & Graphical Password Authentication Techniques Sanjay E. Pate Bhojaraj H. Barhate Department of Computer Science, Department of Computer Science Nanasaheb Y.N.Chavan Arts,Science & Commerce Bhusawal Arts, Science & P.O.Nahata Commerce College, College,Chalisgaon, Dist.Jalgaon Bhusawal Abstract- The process of verifying a user's identity is typically referred to as user authentication. Information Security and Authentication is now a key issue in the world. Gradually end users of Internet improved. General uses of the Internet are searching, e-mail, social networking, e-banking, e-governance, etc. User Authentication is the process of determining whether the user should be authorized to access information or not. Alphanumeric or text passwords are mostly used mechanism for authentication. But these are susceptible to a dictionary, brute force and guessing attacks. Resolution is to use Graphical Password, is more secure, reliable technique for authentication. Graphical passwords allow users to remember pictures/images instead of text which helps them to remember the passwords easily. But these are also vulnerable to the dictionary, brute force and guessing attacks. In this paper, Text-based password and graphical password techniques for Authentication are just discussed, and possible attacks on them are summarized. KEYWORDS: Phishing, bots, OCR, PIN uses who you are? Single, measurable characteristic of an Introduction: individual (e.g., Iris, fingerprint) [15,5]. Passwords are the way used most frequently for Among the three techniques, the knowledge-based technique authenticating computer users, but this method has often is widely used for authentication because it is well known to shown insufficient in preventing unauthorized access to all areas of users and easy to implement.
    [Show full text]
  • How to Efficiently & Safely Work from Home in the Face of COVID-19
    How to Efficiently & Safely Work from Home in the Face of COVID-19 Paul J. Unger, Esq. [email protected] It is Saturday, January 11, 2019. I suddenly wake up to my iPhone alarm at 4 am, after weathering my first full week back to work following New Years. For several seconds I have no idea where I am. The surroundings do not feel familiar. I usually don’t wake up until at least 6 am, and I am often disoriented when I awaken in various cities. I now recall. I am in St. John’s, Newfoundland, and I need to catch an early flight back to Columbus! I quickly get my head together, jump in the shower, pack the last of my clothes and toiletries, put my laptop and iPad in my backpack, and rush to my Uber app only to remember that Newfoundland does not yet have Uber. I called the front desk and asked them to call for a Taxi. As I wait outside, it is a bitter 20 degrees, icy, with 6 inches of snow on the ground. I jump in the taxi and head to the airport. I can’t remember exactly where I was that day when I heard that China reported the first coronavirus death, but I was in one of the airports. I remember thinking that this sounds like another outbreak of SARS. Admittedly, I wasn’t terribly concerned, but I recall washing my hands extra-long throughout the long day of travel, and paid special attention to not touching by eyes, nose or mouth, a practice that I have grown accustomed to traveling 150-250 days a year.
    [Show full text]
  • Advances of Password Cracking and Countermeasures in Computer Security
    Advances of Password Cracking and Countermeasures in Computer Security Aaron L.-F. Han*^ Derek F. Wong* Lidia S. Chao* *NLP2CT Lab, University of Macau, Macau SAR ^ILLC, University of Amsterdam, Science Park 107, 1098 XG Amsterdam [email protected] [email protected] [email protected] Abstract—With the rapid development of internet technologies, communicating entities. The peer entity authentication social networks, and other related areas, user authentication provides for the corroboration of the identity of a peer entity becomes more and more important to protect the data of the in an association for use of a connection at the establishment users. Password authentication is one of the widely used or at times during the data transfer phase, which attempts to methods to achieve authentication for legal users and defense provide confidence that an entity is not performing either a against intruders. There have been many password cracking masquerade or an unauthorized replay of a previous methods developed during the past years, and people have been connection. designing the countermeasures against password cracking all There are usually four means of authenticating user the time. However, we find that the survey work on the identity based on: something the individual knows (e.g. password cracking research has not been done very much. This password, PIN, answers to prearranged questions), something paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the the individual possesses (token, e.g. smartcard, electronic countermeasures against password cracking that are usually keycard, physical key), something the individual is (static designed at two stages including the password design stage (e.g.
    [Show full text]
  • Brains Over Brawn: Intelligent Password Recovery
    CyberMaryland October 11-12 2017 Baltimore, MD Brains over Brawn: Intelligent Password Recovery Sean Segreti Security Consultant – KoreLogic whoami ● Security consultant – penetration tester ● Fortune 500 and government clients ● Spoken at USENIX and BSides conferences ● Graduate of UMD & CMU in ECE 2 whoami DEFCON - Crack Me If You Can Password Cracking Contest DARPA Cyber Fast Track: PathWell KoreLogic Password Recovery Service 3 Why Talk about Passwords? 4 How we compromise systems ● 0-day, new unpublished exploits. < 2 % ● Web Application flaws ~ 10% ● Malware/Phishing ~ 13% ● Guessing/cracking credentials ~ 75% 5 How Useful is Intelligent Cracking? ● We performed a pro bono project ~1 year ago for a law firm ● Needed help cracking a password-protected PDF file ● The law firm used a commercial cracking tool for 81 days unsuccessfully ● We cracked it in 30 minutes on one machine Effective guessing strategies are crucial 6 Agenda ● A brief history of password cracking ● Cracking in 2017 ● What blue teams can do 7 A Brief History 8 A Brief History ● The first computer password – 1961 9 A Brief History ● The first computer password – 1961 ● MIT’s Compatible Time-Sharing System (CTSS) 10 A Brief History ● The first computer password – 1961 ● MIT’s Compatible Time-Sharing System (CTSS) ● First password breach – 1962 11 A Brief History ● The first computer password – 1961 ● MIT’s Compatible Time-Sharing System (CTSS) ● First password breach – 1962 ● Software bug in CTSS reveals password store Alan Scherr 12 A Brief History ● The first computer
    [Show full text]
  • Screenshot Showcase Texstar
    VVoolulummee 116635 SeOptcetmobbeerr,, 22002200 How Secure HAPPY Are YOUR Passwords? HALLOWEEN Short Topix: Linux Servers, Workstations Hackers' Next Target ms_meme's Nook: I Made Linux Shine Inkscape 1.0 New Features: Part 3 Repo Review: XnConvert Comet: Blazing A SciFi Trail Across The Sky PCLinuxOS Family Member Spotlight - Gerrit Draisma Setting Up A Local Repo Mirror And Keeping It Up-To-Date Tame Your Gmail Beast And More Inside.... PCLinuxOS Magazine Page 1 In This Issue... 3 From The Chief Editor's Desk... 4 Good Words, Good Deeds, Good News The PCLinuxOS name, logo and colors are the trademark of 6 Screenshot Showcase Texstar. 7 Setting Up A Local Mirror And Keeping It Up-To-Date The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published 13 PCLinuxOS Recipe Corner: One-Pot Cheesy Lasagne Soup primarily for members of the PCLinuxOS community. The magazine staff is comprised of volunteers from the 14 ms_meme's Nook: I Made Linux Shine PCLinuxOS community. 15 Screenshot Showcase Visit us online at http://www.pclosmag.com 16 Short Topix: Linux Servers, Workstations Hackers' Next Target This release was made possible by the following volunteers: 19 Screenshot Showcase Chief Editor: Paul Arnote (parnote) Assistant Editor: Meemaw 20 How Secure Are YOUR Passwords? Artwork: ms_meme, Meemaw Magazine Layout: Paul Arnote, Meemaw, ms_meme 24 Inkscape 1.0 New Features: Part 3 HTML Layout: YouCanToo 25 Screenshot Showcase Staff: ms_meme Cg_Boy Meemaw YouCanToo 26 Tame Your Gmail Beast Gary L. Ratliff, Sr. Pete Kelly Daniel Meiß-Wilhelm Smileeb 29 PCLinuxOS Family Member Spotlight: Gerrit Draisma daiashi Alessandro Ebersol 31 Screenshot Showcase Contributors: 32 Repo Review: XnConvert Alfredo Vogel 33 PCLinuxOS Recipe Corner Bonus: Artichoke And Sun-Dried Tomato Pasta 34 ms_meme's Nook: PCLOS Jubilee The PCLinuxOS Magazine is released under the Creative Commons Attribution-NonCommercial-Share-Alike 3.0 Unported license.
    [Show full text]
  • The Art & Science of Encryption Technology
    Art & Science of Encryption T e c h n o l o g y | 1 The Art & Science of Encryption Technology Table of Content 1) The Basics of Encryption. 2) The “Four Pillars” of Cryptography: Authentication, Confidentiality, Integrity, and Non- repudiation. 3) Symmetric Cryptosystems - Data Encryption Standard (DES) DES has five modes of operations: Electronic Codebook (ECB) mode Cipher Block Chaining (CBC) mode Cipher Feedback (CFB) mode, Output Output Feedback (OFB) mode Counter (CTR) mode Other Symmetric Methodologies; Triple DES (3DES), IDEA, Blowfish, Skipjack AES, and RC5 4) Asymmetric Cryptosystems - RSA, One-Pad System or Vernam Cipher, Running Key Cipher, Vigenere System, Digital Signature Algorithm (DSA), Elliptic Curve, El Gamal, Diffie-Hellman 5) Enigma Machine, Purple Machine, and Lorenz Tele-printer. 6) Wireless Encryption Algorithms – WEP, WPA, WPA2, SSL, TLS 7) Hash Functions and Message Digest - SHA, MD2, MD4, MD5 and HMAC 8) Public Key Infrastructure (PKI) 9) X.509 Standard 10) Cracking & Hacking code: Software, Frequency Analysis, Statistics, Finding Patterns and Identifying Weaknesses. Appendix A: Encryption Web Sites and Links Art & Science of Encryption T e c h n o l o g y | 2 Foreword & Overview Encryption is just as much an art as it is a science because people have been hiding messages in one form or another for thousands of years. Moreover, it also involves a bit of math and some insight into how people think in order to decrypt some messages. If you’re ever in Ft Mead Maryland stop by the “National Cryptologic Museum”; it’s next to the NSA Headquarters. The museum holds a treasure of artifacts, from devices and techniques to some of the people who made history in their development.
    [Show full text]