Hak5

Hosted by Darren Kitchen and Shannon Morse. New episodes Tuesdays.

Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a... Read More

Encryption 101

Tuesday, May 29th, 2012 – running time 42:04

More episodes:

Download this episode:

  • MP4
  • Theora
  • WebM

Encryption 101 begins with understanding the terminology and mechanisms. This week, we're breaking down encryption in the context of SSH, from symmetric and asymmetric to block and stream ciphers.

Encryption and Decryption

  • Encryption converts plaintext into ciphertext, decryption vise versa


Plaintext aka Cleartext

  • Unencrypted, human readable text of any nature (sensitive, non-sensitive)


Ciphertext

  • The encrypted result of a cipher employed on plaintext


Cipher

  • Algorithm for encryption or decryption


Algorithm

  • step-by-step procedure for calculations


Asymmetric Encryption Algorithm

  • algorithms using two separate keys, one for encryption and one for decryption
  • Often called public/private keys, or public key encryption
  • What we use to establish authentication and authorization in SSH
    • Key Fingerprint in Known_Hosts authenticates the server
    • id_rsa and id_rsa.pub authorizes the user


SSH Key Architecture

  • User key: Persistent asymmetric key used by client to prove user identity
    • Typically the id_rsa and id_rsa.pub or id_dsa and id_dsa.pub key pairs
  • Host key: Persistent asymmetric key used by server to prove server identity
    • Typically the server's key fingerprint stored in known_hosts file
  • Server key: Temporary asymmetric key used only in SSH-1 protocols to regenerate the session key providing "perfect forward secrecy" (ensures that session isn't compromised if either public or private key are compromised)
  • Session key: Temporary (per session) set of symmetric keys used for encryption of communications between SSH client and server. One key for client-to-server, one for server-to-client, and integrity check keys. Securely created on session initiation and destroyed at session termination.


Symmetric-Key Algorithm

  • Algorithms using identical crypto keys for both encryption and decryption. This represents a shared secret and used with either stream ciphers or block ciphers.


Shared Secret

  • Data only known by private parties, typically password, passphrase, big random number
  • Exchanged at session initiation using a key-agreement protocol
  • SSH symmetric keys are exchanged using the Diffie-Hellman key agreement algorithm
  • Without asymmetric encryption, key exchange algorithms are susceptible to MITM
  • Secrets shared before communication (out-of-band) are called pre-shared keys or PSK


Stream Ciphers

  • A symmetric key cipher where plaintext bits combine one at a time with a keystream to produce ciphertext. Lower CPU requirements but susceptible to some attacks. Used in algorithms like RC4.


Block Ciphers

  • Block Ciphers employ encryption on blocks of plaintext, padding as necessary, rather than each bit at a time. This requires more CPU power but is less susceptible to attack. AES typically employs 128bit blocks.


Algorithms Used by SSH-2

  • Public keys (User and Host keys) can be RSA or DSA
  • Hash functions (Used to create the Host key fingerprint) can be SHA-1 or MD5
  • Symmetric keys can be 3DES, Blowfish, Twofish, CAST-128, IDEA or ARCFOUR
  • Compression is handled by zlib (you may know it from gzip)


RC4 (aka ARC4 or ARCFOUR)

  • Designed by Ron Rivest of RSA in 1987 -- Rivest Cipher 4
  • Popular due to speed and simplicity
  • Initially a trade secret (closed source)
    • In 1994 the source code was anonymously leaked to the Cypherpunks mailinglist
    • Leaked code was confirmed genuine and thus RC4 lost its trade secret status
    • RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4
    • Remains the most widely used stream cipher, employed in WEP and SSL
/


Weak Keys

  • Symmetric keys are typically combined with an Initialization Vector (random number)
  • Weak IVs allow for use of known-plaintext attacks, widely used in breaking WEP

Known Plaintext Attack

  • Attacker uses samples of both plaintext and ciphertext to reveal secret keys


Chosen Plaintext Attack

  • Attacker chooses samples of plaintext which are encrypted and ciphertext analyzed


Differential Cryptanalysis

  • Studying differences of plaintext effecting ciphertext to discover non-random behavior

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let's not forget to mention that you can follow us on Twitter and Facebook. Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Connect with Hak5

  • 20 days ago

    Hackers!! Our new episode of Hak5 will be posting soon! It's jam packed with epic interviews this week, so stay tuned!

    View Post

  • 20 days ago

    @michael_a_nass Are you enjoying the awesomeness that is Hack Across America?

    View Post

  • 20 days ago

    @jardinesoftware Thanks for the bump! The Throwing Star LAN Tap Pro is one of my favorite tools (though, I prefer soldering mine! :) -@snubs

    View Post

  • about a month ago

    Employers want social media passwords, US gets a #CPO, and #TheOnion! All that and more this time on #ThreatWire! http://t.co/SrZpicvnt6

    View Post

  • about a month ago

    #Installing #Solar panels, #Google #Chrome #extensions, and more on @Hak5! http://t.co/QppYLgZpi5

    View Post

  • about a month ago

    Legalizing #Internet eavesdropping, #LivingSocial is #hacked, and more on this weeks #ThreatWire! http://t.co/xyIxzy8kes

    View Post

About the Show

Details
Show Title:
Hak5
Description:
Hak5 isn't your typical tech show. It's hacking in the old-school sense, covering everything from network security, open source and forensics to DIY modding and the homebrew scene. Damn the warranties, it's time to Trust your Technolust.
Categories:
How-To & DIY, Technology & Gadgets
Launch Date:
Sep 7, 2008
Episodes:
335
Episode Credits
Shannon Morse (Host)
Darren Kitchen (Host)