Category Archives: Crypto

RC4 Algorithm

This post is a special request from someone who is interested in this topic .. normally I don’t do easy  ciphers because there are many references on the internet, writing about it will be redundant .. anyway  today i’m going to briefly explain it hope that someone will get some benefit from it “finger crossed”  … so here we start :

RC4 one of the great ciphers of all times in my opinion (though I don’t recommend that you use it now cause it’s broken) what makes it interesting that it’s really easy and it’s really really  fast in software .. it’s developed by Ron Rivest ..

RC4 Specs :

RC4 cipher consists of two parts:

1. The Key Scheduling Algorithm (KSA).

2. The Pseudo Random (Byte) Generation Algorithm (PRGA).

The State of RC4 is 256-byte array they always denoted  by S but maybe it’s different in some other implementations .. this array contains a permutation of the elements from 0 to 256 .. it takes key size up to 2048 bits

and you can see a hint of how this is working on reality .. you can develop this on any programming language you want

Note : All additions done modulo 256

KSA:
       for(i=0; i<256; i++) S[i] := i; // initialize the array
j := 0
      for(i=0; i<256; i++){
j := (j + S[i] + key[i mod keylength]) mod 256;
swap(S[i], S[j]);

}

PRGA:
i := 0; j := 0;
              do{
i := (i + 1) mod 256;
j := (j + S[i]) mod 256;
swap(S[i], S[j]);
K := S[(S[i] + S[j]) mod 256];
output K;
                  }   while(required);

RC4 was not designed to take an IV as input … but because RC4 can accept a large key size in practice people concatenate  the secret key with some random values

There are many applications and protocols that runs RC4 like (SSL optionally, SSH optionally, Microsoft Point-to-Point Encryption) but the most important protocol is WEB .. and once again i’m telling you please don’t you ever use this algorithm in your application and in fact don’t use this protocol too !

Some Vulnribility of WEB Protocol:

-Short IV length and some time week IVs

– Clear Text IV as part of the key : 24 bits of every key in cleartext ! can you imagine this !!

———–

I hope at the end of this post you got a glance of how RC4 work ..

 

large key space in encryption schemes

Hi Guys .. today I will try my best to explain why we need to use larger key space in our encryption schemes ..

Okay so lets get something out of the way first .. key size is a factor among many others to make an encryption scheme secure .. so using large key size will give you a better security but it will not prevent attacking your scheme .. okay to start this let me demonstrate with an example, let suppose we have 3 elements {1,2,3} and we want to arrange them in every possible way, so it will be like this

{1 -> 2 -> 3} , {1 -> 3 -> 2} , { 2 -> 1 -> 3} , {2 -> 3 -> 1} ,  { 3 -> 1 -> 2 } , { 3 -> 2 ->1 }  .. as you can see 3 elements produced 6 different possibilities   “3! factorial” .. but in computers we tend to use binary as a way to represent data and binary system consist only with (0,1)  so if we want to represent 4 bits {0,0,1,1} it will be represented like this  24  and this will produce 24 different possibilities so I think you know got the idea the more permutations you use the more possibilities you have .. some old encryption schemes used small key sizes like “DES” used key size of 56-bit length and this is considered easy to brake by brute force with modern hardware .. but on the other hand modern encryption schemes uses large key sizes starting from 128-bit and this is considered good to use, 2128 = 340282366920938463463374607431768211456 possible keys of 128 bits, that’s a lot and trying all of them will take millions of years.. I know what you think right now! because we are using modern encryption with large keys why we are vulnerable against attacks ? you ready to hear the answer ? it’s because there is a human factor and humans are lazy and will prefer short passwords .. Any decent password cracking software will first try all possible very short passwords less or equal to 6 characters and then it will try meaningful words and if the user is lazy enough his password will be decrypted in a matter of  seconds.

Power of “Integrity” property in Cryptography

Today’s post is about property in Cryptography called “Integrity” and It’s simply something that guarantee that what you send is what the intended  recipient received.. And you know what’s weird ?

Most of the people now a days don’t think about this property anymore and this is shocking.. and this is not just the  normal people or the tech people there is some people who call them self security professionals they are ignoring this property and they think “Encryption” is what matters !!

but let me explain in this post briefly why this is important :

let say that me (Ahmad) I want to send a message to my friend Bob and let say that message is (Hello) I will be very upset  if my message delivered to Bob as (Hi) I know it’s funny but this is a real situation.. And the reason is that Encryption algorithms by nature don’t check for authenticity of the message they only check if the message is applicable to be decrypted by this specific algorithm So this is when this property “Integrity” become very useful to check if the message is encrypted and delivered to the recipient as it is without any single change .. let me define this more formally :

IF the sender Encrypt message m ∈ M and he send it to the receiver but this message got intercepted by a third party in the middle and this party encrypt another message m ∈ M  that he want to deliver to the original receiver .. the receiver now will decrypt m‘  and this is resulting c and you can notice that the receiver have no clue that he decrypted the wrong message.

I know maybe this was confusing for you so let me give you an example to make it more clear :

Example  (XOR-Malleability of the one-time pad). For the one-time pad encryption, the adversary can replace the transmitted ciphertext c by an arbitrary ciphertext c . Assume that c = m ⊕ κ and |c| = |c |, then this means that the receiver will compute m =c‘ ⊕ κ = c‘ ⊕ c ⊕ m. Hence, replacing c by c corresponds to selecting the function m → m ⊕ (c ⊕ c ).

Thoughts About PRNGs and some Attack Models

For a while now I’ve been thinking about Randomness and uniform data sets , Believe it or not it’s a really fascinating subject but in the same time really complicated .. So In this post I’m going to talk about some models of attacking it.. So lets start !

I suggest that you read this article first if you don’t know what is PRNGs

The Idea behind PRNGs is to provide some random values that is hard to predict but as I mentioned earlier that computers are deterministic machines and so difficult to get new real random data .. In this case we need some Algorithm to give us real random data .. but most of these algorithms have an ‘Internal State’ to seed the generator and every time this internal state should be updated to ensure that the next round will give different data. and in practice this is very easy to do you can use some hash function to do that …

Attacks :

There is a straightforward method for it and that is simply require the attacker to reconstruct the internal state from the output of the function .. personally I think this is a classic attack and you can’t guarantee the output every time .. but maybe the attacker can succeed if there is any flow in the implementation but this is a story for another day for now lets assume that the  system is really good “smiley face”…

Issue number 2: lets assume that the computer is just got booted so this mean that the computer has no enough entropy to take seed from .. so you will end up with predicted values.

Issue number 3 : lets assume that you managed to feed the pool with different event like mouse movement or any type of events .. you will still have small number of entropy and the attacker simply can put many requests to construct the internal state ..

So the best defense against these problem is to have huge number of entropy so you can mix it and feed it to the internal state and you make the attacker guess let say over  2128 .. but this is just a theoretical solution making estimate of the number of entropy is kinda difficult .. but at least you got the idea .. you have to consider a large number of entropy and you have to consider  it in the implementation phase.

Anyway I think you got the idea that achieving true randomness is really hard and if you messed it up your whole system will fall apart.

What is new In Crypto Ghost ?

Hello People who care about privacy  !!!

Finally I had time to update Crypto Ghost and Honestly I’m really happy with this update… And in this post I’m going to explain the latest development .. So what’s new ?

First of All I added new Feature and that is “Removing Images Metadata”  So what is Images metadata ?

With every image you take there are some information stored simultaneously with it .. and this information considered dangerous for those who care about privacy .. for example the image could contain some GPS coordinates !! and there is more but if you are interested you can read about it here .. bottom line is use Crypto Ghost to remove it from your Photos “How simple is that”.

Second Feature is removing Cache after every process .. and this is good to wipe any information that Crypto Ghost may leave after any process .. and this is good to prevent offline attacks..

Yes one more thing .. I fixed some programming bugs ..

Happy Encrypting.

 

What is Diffie Hellman Key Exchange Protocol and Does the NSA really broke the algorithm ?

There are a lot of rumors going on that NSA has attempted to break Diffie Hellman key exchange protocol.. Former NSA contractor Edward Snowden revealed in the leaked documents that NSA had already decrypted a tons of encrypted Internet traffic, and James Bamford published an article titled : “The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)” comments that NSA had a computing breakthrough, and that fit exactly as what Snowden said, In the leaked documents Snowden stated that NSA has decrypted VPN, HTTPS and SSH  traffics that specifically used the implementation of Diffie Hellman 1024-bit primes, Till now we don’t have a full details about how much they could achieved from the attack  but if they do a major threat will occure on the users cause Diffie Hellman is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS. And here is the 2 major Attacks:

1- Logjam attack against the TLS protocol

2- Threats from state-level adversaries

now every major browsers don’t support 512-bit prime though they still support 1024-bit that the NSA trying to break , The problem is most of the people who implemented Diffie Hellman they implemented a common prime number that appear to be safe to use as long as you generate different private key for, But the case now is different because NSA trying to break the prime number and the best way to do this is by Sieve algorithm the most efficient classical algorithm known for factoring integers and of course this will take a lot of computational power and money to deploy but I think NSA will pay this amount of money to collect users information for their massive surveillance program, but what concerns me that bunch of VPN users  and HTTPS website still using the algorithms which make them vulnerable against the attack and when NSA will do this and break the algorithm this will make even the american companies in danger.

And you know that most of the applications online uses the Diffie Hellman Algorithm and some hackers could decrypt the results it’s not the matter of a week algorithm but sadly most of the people who deploy the algorithm don’t care about the factors they just implement with no prior knowledge of the risks or what the criteria of how the algorithm works so bottom line is always try to read the specification don’t just trust the vendor or the website by the name of the algorithm

Okay I’m going to explain how  Diffie Hellman Algorithm works briefly, Diffie Hellman is a key exchange protocol to share a secret key without the need of two parties to meet in person, note here that Diffie Hellman is not an encryption scheme it’s just way to exchange the key then we take the key and put it in one of the  encryption algorithms let say AES or Blowfish.

let say that we have to people (Alice,BoB) who never met in person and they want to share some secret key k without putting the key in the traffic:

1- First they have to choose a multiplicative group of integers modulo p, where p is prime, and g is a primitive root modulo p, this P and G will be publicly know for the attacker and for the whole world.

2- Alice have to choose a secret key  a, This key should remain secret so no one should know about it, Then she have to compute it like this  ga mod p ,  g will be as the generator and a is the secret key that Alice choose, let say that we assign the result into the variable A  so it’s like this :  Aga mod p

3- BoB also will do the same thing will choose a secret key b,  and he should also keep it a secret and he will compute it like this gb mod p and I will assign it to the variable

4- Now Alice will send her results (A) to Bob and Bob will compute the following  Abmod p. he will put the value that he received and compute the power of his secret key  and let’s assign the results to the variable S =  Abmod p and Alice will do the same thing she will take the result of Bob (B) and she will compute the same thing  Bamod p and let denote the result by the variable S and believe it or not the result (S) of Alice BoB is the same  and now they have that same key without leaking the actual key in the traffic,

Just a small note this is just a brief description of how Diffie Hellman works (you have to read the full spesification to understand it in a perfect way) but please don’t implement it by your self, and I have to say that Diffie Hellman it self dosn’t guarantee authenticity and it’s vulnerable against man-in-the-middle-attacks

Okay now you understand how Diffie Hellman works in a brief way,  So  how can I be safe from this, If you have a server that runs Diffie Hellman you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group. or switch to Diffie Hellman over Elliptic Curve

If you are Interested in the topic I suggest that you read the following paper :

– https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

Why People Think MD5 Algorithm is badly broken !!

Today I’m going to continue our discussion on Hash Functions..but before I start are you one of the people who think MD5 is insecure without any clue what so ever just hearing from the people !! Okay so I’m going to explain why ? and hopefully after reading this post you will be able to tell why md5 is insecure.

I highly advice you to take a look at the previous post titled : “Hash Functions in Cryptography and How They Operate” . If you already know what  hash functions are just keep reading this post 😀 .. MD5 is a hash function that take arbitrary length of input and produce a 128-bit output it was designed in 1991 by Ron Rivest [1] md5 was believed to be collision resistant for many years but unfortunately this is gone now .. MD5 is really week against collision attacks in fact you can now find collisions in under a minute on normal PC, and if you want some easy tools to crack MD5 can search on google and you will find many websites that will preform some searching on rainbow tables (this is some tables that has many strings and their correspond digest for it to get the digest easily ) .. but the attacks against MD5 are collision attacks, not pre-image attacks. This means an attacker can produce two files with the same hash, if he has control over both of them. But he can’t match the hash of an existing file he didn’t influence.

but recent cryptanalysis beginning with Wang and Yu [2] have shown that it is actually possible to find collisions for the full MD5 using much fewer than 2^64 MD5 computations, There is one last concern that I have to worn you about .. don’t use salted MD5 to store passwords ever ( I saw many people do that) and simply because MD5 is so fast if there is an adversary who can guess billions of candidate passwords per second he will absolutely get your salted password !! .

I Just want to write about MD5 cause there are many people still using it and I’m strongly advice them to stop doing that.

[1] : https://en.wikipedia.org/wiki/MD5
[2] : http://www.infosec.sdu.edu.cn/uploadfile/papers/How%20to%20Break%20MD5%20and%20Other%20Hash%20Functions.pdf

Hash Functions in Cryptography and How They Operate

Today’s post about Cryptographic Hash Functions and how they role in cryptography, So to start our talk let’s define what is Hash Functions ?

Hash Functions are special kind of functions that take arbitrary length of input and generate a short fixed values, in other words mapping long input string to a short output string and sometimes called  a digest  for example if you put a string of letters like “Hello” it will generate specific output, in other words you can say that for every input there is an output that mapped to it ! .

So the questions now is : where could we use Hash Functions ?

Hash Functions are playing big role in cryptography and the typical use of hash functions is digital signatures, Given a message M you could sign it with the hash function like h(M) and the output will be unique for every message as a signature  (we will talk about this issue later on). However you could sign the message with a public-key operations but it will be expensive . and most importantly  hash functions doesn’t require a key to operate in other words the function will take one parameter and that is the message it self.

Typical output sizes are 128-1024-bits, There might be a limit on the input size, but let say for the sake of this argument that hash functions could take an arbitrary length as input.

Hash Functions are one way function, Given a message M is easier to compute the hash for it, but giving out the hash you could not  recompute the message back,  h(m) = x,  giving m you could compute x, giving x you can’t compute m back.

Probabilities of good Hash Functions :

There are many properties to describe a good hash function but I’ll talk about some of them :

1-  First property is the hash function should be fast, when you  give it an input you should  compute the hash quickly in a reasonable time, but not very quick because that will make it easy to break, but if it was so slow no one will bother to use it.

2- The function should go through  the whole file bit by bit and then generate the hash and if there is any bit or byte filliped in the middle or in any place in the file the hash should be completely different it’s something called  the Avalanche Effect if you are interested in the subject I suggest to look it up.

3- There is an important requirement for a  hash function and that is to be Collision Resistance, A collision means that two message M1, Mmapped to the same output, h(M1) = h(M2), of course for every function has it’s own collisions but even though they exist it shouldn’t be found, and the typical attack for hash functions is something called the birthday paradox, Collision Resistance is really important property we should talk about it in a separate post to dive in details . if you have two messages that mapped to the same output this will not be good because it will make anyone to forge the message, for example if I download a file from the internet I should have hash to verify that this is really what I download but what if an attacker can get a virus and manipulate it to generate the same hash of the good file so we will have two files having the same hash, in this case we will think that we have the chosen file but in fact we only got the virus.

Real hash functions : 

There are many hash functions out there but few of them can qualify a good hash functions At the moment , so pretty much you’re stuck with the existing algorithms like the SHA family : SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, you could use other algorithms also but my advice to you if the project was for your understanding use what ever you like, but if the project was something really important try to stick with the standard, just one quick note please don’t use MD5 !!! .. using MD5 is really bad choice it has so many attacks on it and collisions and even there is a lookup table for it and you can crack it by simply using Google..

 

I hope this post gave you a quick understanding of how Hash Functions works.

 

 

 

Crypto Ghost – File Encryption for Android OS

logo

Crypto Ghost is a File encryption application that run on Android platform, it’s only job is protecting your files from unauthorized access by encrypting your files , Crypto Ghost is using modern cryptography ( There is a paper published based on this project) and you can check the specifications of this application and how it’s operate in the official website, Crypto Ghost uses AES Algorithm in GCM mode with 256-bit key size ,Crypto Ghost is a free software no ads and no Internet connectivity required to run the app, The Encryption and Decryption process will run locally in the app without a help of a server Crypto Ghost provide a simple Interface so even non-technical people can use it.

App website : www.cryptoghost.com

App Documentation : cryptoghost.com/eng/documentation.html

App Paper : https://cryptoghost.com/eng/crypto_ghost_paper.pdf

Download from Google Play :

https://play.google.com/store/apps/details?id=net.almorabea.cryptoghost

Twitter: crypto_ghost

 

 

 

How Pseudo Random Number Generators Works

In any system that we develop we sometime need to generate random numbers or random values so we will use any random generator without asking if it’s really providing real randomness or not, And also when we deal with cryptography we need to use a random generator but this time we will check what if this function will generate a real randomness or not and we will examine the generated values to check that, Why we do that ?,  Because we are dealing with critical information and we really need some uniform data set to work with.

So what is Pseudo Random Number Generator ?

Pseudo Random Number Generators (PRGs/PRNGs)

A PRG is an efficient deterministic algorithm that expands a short, uniform seed into a longer pseudo random output.

And this is good whenever you have small number of true random bits, and you want to expand it and you want to have lots of “random looking” bits

Okay did you ask yourself from where we get this random values ?

generating random values it’s difficult for a computer to generate and that because computers are deterministic machines and can’t produce random values by it’s own so scientists found a way to collect random events like (mouse movements, CPU clock cycles, Hard drive heat , …) and so on.

And this data will be stored in something called the “pool” and this pool it consist of high entropy data, So when ever you want a random data you will be extracting values from the pool.

the second step will take this high entropy data and process it to yield a sequence of nearly independent and unbiased bits, the second step is necessary since high entropy data is not necessarily uniform.

I hope this post gave you a glance of how pseudo random number works and why they are important.