RC4 one of the great ciphers of all times in my opinion (though I don’t recommend that you use it now cause it’s broken) what makes it interesting that it’s really easy and it’s really really fast in software .. it’s developed by Ron Rivest ..

**RC4 Specs :**

RC4 cipher consists of two parts:

1. The Key Scheduling Algorithm (KSA).

2. The Pseudo Random (Byte) Generation Algorithm (PRGA).

The State of RC4 is 256-byte array they always denoted by **S** but maybe it’s different in some other implementations .. this array contains a permutation of the elements from 0 to 256 .. it takes key size up to 2048 bits

and you can see a hint of how this is working on reality .. you can develop this on any programming language you want

Note : All additions done modulo 256

**KSA:**

** for(**i=0; i<256; i++) S[i] := i; // initialize the array

j := 0

** for(**i=0; i<256; i++){

j := (j + S[i] + key[i mod keylength]) mod 256;

swap(S[i], S[j]);

}

**PRGA:**

i := 0; j := 0;

** do{**

i := (i + 1) mod 256;

j := (j + S[i]) mod 256;

swap(S[i], S[j]);

K := S[(S[i] + S[j]) mod 256];

output K;

** } **** while(required);**

RC4 was not designed to take an IV as input … but because RC4 can accept a large key size in practice people concatenate the secret key with some random values

There are many applications and protocols that runs RC4 like (SSL optionally, SSH optionally, Microsoft Point-to-Point Encryption) but the most important protocol is WEB .. and once again i’m telling you please don’t you ever use this algorithm in your application and in fact don’t use this protocol too !

**Some Vulnribility of WEB Protocol:**

-Short IV length and some time week IVs

– Clear Text IV as part of the key : 24 bits of every key in cleartext ! can you imagine this !!

———–

I hope at the end of this post you got a glance of how RC4 work ..

]]>

I think we all (I mean people who are interested in Infosec) know what happened with WikiLeaks and Vault7 So I don’t have to tell you, otherwise for those of you who don’t know what happened long story short Wikileaks leaked CIA documents, methods and important files that is really classified .. so my goal today is to explain somethings that I think it’s already has bean explained a lot but let me just explain it one more time.. privacy is one of the great things that we have in life and we really have to protect it, But sadly people don’t do an efforts to protect it and you could see this more easily in social media when people share almost everything in their entire life from 7 O’clock in the morning till they sleep at night, They share every single detail of their daily life including their problems! Don’t they think this is a stupid thing to do because there are many companies who lives on your information, they collect information about you to analysis it and build a profile about you and they sell it to highest bidder! For the sake of this argument, let assume that you don’t share your information on public social media like Twitter or Facebook for example but you share your entire life on snapchat capture every single corner in your house!! why you do that? ..Haven’t you ever once suspicious that Snapchat doesn’t delete your photos or videos! believe it or not they know you better than you know yourself! So why you store your life in companies databases, You know why because you forget but they don’t forget all of your shameful moments that apparently will be public as soon as this company get hacked and most hackers publish the data to the whole world and guess what your information will be with this stream of data ! But also let’ assume that you don’t share your information on social media, still you have to communicate with your friends so you will have to use some messaging services which share your data with 3rd party companies and you accept that without full knowledge since you haven’t read privacy policy. and then you will go with some commercial apps that you don’t know anything about, what I write above is some examples of some situations that we see everyday and I can go all night long with these situations but the moral of the story is you have to change your online habits you have to be careful about what you are using and what information you provide to these companies, the wikileaks documents are very important to follow because they cover what the intelligence agencies are doing and what methods they use to hijack and store out information, and these documents will give you the latest applications and services that we should stop using because it effect our privacy ..**So, what’s your decision .. Maintaining your Privacy or Maintaining your Stupidity?**

Okay so lets get something out of the way first .. key size is a factor among many others to make an encryption scheme secure .. so using large key size will give you a better security but it will not prevent attacking your scheme .. okay to start this let me demonstrate with an example, let suppose we have 3 elements {1,2,3} and we want to arrange them in every possible way, so it will be like this

{1 -> 2 -> 3} , {1 -> 3 -> 2} , { 2 -> 1 -> 3} , {2 -> 3 -> 1} , { 3 -> 1 -> 2 } , { 3 -> 2 ->1 } .. as you can see 3 elements produced 6 different possibilities “3! factorial” .. but in computers we tend to use binary as a way to represent data and binary system consist only with (0,1) so if we want to represent 4 bits {0,0,1,1} it will be represented like this **2 ^{4}** and this will produce 24 different possibilities so I think you know got the idea the more permutations you use the more possibilities you have .. some old encryption schemes used small key sizes like “DES” used key size of 56-bit length and this is considered easy to brake by brute force with modern hardware .. but on the other hand modern encryption schemes uses large key sizes starting from 128-bit and this is considered good to use, 2

Most of the people now a days don’t think about this property anymore and this is shocking.. and this is not just the normal people or the tech people there is some people who call them self security professionals they are ignoring this property and they think “Encryption” is what matters !!

but let me explain in this post briefly why this is important :

let say that me (Ahmad) I want to send a message to my friend Bob and let say that message is (Hello) I will be very upset if my message delivered to Bob as (Hi) I know it’s funny but this is a real situation.. And the reason is that Encryption algorithms by nature don’t check for authenticity of the message they only check if the message is applicable to be decrypted by this specific algorithm So this is when this property “Integrity” become very useful to check if the message is encrypted and delivered to the recipient as it is without any single change .. let me define this more formally :

IF the sender Encrypt message **m** ∈ M and he send it to the receiver but this message got intercepted by a third party in the middle and this party encrypt another message **m ^{‘}** ∈ M that he want to deliver to the original receiver .. the receiver now will decrypt

I know maybe this was confusing for you so let me give you an example to make it more clear :

Example (XOR-Malleability of the one-time pad). For the one-time pad encryption, the adversary can replace the transmitted ciphertext c by an arbitrary ciphertext **c ^{‘}** . Assume that c = m ⊕ κ and |c| = |

I suggest that you read this article first if you don’t know what is PRNGs

The Idea behind PRNGs is to provide some random values that is hard to predict but as I mentioned earlier that computers are deterministic machines and so difficult to get new real random data .. In this case we need some Algorithm to give us real random data .. but most of these algorithms have an ‘Internal State’ to seed the generator and every time this internal state should be updated to ensure that the next round will give different data. and in practice this is very easy to do you can use some hash function to do that …

**Attacks :**

There is a straightforward method for it and that is simply require the attacker to reconstruct the internal state from the output of the function .. personally I think this is a classic attack and you can’t guarantee the output every time .. but maybe the attacker can succeed if there is any flow in the implementation but this is a story for another day for now lets assume that the system is really good “smiley face”…

Issue number 2: lets assume that the computer is just got booted so this mean that the computer has no enough entropy to take seed from .. so you will end up with predicted values.

Issue number 3 : lets assume that you managed to feed the pool with different event like mouse movement or any type of events .. you will still have small number of entropy and the attacker simply can put many requests to construct the internal state ..

So the best defense against these problem is to have huge number of entropy so you can mix it and feed it to the internal state and you make the attacker guess let say over 2** ^{128}** .. but this is just a theoretical solution making estimate of the number of entropy is kinda difficult .. but at least you got the idea .. you have to consider a large number of entropy and you have to consider it in the implementation phase.

Anyway I think you got the idea that achieving true randomness is really hard and if you messed it up your whole system will fall apart.

]]>Finally I had time to update Crypto Ghost and Honestly I’m really happy with this update… And in this post I’m going to explain the latest development .. So what’s new ?

First of All I added new Feature and that is “Removing Images Metadata” So what is Images metadata ?

With every image you take there are some information stored simultaneously with it .. and this information considered dangerous for those who care about privacy .. for example the image could contain some GPS coordinates !! and there is more but if you are interested you can read about it here .. bottom line is use Crypto Ghost to remove it from your Photos “How simple is that”.

Second Feature is removing Cache after every process .. and this is good to wipe any information that Crypto Ghost may leave after any process .. and this is good to prevent offline attacks..

Yes one more thing .. I fixed some programming bugs ..

Happy Encrypting.

]]>

1- **Logjam attack against the TLS protocol**

2- **Threats from state-level adversaries**

now every major browsers don’t support 512-bit prime though they still support 1024-bit that the NSA trying to break , The problem is most of the people who implemented Diffie Hellman they implemented a common prime number that appear to be safe to use as long as you generate different private key for, But the case now is different because NSA trying to break the prime number and the best way to do this is by Sieve algorithm the most efficient classical algorithm known for factoring integers and of course this will take a lot of computational power and money to deploy but I think NSA will pay this amount of money to collect users information for their massive surveillance program, but what concerns me that bunch of VPN users and HTTPS website still using the algorithms which make them vulnerable against the attack and when NSA will do this and break the algorithm this will make even the american companies in danger.

And you know that most of the applications online uses the Diffie Hellman Algorithm and some hackers could decrypt the results it’s not the matter of a week algorithm but sadly most of the people who deploy the algorithm don’t care about the factors they just implement with no prior knowledge of the risks or what the criteria of how the algorithm works so bottom line is always try to read the specification don’t just trust the vendor or the website by the name of the algorithm

Okay I’m going to explain how Diffie Hellman Algorithm works briefly, Diffie Hellman is a key exchange protocol to share a secret key without the need of two parties to meet in person, note here that Diffie Hellman is not an encryption scheme it’s just way to exchange the key then we take the key and put it in one of the encryption algorithms let say AES or Blowfish.

let say that we have to people (Alice,BoB) who never met in person and they want to share some secret key** k** without putting the key in the traffic:

1- First they have to choose a multiplicative group of integers modulo **p**, where p is prime, and **g** is a primitive root modulo p, this **P** and **G** will be publicly know for the attacker and for the whole world.

2- Alice have to choose a secret key **a, **This key should remain secret so no one should know about it, Then she have to compute it like this **g ^{a}**

3- BoB also will do the same thing will choose a secret key **b,** and he should also keep it a secret and he will compute it like this **g ^{b}**

4- Now Alice will send her results **(A)** to Bob and Bob will compute the following **A ^{b}**

Just a small note this is just a brief description of how Diffie Hellman works (you have to read the full spesification to understand it in a perfect way) but please don’t implement it by your self, and I have to say that Diffie Hellman it self dosn’t guarantee authenticity and it’s vulnerable against **man-in-the-middle-attacks**

Okay now you understand how Diffie Hellman works in a brief way, So how can I be safe from this, If you have a server that runs Diffie Hellman you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group. or switch to Diffie Hellman over Elliptic Curve

If you are Interested in the topic I suggest that you read the following paper :

– https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

]]>I highly advice you to take a look at the previous post titled : “Hash Functions in Cryptography and How They Operate” . If you already know what hash functions are just keep reading this post .. MD5 is a hash function that take arbitrary length of input and produce a 128-bit output it was designed in 1991 by Ron Rivest [1] md5 was believed to be collision resistant for many years but unfortunately this is gone now .. MD5 is really week against collision attacks in fact you can now find collisions in under a minute on normal PC, and if you want some easy tools to crack MD5 can search on google and you will find many websites that will preform some searching on rainbow tables (this is some tables that has many strings and their correspond digest for it to get the digest easily ) .. but the attacks against MD5 are collision attacks, not pre-image attacks. This means an attacker can produce two files with the same hash, if he has control over both of them. But he can’t match the hash of an existing file he didn’t influence.

but recent cryptanalysis beginning with Wang and Yu [2] have shown that it is actually possible to find collisions for the full MD5 using much fewer than 2^64 MD5 computations, There is one last concern that I have to worn you about .. don’t use salted MD5 to store passwords ever ( I saw many people do that) and simply because MD5 is so fast if there is an adversary who can guess billions of candidate passwords per second he will absolutely get your salted password !! .

I Just want to write about MD5 cause there are many people still using it and I’m strongly advice them to stop doing that.

[1] : https://en.wikipedia.org/wiki/MD5

[2] : http://www.infosec.sdu.edu.cn/uploadfile/papers/How%20to%20Break%20MD5%20and%20Other%20Hash%20Functions.pdf

Hash Functions are special kind of functions that take arbitrary length of input and generate a short fixed values, in other words mapping long input string to a short output string and sometimes called a *digest * for example if you put a string of letters like “Hello” it will generate specific output, in other words you can say that for every input there is an output that mapped to it ! .

So the questions now is : where could we use Hash Functions ?

Hash Functions are playing big role in cryptography and the typical use of hash functions is digital signatures, Given a message **M** you could sign it with the hash function like **h(M)** and the output will be unique for every message as a signature (we will talk about this issue later on). However you could sign the message with a public-key operations but it will be expensive . and most importantly hash functions doesn’t require a key to operate in other words the function will take one parameter and that is the message it self.

Typical output sizes are 128-1024-bits, There might be a limit on the input size, but let say for the sake of this argument that hash functions could take an arbitrary length as input.

Hash Functions are one way function, Given a message **M** is easier to compute the hash for it, but giving out the hash you could not recompute the message back, **h(m) = x**, giving **m** you could compute **x**, giving **x** you can’t compute **m** back.

**Probabilities of good Hash Functions :**

There are many properties to describe a good hash function but I’ll talk about some of them :

1- First property is the hash function should be fast, when you give it an input you should compute the hash quickly in a reasonable time, but not very quick because that will make it easy to break, but if it was so slow no one will bother to use it.

2- The function should go through the whole file bit by bit and then generate the hash and if there is any bit or byte filliped in the middle or in any place in the file the hash should be completely different it’s something called the Avalanche Effect if you are interested in the subject I suggest to look it up.

3- There is an important requirement for a hash function and that is to be *Collision Resistance, *A collision means that two message M_{1}, M_{2 }mapped to the same output, h(M_{1}) = h(M2), of course for every function has it’s own collisions but even though they exist it shouldn’t be found, and the typical attack for hash functions is something called the birthday paradox, Collision Resistance is really important property we should talk about it in a separate post to dive in details . if you have two messages that mapped to the same output this will not be good because it will make anyone to forge the message, for example if I download a file from the internet I should have hash to verify that this is really what I download but what if an attacker can get a virus and manipulate it to generate the same hash of the good file so we will have two files having the same hash, in this case we will think that we have the chosen file but in fact we only got the virus.

**Real hash functions : **

There are many hash functions out there but few of them can qualify a good hash functions At the moment , so pretty much you’re stuck with the existing algorithms like the SHA family : SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, you could use other algorithms also but my advice to you if the project was for your understanding use what ever you like, but if the project was something really important try to stick with the standard, just one quick note please don’t use MD5 !!! .. using MD5 is really bad choice it has so many attacks on it and collisions and even there is a lookup table for it and you can crack it by simply using Google..

I hope this post gave you a quick understanding of how Hash Functions works.

** **

Crypto Ghost is a File encryption application that run on Android platform, it’s only job is protecting your files from unauthorized access by encrypting your files , Crypto Ghost is using modern cryptography ( There is a paper published based on this project) and you can check the specifications of this application and how it’s operate in the official website, Crypto Ghost uses AES Algorithm in GCM mode with 256-bit key size ,Crypto Ghost is a free software no ads and no Internet connectivity required to run the app, The Encryption and Decryption process will run locally in the app without a help of a server Crypto Ghost provide a simple Interface so even non-technical people can use it.

App website : www.cryptoghost.com

App Documentation : cryptoghost.com/eng/documentation.html

App Paper : https://cryptoghost.com/eng/crypto_ghost_paper.pdf

Download from Google Play :

https://play.google.com/store/apps/details?id=net.almorabea.cryptoghost

Twitter: crypto_ghost

]]>