crypto:

Cryptography

and You

attend.osucyber.club

Announcements

• Engineering meeting this week
• Thursdays @ 7:30 PM Eastern
• See Jackson/Discord for more info�
• CSAW Quals!!!!!!!
• 2022-09-09 11:00am est to 2022-09-11 11:00am est 🤢
• One of the oldest and biggest CTFs
• We’ll meet Friday night (free food)�
• Bootcamp CTF
• https://bootcamp.osucyber.club/
• Free and up 24/7
• Get that practice in for CSAW

Background

• Problem: sensitive information needs to be moved from one place to another through a public medium
• How do we make sure no bad guys are yoinking our secrets?�
• Solution: make our data unreadable
• Just mess it up
• Spies can’t intercept your information if it’s nonsense

Thank You

Background

• Problem: sensitive information needs to be moved from one place to another through a public medium
• How do we make sure no bad guys are yoinking our secrets?�
• Solution: make our data unreadable
• Just mess it up
• Spies can’t intercept your information if it’s nonsense �
• ...ok, but now the good guys can’t read it either.
• Don’t just change the data randomly
• Process needs to be controlled and reversible
• But also only by us (trusted party)

Enter Cryptography

• What is cryptography/crypto?
• “constructing and analyzing protocols that prevent third parties or the public from reading private messages” - Wikipedia :D�
• When you use a cryptographic protocol to secure a message, that is called encryption
• The opposite is decryption�
• In computing, this protocol is an algorithm
• Tons of cryptographic algorithms
• The algorithm being used may or may not be a secret
• A good algorithm will keep an attacker out even if it’s identified

Encoding vs. Encryption

• Encoding is translating data to a different form so it can be transferred effectively
• Not meant to hide data, easily reversible
• Specific domain
• Ex: ASCII encodes letters as bytes�
• Encryption is similar to encoding (transforms the data), but is built for security
• Meant to hide data, hard to reverse
• Needs a key
• General domain
• Ex: ChaCha20 encrypts any kind of data

Important Concepts

• Key: used by algorithm to encrypt or decrypt input

​

• Symmetry: whether an algorithm uses one or two keys
• Symmetric: algorithm uses one key for both encryption and decryption
• Asymmetric: algorithm uses one key for encryption and a different key for decryption
• Hash/digest: irreversible result of an algorithm, typically used for integrity verification

Basic Crypto Algorithm: XOR Function

• Symmetric algorithm with one byte as the key
• For each byte of content: f(x, key) = x XOR key
• f(f(x, key), key) = x # XOR operation is symmetric

h e l l o w o r l d

104 101 108 108 111 119 111 114 108 100

8 5 12 12 15 23 15 18 12 4

• Weakness: small key space (one byte = 0-255)
• Operates on each byte in sequence -> “stream cipher”

f(x,96)

f(x,96)

Popular Crypto Algorithm: RSA

• Asymmetric algorithm with a private key and a public key
• Uses exponents and big numbers -> large key space�
• For each block of content:
• f(x) = x^e mod n = X # e and n are part of the exchanged public key
• g(X) = X^d = x # d is part of the private key�
• Weakness: key generation phase
• n = pq where p and q are prime numbers that are NOT shared
• If either of p or q is found, the private key can be reversed
• This needs some fancy math; see sources slide�
• Operates on blocks of data -> “block cipher”�

Yes, this is a lot. Crypto gets easier with practice

https://bootcamp.osucyber.club/

Sources

• https://en.wikipedia.org/wiki/Cryptography
• https://www.ibm.com/docs/en/i/7.2?topic=cryptography-concepts
• https://en.wikipedia.org/wiki/RSA_(cryptosystem)