Cryptography: Other common applications of cryptography.

Cryptography is the technical science that studies the creation and deciphering of codes . The study of the objective laws of cipher changes and its application to compiling ciphers to keep communication secrets is called coding; the application of deciphering ciphers to obtain communication information is called cryptography, collectively called cryptography.

Diffie-Hellman key exchange:

Diffie-Hellman (DH) key exchange is a secure protocol that negotiates a symmetric key over an insecure channel without any prior mutual knowledge between the two parties. The algorithm was jointly proposed by Bailey Whitfield Diffie and Martin Edward Hellman in 1976, and its security in cryptography is based on the incomprehensibility of discrete logarithms.

The process of the DH key exchange algorithm is as follows: Assume that Alice and Bob communicate secretly and need to negotiate a key. First, both parties choose a prime number p and a generator g of the multiplicative group modulo p, which can be sent over an insecure channel. For example, choose p=37, g=2. Alice chooses a secret integer a, calculates A=g^a mod p, and sends it to Bob. For example, choose a=7, then A=2^7 mod 37 = 17. Bob chooses a secret integer b, calculates B=g^b mod p, and sends it to Alice. For example, choose b=13, then B= 2^13 mod = 15. At this point Alice and Bob can jointly derive the key:

K=A^b mod p= B^a mod p = g^ab mod p

If there is an intermediary who can intercept all the information but cannot modify it, then since the intermediary only knows 4, B, g, P but not a and b, the key negotiated by both parties cannot be obtained unless logg A is calculated Or logg B, the method and difficulty of calculating discrete logarithms have already been mentioned.

If the middleman can not only intercept the information, but also modify the information, then the DH key exchange process can be attacked.

The man-in-the-middle attack process of DH is as follows: the man-in-the-middle Eve obtains p and g, such as p=37, g=2, and now Alice is about to send A to Bob. At this time, Eve intercepts A, chooses a random number e1, and chooses Set e=6, then E=2^6 mod 37 = 27.

When Bob sends B to Alice, Eve repeats the above steps and selects random number e2, Alice. For example, if e2=8 is selected, then E2=2^8 mod 37 = 34.

At this point, the key calculated by Alice is:

And the key calculated by Bob is:

At this time, Eve can know A, B, e1, e2, and can naturally calculate k1 and k2. When Alice sends an encrypted message to Bob, Eve intercepts the message, decrypts it with k1 to get the plaintext, then encrypts the plaintext with k2, and forwards it to Bob. At this time, Bob can use k2 to decrypt the message normally, that is, he does not know that there is a problem in the process of key exchange. Similarly, when Bob sends a message to Alice, Eve can control the entire conversation.

Hash length extension attack:

A hash function (hash function) is a method of mapping arbitrary bits of information to a message digest of the same bit size. Excellent Hash function is irreversible and strong anti-collision, so it is often used for message authentication. Since the algorithm of the Hash function is public, it is very unsafe to use the Hash function alone, and the attacker can build a large amount of data—the hash value database to carry out dictionary attacks. In order to avoid this situation, a Hash function in the form of H (key l message) is generally selected, that is, a fixed key is attached before the message and then the hash operation is performed. However, if the MD (Merkle-Damgard) type Hash algorithm (such as MD5, SHA1, etc.) is used, and the length of the Key is known and the message is controllable, it is vulnerable to Hash length extension attacks.

Hash encryption and decryption: hash encryption | hash encryption | hash decryption | hash decryption

MD5 encryption and decryption: MD5 online encryption/decryption/crack—MD5 online

SHA1 encryption and decryption: sha1 online decryption online encryption

The characteristic of the MD-type Hash algorithm is that all messages will be filled with 1 01 and several 00 bytes after calculation, until the number of bases equals 512x+448, plus the message length of 64 bits. In addition, the Hash algorithm in the form of MD is calculated in groups, and the intermediate value obtained in each group will become the initial vector of the next group. It is not difficult to see that if we know an intermediate value and the current length, we can append other messages and padding bytes, and then use the intermediate value to "continue to calculate" to obtain the final Hash value. Hash length extension attack is based on this method.

When using this attack method, we don't care about the specific content of the original hashed message, but only care about the length of the original message, that is, the length of the keylmessage in practical applications. Since the message is often a value controllable by the user, as long as the length of the server key is known, the attack can be successfully implemented. Since the key is generally not too long, brute force attempts are also feasible.

Currently, Hashpump, a complete tool for Hash length extension attacks, is an open source software: GitHub - bwall/HashPump: A tool to exploit the hash length extension attack in various hashing algorithms

Shamir Threshold Scheme:

The Shamir threshold scheme is a secret sharing scheme proposed by Shamir and Blackly in 1970. This scheme is based on the Lagrangian interpolation method, and utilizes the property that k-degree polynomials only need k equations to solve all the coefficients, and develops that the secret is divided into n parts, as long as there are k parts (k ≤ n) that is An algorithm that can solve the secret.

Assuming that k copies are needed to solve the secret message m, select K-1 random numbers a1, ..., an, and a large prime number p (p > m), and list the following modulo p polynomials:

Randomly select n integers x, and substitute them into the above formula to obtain n numbers (x1, f(x1)), (x2, f(x2)), ....., (xn, f(xn)), which is Shared n shares of secret information.

When recovering the secret message, only k (xi, f(xi)) pairs are needed, and the above equations are combined, and the secret message m can be obtained by using Lagrangian interpolation method or matrix multiplication.

The Shamir threshold implementation commonly used in CTF and engineering is the SecretSharing library: Shamir39 - Mnemonic Code Splitter

Learning Books: From 0 to 1: CTFer Growth Road...