Logo
latest

Preparation

  • Build a local testlab

Notes on techniques

  • Introduction
    • What?
    • Why?
    • How?
  • Classical ciphers
    • Caesar cipher
    • The Vigenère cipher
    • Breaking ciphers
    • One-Time Pad
    • Vernam cipher
    • RootMe challenges
    • Security
    • Resources
  • Brute force
    • Types of attacks
    • Physical attack
    • Remediation
    • Resources
  • Attack models
    • Black-box models
      • Ciphertext-only
      • Known-plaintext
      • Chosen-plaintext
      • Oracles
      • Chosen ciphertext
    • Gray-box models
      • Side-channel (non-invasive)
      • Possiblilities
      • Fault (semi-invasive)
      • Physical tampering (invasive)
    • Resources
  • Security goals
    • Indistinguishability (IND)
    • Non-malleability (NM)
    • Semantic security (IND-CPA)
    • Asymmetric encryption
    • Resources
  • Block ciphers
    • Security goals
    • Codebook attack
    • Slide attack and round keys
    • Substitution–Permutation networks
    • Security
    • Resources
  • AES busting
    • AES modes
      • Pros and cons
    • ECB
    • CBC
      • Bit-flipping attack
      • Padding oracle attack
    • CTR
    • RootMe challenges
    • Security
    • Resources
  • Down streams
    • Linear Feedback Shift Registers
    • RootMe challenges
    • Security
    • Resources
  • Hacking hashes
    • Security goals
    • Finding collisions
      • Naive birthday attack
      • The Rho method
    • Cracking hashes
    • Windows passwords
    • Linux password hashes
    • RootMe challenges
    • Security
    • Resources
  • RSA puzzling
    • Key generation
    • Trapdoor function
    • Elementary attacks
      • Common modulus
      • Blinding
    • Low private exponent
      • Wiener’s attack
      • Boneh-Durfee attack
    • Low public exponent
      • Coppersmith
      • Håstad’s broadcast attack
      • Franklin-Reiter related message attack
      • Coppersmith’s short pad attack
      • Partial key exposure attack
    • Implementation attacks
      • Timing attacks
      • Random faults
    • RootMe challenges
    • Resources
  • Diffie-Hellman
    • What can possibly go wrong?
  • Elliptic curve balls
    • Elliptic curves
    • ECC keys
    • ECC algorithms
    • ECDH
    • ECDSA
    • What can possibly go wrong?
    • Breaking ECDH using another curve
    • ECDSA with bad randomness
    • RootMe challenges

Coding classical ciphers

  • Introduction
    • What?
    • Why?
    • How?
  • Caesar's cipher
  • Vigenere's cipher
  • Columnar transposition cipher
  • Rail fence transposition cipher

Coding modern ciphers

  • Introduction
    • What?
    • Why?
    • How?
  • AES: A symmetric block cipher
  • LFSR: Linear feedback shift registers
  • RSA: An asymmetric key exchange

Classical cipher breaking

  • Introduction
    • What?
    • Why?
    • How?
  • Mono-alphabetic substitution: Caesar
    • Resources
  • Poly-alphabetic substitution: Vigenère
    • Solution
  • Transposition: Rail Fence
    • Transposition
    • Columnar
    • Rail fence cipher
    • RootMe challenge
      • Solution
  • Mono-alphabetic substitution: Polybe
    • Solution
  • GEDEFU
    • Resources
  • Enigma machine
    • Enigma
    • Resources
  • Poly-alphabetic substitution: One Time Pad

AES busting

  • Introduction
    • What?
    • Why?
    • How?
  • CBC Bit-flipping attack
  • AES Electronic code book
  • Initialisation vector
  • AES 4 rounds
  • AES128 Counter mode attack
  • AES Fault attack #1
    • Differential Fault attacks
    • Resources
  • CBC padding attack
  • Side channel AES: CPA
  • Side channel AES: first round
    • Resources
  • AES Weaker variant
  • AES Fault attack #2
  • AES PMAC forgery attack
    • Resources

Down streams

  • Introduction
    • What?
    • Why?
    • How?
  • LFSR - Known plaintext

Hash hacking

  • Introduction
    • What?
    • Why?
    • How?
  • DCC Hash
  • DCC2 Hash
  • LM Hash
  • Message Digest 5
  • NT Hash
  • SHA-2 Hash
  • CISCO Salted Password
    • Resources
  • Hash length extension attack
    • Resources
  • SHA-3 Hash

RSA puzzling

  • Introduction
    • What?
    • Why?
    • How?
  • RSA Factorisation
    • Resources
  • RSA Decipher oracle
    • Resources
  • RSA Corrupted key: Private exponent
    • Resources
  • RSA Continued fractions
    • Resources
  • RSA Common modulus
    • Resources
  • RSA Padding
    • Resources
  • RSA Signature
    • Resources
  • RSA Corrupted key 2
    • Resources
  • RSA Corrupted key 3
    • Resources
  • RSA Multiple recipients
    • Resources
  • RSA Lee cooper

Data dares

  • Introduction
    • What?
    • Why?
    • How?
  • ELF64 PID encryption
    • ELF
    • Solution
  • Protected PKZIP file
    • PKZIP
    • Solution
    • Resources
  • Known plaintext XOR
    • Solution
  • File: Insecure storage Mozilla Firefox 14
    • Solution
  • Android lock pattern
    • Android lock pattern
    • Solution

Diffie-Hellman

  • Introduction
    • What?
    • Why?
    • How?

Elliptic curve balls

  • Introduction
    • What?
    • Why?
    • How?
  • Discrete logarithm problem
  • ECDHE
    • Resources
  • ECDSA: Conventional attack
    • Elliptic curve digital signature algorithm
    • Resources
  • ECDSA: Implementation error
    • Resources
Beyond the readable
  • Beyond the readable
  • Red Team
  • Improbability Blog
  • About
  • Register

ECDHE

RootMe Challenge: Diffie-Hellman key exchange on elliptic curves: Decrypt the captured network exchange between the client and the server (source code provided).

Resources

  • Pohlig-Hellman Applied in Elliptic Curve Cryptography - Sommerseth and Hoeiland

  • The Insecurity of The Elliptic Curve Digital Signature Algorithm with Partially Known Nonces - Nguyen, Shparlinski

  • Attacking the Elliptic Curve Discrete Logarithm Problem - Matthew Musson

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds