Cryptography with python(part 2)

Ahmet Göker
6 min readJun 10, 2022

--

Hey folks,

welcome back to my blogpost. Today we will be practising and understanding “cryptanalysis” which will be a great blog for ethical hackers. I will be covering about:

  1. Brute force attack
  2. social engineering
  3. Side-Channel Attacks
  4. Analytical Attacks
  5. Frequency Analysis

If you are thrilled, Lets kick off. Please do not forget to share,subscribe,like my blogs for more awesome hacking stuffs.

Configuring Your First Cryptographic Library

Before get started we ought to implement cryptographic library to do our job properly. We will be using Python language to understand of cryptography by using our code that is encapsulated in defined methods.

Why is this library useful ? because it includes both a high-level set of recipes and a low-level set of interfaces that will help many cryptographic algorithms such as message digest, symmetric ciphers, and key derivation functions.

You just need to type in your terminal;

pip3 install cryptography

Understanding Cryptanalysis

When we study this concept, we will be restoring an encrypted message back to normal plaintext human readably. Cryptanalysis is a critical aspect of cryptography as it helps ensure that current cryptography schemes are secure.

To make more fun, we are going to use python to make our messages being secured. Lets get started with “Brute force”

Brute-Force Attacks

Most ethical hackers have used this method to decyrpt the ciphertext by using every possible key to being able to attempt to unauthorized systems. When your password is less than 5–6 characters a brute force attack can be successful in a matter of minutes. In fact, if the keys are around 2²², we are able to write a python script to crack the password utitizing brute force.

  1. A key space/message space of 2⁶⁴ is enough for a couple hours of security. Of course your CPU(control processing unit) does play a role to brute force any ciphertext
  2. A key space/message space of 2¹²⁸ is enough for several decades of prequantum security.
  3. A key space/message space of 2²⁵⁶ is enough for several decades of postquantum security.

For sake of practising, i am going to illustrate a short python script. This scenario is based on input four-digit PIN of yours.

Side-Channel Attacks

A side-Channel attack is perfomed when the attacker has awareness of the physical implementation of the code to leak information. These attacks pose a serious threat to modules that integrate cryptographic systems, as many side-channel analysis techniques have proven successful in breaking an algorithmically robust cryptographic operation (for example, encryption) and extracting the secret key

Social Engineering

Social engineering is a nontechnical attack that is often quite succesful. This attack can be done by people who have never been in IT/security, such social engineering attacks will be done by phishing,smashing, shoulder surfing, and more.

Analytical Attacks

When we hear this term this attack is being used in cryptography thus in this attack against the underlying encryption scheme to find weakness that can be exploited.

Frequency Analysis

Frequency analysis will be a critical aspect of our ability to break ciphers using Python. We can use this frequency of common english letters such as; E,T,A, and O. To get more knowlegde of this analysis please visit this website to be informed

Attack Models

No matter what type fo encryption you choose, encryption ciphers are functions that require you to enter a message along with a secret key to produce the ciphertext. You might have heard about asymmetric and symmetric encryption ? Now let me explain the differences. In symmetric encryption, each party uses the same key. In asymmetric which makes more difficult to decrypt it, this encryption, one party uses a public key while the other uses a private key. I have used “Message space” term in my blog which means that is being used to describe all possible messages that might have produced a specific ciphertext.

In the case of hash function there is no secret key. Everyone needs to be able to verify that the same string hashes to the same value. A brute-force attack on a hash(hashcat,john the ripper) requires trying every considered input, while a brute force decyrption requires trying every possible key.

Ciphertext Only(COA): is used when the attack has only access to the ciphertexts however, the malicious does not prior access to plaintext.

Known-Plaintext (KPA): this will be fun for the advisory because he has gotten acces to plaintext and encrypted ciphertext as well.

Chosen-CipherText(CCA): this is an attack used where the cryptanalysis is able to gather information by obtaining the decryptions of chosen ciphertexts.

One-Time Pad

Perfect secrecy is the concept that give a ciphertext(an encrypted message) from a cipher of perfectly secure encryption system. In other word, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.

XOR, AND, and OR

Computer-engineering/computer science students should be attempted in discrete mathematics thus they have been some confidential about this concept. The bitwise operators work on bits and perfoms bit-by-bit operations

I will share a screenshort about this operators

https://www.pinterest.com/pin/622411610995380722/

Lets practise a bit with Python programming.

the bin() function in Python can be used to convert our given integers 50 and 13 to their binary format.

We will be able to convert plaintext into an integer and reverse that with help of XOR. I am going to illustrate a python script to make it meaningful about encoding the encode method being used on the string.

Here you will be redirected to an awsome site whereby you can improve your Python skills.

https://www.programiz.com/python-programming/methods/string/encode

Lets use our knowledge what we have read about XOR encryption. In this technique you will be able to encrypt your plaintext to an encrypted value and retrieve it only with a secret password.

We are going to import binascii library

Oke I think that will be enough for now. We have covered a lot of concepts that it makes fun of learning cryptography. We might have been able to use much more functions and libraries but for sake of simplicity I am stopping here.

If you did like this blog and if you are requesting for “Cryptography with python(part3 )” please then not forget to like,share,subscribe my channel which makes me get motivated :)

Many thanks for reading this blog.

Ahmet Göker | Malware researcher | Exploit researcher | Hacker | Cryptanalyst beginner lol:)

You can follow me on social media:

Linkedin: https://www.linkedin.com/in/ahmetg%C3%B6ker/

Youtuber: https://youtube.com/TurkishHoodie

Twitter: https://twitter.com/TurkishHoodie_

--

--