Cryptography:
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption. There are variations of ciphers from classical simple cyphers (e.g., ceasar) to very complex modern cyphers (ie, Private Key, Public Key). In a CTF, individuals need to identify the cipher type then use tools and techniques to attempt to decode the messages. This page will focus on a summary cryptography concepts and examples of classical ciphers. See the additional links below for more information Steganography and Modern Ciphers.
Key Concepts Summary:
- Cryptography – techniques for secure communication
- Plain Text – Unencrypted message
- Cipher Text – Encrypted message
- Algorithm – Encryption Formula
- Key – Used with algorithm to encrypt and decrypt
- Cipher – an algorithm for performing encryption or decryption
- Classical Cipher – simple algorithms that can be computed by hand (pre-modern automation; low security)
- Substitution Cipher – plaintext is replaced with ciphertext in a defined manner using a key
- Transposition Cipher – ciphertext constitutes a permutation of the plaintext.
- Modern Cipher – heavily math based, complex key management, and computer intense (high security)
- Symmetric Cipher – Uses the same key for encrypt and decrypt
- Asymmetric Cipher (Public Key Encryption) – Based on key pairs (public key & private key) used secure data transfer to help ensure confidentiality and integrity.
- Private Key– Known only by the owner and used to decrypt received messages.
- Public Key – Known by everyone and and used to encrypt outgoing messages.
- Public Key Infrastructure (PKI) – used to create, manage, distribute, and revoke digital certificates and manage public-key encryption
- Digital Certificates – electronic document used to prove the ownership of a public key.
- Asymmetric cipher examples (e.g., RSA , Diffie–Hellman, DSS (Digital Signature Standard), Digital Signature Algorithm, ElGamal, etc.)
- Other Concepts:
- XOR – Exclusive OR
- Hash – one-way encryption algorithm used on a message of any length to produce a fixed length hash number (aka checksum) which is used to verify the data integrity of message.
- Salt – random data added to hashed data, passwords or passphrases to safeguard passwords in plain text storage.
Cipher Categories (High Level):
Substitution Cipher Examples:
A substitution cipher is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key.
- Caesar Cipher – Shift Cipher
- A1Z26 – Replace Letters with Numbers
- Vigenere Cipher (requires a key)
- Atbash Cipher (simple)
- Vernan (One-time Pad)
- ROT13 – Shift Cipher
- Polyalphabetic Ciphers
- Polygrammic Ciphers
Transposition Cipher Example
Positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
- Rail Fence Cipher (ZigZag)
- Route Cipher
- Column Cipher
Private Key Ciphers (block and stream)
- Block ciphers – symmetric key cipher that encrypts data in predetermined block sizes (e.g., 128, 192, or 256 bits). Cipher examples include DES, IDEA, RC5, AES, and Blowfish. Less susceptible to manipulation without detection.
- Stream ciphers – symmetric key cipher that encrypt bits one by one. Used for their speed, simplicity of implementation in hardware, and where plaintext comes in quantities of unknowable length (e.g., secure WiFi, etc).
Symmetric vs Public Key (Asymmetric)
- Symmetric-key algorithms – use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext (shared key exposure).
- Public Key (aka asymmetric) encryption – uses pairs of keys: shared public keys and private keys (known only be the owner) that are generated by one-way mathematical formulas. Encrypt messages being sent with public key ; decrypt messages received with private key.
More info on: Modern Cryptography
Public / Private key: (see link)
Steganography
Concealing a message, image, or file within another message, image, or file (see link)
References:
- Youtube: Capture the Flag Cryptography (6:33) – covers railfence, vignere, RSA
- PicoCTF Learning Guide: Cryptography: How to Protect Your Data (17 pages)
- Cryptography Lesson #1 – Block Ciphers (Youtube 4:16 mins)
- Cryptography Lesson #2 – Adversaries and Games (Youtube 08:00 mins)
- Asymmetric encryption – Simply explained ( Youtube 4:40)
- Decode.Fr – Multiple Crypto Decoder