Cryptography

Objectives: By the end of this topic, you will be able to…

Apply encryption and decryption techniques with available tools

Verify file integrity using hashes

Understand differences between symmetric and asymmetric encryption

Use public and private keys in a practical and secure manner

What is cryptography?

Cryptography is the discipline that studies techniques to protect information, ensuring its confidentiality, integrity, authenticity, and non-repudiation, even when transmitted over insecure channels.

Through mathematical algorithms, cryptography allows:

Encrypting data (making it unreadable to unauthorized third parties)
Verifying integrity (detecting alterations)
Authenticating identities
Digitally signing documents or messages

It is a fundamental pillar of modern cybersecurity, used in HTTPS, encrypted emails, digital signatures, cryptocurrencies, VPNs, and secure storage.

Classical cryptography (Caesar, Vigenere)

Classical methods serve as the foundation to understand substitution, transposition, and keys.

Caesar Cipher:

Each letter is replaced by another shifted a fixed number of positions
Example with shift of 3: A -> D, B -> E
Vulnerable to brute force (only 25 possibilities)

Vigenere Cipher:

Uses a keyword to define a sequence of shifts
More secure than Caesar, but vulnerable to frequency analysis on long texts
Introduces the concept of variable-length key

These methods illustrate important principles:

Confusion: making the relationship between plaintext and ciphertext difficult
Key: the element that allows encryption and decryption

Symmetric encryption (AES)

Symmetric encryption uses the same secret key to encrypt and decrypt information. It is fast and efficient for large volumes of data.

AES (Advanced Encryption Standard):

Block cipher of 128 bits
Keys of 128, 192, or 256 bits
Modern standard that replaced DES
Operates in rounds with substitutions, permutations, mixing, and key operations

Common modes of operation:

ECB (Electronic Codebook): not recommended, reveals patterns
CBC (Cipher Block Chaining): more secure, uses an initialization vector (IV)
GCM (Galois/Counter Mode): provides confidentiality and authentication

Typical uses: file encryption, secure communications (VPN, HTTPS), storage of sensitive data.

Asymmetric cryptography (RSA)

Asymmetric cryptography employs a key pair: one public (for encryption) and one private (for decryption). Based on hard mathematical problems like factoring large integers.

RSA (Rivest-Shamir-Adleman):

Widely used asymmetric algorithm
Security based on the difficulty of factoring large prime numbers
Enables encryption, decryption, and digital signing

Basic operation:

Key pair generation: public (e, n) and private (d, n)
Encrypt: C = M^e mod n
Decrypt: M = C^d mod n

Characteristics: slower than symmetric algorithms, not used for large files directly but to encrypt symmetric keys (as in TLS).

Common uses: establishing secure connections (SSL/TLS), secure key exchange, digital signature and authentication.

Hash functions (MD5, SHA-1, SHA-256)

A hash function takes an input of any length and produces a fixed-length output (hash or digest), representing the “fingerprint” of the original content.

Desirable properties:

Determinism: same input produces same hash
Fast computation
Collision resistance: two different inputs should not produce the same hash
Preimage resistance: the original message cannot be reconstructed from the hash

Common algorithms:

Algorithm	Output	Status
MD5	128 bits	Obsolete, vulnerable to collisions
SHA-1	160 bits	Compromised
SHA-256	256 bits	Currently secure, widely used

Typical uses: file integrity verification, digital signatures, password storage (with salts and key derivation like bcrypt/scrypt/argon2).

Applications

Integrity verification

A hash is generated when creating a file
Any later change alters the hash
Widely used in software downloads, ISO images, backups

Digital signature

Combines asymmetric cryptography and hash functions
The sender generates a hash of the document and encrypts it with their private key (signature)
The receiver decrypts with the public key and compares hashes

Basic obfuscation

Lightweight encryption or hashing to hide sensitive data in binaries, scripts, or logs
Also used in malware analysis and CTFs to make recognition of strings more difficult

Hands-on lab

Requirements: Kali Linux, openssl, gpg, sha256sum, Python 3

Part 1: Data integrity with hash functions

Create or download a file document.txt
Compute its SHA-256 hash:

sha256sum document.txt

Modify one line and recalculate. Does it match?
Generate two almost identical files and compare with md5sum

Part 2: Symmetric encryption with AES and openssl

Create a file secret.txt with fictitious sensitive content
Encrypt with AES-256:

openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc

Decrypt with the correct password:

openssl enc -aes-256-cbc -d -in secret.enc -out secret_decrypted.txt

Try incorrect passwords and observe the result
Switch from CBC to ECB mode and observe behavioral differences

Part 3: Asymmetric encryption with GPG

Generate a key pair:

gpg --full-generate-key

Export your public key:

gpg --export -a "name" > name.pub

Exchange public keys with your partner
Encrypt a message:

gpg -e -r "partner's name" message.txt

Decrypt the received message:

gpg -d message.txt.gpg

Part 4: Classical cryptography

Choose Caesar or Vigenere
Write a script in Python or Bash that:
- Asks for plaintext and a key/shift
- Encrypts the text
- Decrypts and displays both results
Test with different inputs
Implement frequency detection to attempt breaking a Caesar cipher

Submission

Compressed folder containing:

Screenshots of openssl, sha256sum, gpg commands
Original and modified files (comparative hashes)
Message encrypted and decrypted with GPG
Classical cipher script with usage examples
Short document with explanations of each technique

Key concepts

Term	Definition
AES	Standard symmetric encryption algorithm with 128-bit blocks
Symmetric encryption	System that uses the same key to encrypt and decrypt
Asymmetric encryption	System that uses a key pair: public and private
RSA	Asymmetric algorithm based on prime number factorization
SHA-256	256-bit hash function, currently secure and widely used
Hash	Function that converts data into a fixed-length string
GPG	Free implementation of OpenPGP for encryption and digital signatures

Test yourself

Integrity: You download an ISO file and the website provides its SHA-256 hash. What steps would you follow to verify that the file was not modified in transit?
Comparison: Explain why RSA is not used to encrypt large files directly. How is it combined with AES in practice (for example, in TLS)?
Hashes: Why are MD5 and SHA-1 no longer considered secure? What type of attack compromises them?

Navigation: ← Previous | Home | Next →

Quartz 4

Explorer

06 - Cryptography