SlideShare une entreprise Scribd logo

Breaking out of crypto authentication

Télécharger en tant que PPTX, PDF
Mohammed Adam
Mohammed Adam

Breaking out of crypto authentication

Ingénierie
1  sur  13
Breaking out of Crypto Authentication
#WHOAMI • Mohammed Adam • Senior Security Engineer in Crossbowlabs LLP, Bangalore • Offensive Security Certified Professional (OSCP) • Chapter Lead in Null Villupuram • Acknowledged by top 50+ companies in Bugbounty Programs like US Dept of Defense, AT&T, Oppo, Mastercard, Intel, etc. • Blogger & Bike rider.
Cryptography 101 What is Cryptography? Encryption and Decryption Types of Cryptography • Symmetric • Asymmetric • Hash Functions General cryptographic implementations. Authentication and authentication schemas and attacks against authentication systems.
Symmetric Encryption Same key is used for encryption and decryption Encryption Algorithms DES 3DES AES Key Exchange Problem
Asymmetric Encryption Also known as Public Key Cryptography Two keys are used in the PKC, public key and private key A set of keys is associated with a particular user The sender encrypts the message with the receiver’s public key The receiver decrypts the encrypted message with the private key PKC Algorithms DSA RSA ECC
Hash Functions
Implementations of hash functions • The most popular use of hashes is for file identification and storing sensitive data, like passwords. • When you create an account on a website your password is converted to hash and this hash is stored in the server's database. • So when you login the password that you type in will be converted to a hash, the server will take it and compare it with the hash in it's database, if it's the same that means your password is correct and the server will let you in. • MD5 hashes are also used to ensure the data integrity of files. • Because the MD5 hashing algorithm always produces the same output for the same given input, it can be used to compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.
Use of Cryptography Symmetric Encryption • To encrypt bulk data • Encryption of data at rest Asymmetric Encryption • Digital Signatures • Key Exchange • Sensitive data exchange Hash Functions • Password Storage • Data Integrity Checks
Confusion Occurs between encoding and encrypting ? Let's say you have an encrypted file, the only way to decrypt it is using key. While encoded data can be decoded immediately, without keys. It's NOT a form of encryption, it just a way of representing data. A very popular encoding is Base64. Here's how "hi there" looks with Base64 encoding : aGkgdGhlcmU=
Attacks on Cryptographic Systems Symmetric Cryptography • Known-Plaintext Attack • Chosen-Plaintext Attack • Differential Cryptanalysis • Linear Cryptanalysis Asymmetric Cryptography • Brute force key search • Alteration of public keys Hash Functions • Hash Collisions • Rainbow table
Thankyou ! @iam_amdadam mohammedadam24

Recommandé

Md5
Md5Md5
Md5
Sanjeevsharma620
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Elasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and MultitenancyElasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
Bozhidar Bozhanov
 
UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)
sendwithus
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
Jose Manuel Ortega Candel
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
Manjarul Hoque
 

Recommandé

Md5
Md5Md5
Md5
Sanjeevsharma620
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Elasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and MultitenancyElasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
Bozhidar Bozhanov
 
UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)
sendwithus
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
Jose Manuel Ortega Candel
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
Manjarul Hoque
 
Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
Vaibhav Khanna
 
User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
guest648519
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
Adam Englander
 
Ciphers
CiphersCiphers
Ciphers
Ahtesham Husain Shaikh
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
Class 16
Class 16Class 16
Class 16
Dr. Ajith Sundaram
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
Malte Timmermann
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
Encryption
Encryption Encryption
Encryption
Adnan Malak
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
Setiya Nugroho
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
javagroup2006
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
 
Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
kalojo7178
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
ukd789555
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
s1190088
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
s1190088
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
Red Gate Software
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 

Contenu connexe

Tendances

User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
guest648519
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
Malte Timmermann
 

Tendances (11)

Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
 
User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
 
Ciphers
CiphersCiphers
Ciphers
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
 
Class 16
Class 16Class 16
Class 16
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
Encryption
Encryption Encryption
Encryption
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
 

Similaire à Breaking out of crypto authentication

Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
kalojo7178
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
s1190088
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
s1190088
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
7wounders
 

Similaire à Breaking out of crypto authentication (20)

Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 
Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
 
Security
SecuritySecurity
Security
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSBasic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSS
 
Network security
Network securityNetwork security
Network security
 
Cryptography
CryptographyCryptography
Cryptography
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
cryptography security
cryptography security cryptography security
cryptography security
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 

Plus de Mohammed Adam

Plus de Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Dernier

UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Dernier (20)

UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 

Breaking out of crypto authentication

  • 2. #WHOAMI • Mohammed Adam • Senior Security Engineer in Crossbowlabs LLP, Bangalore • Offensive Security Certified Professional (OSCP) • Chapter Lead in Null Villupuram • Acknowledged by top 50+ companies in Bugbounty Programs like US Dept of Defense, AT&T, Oppo, Mastercard, Intel, etc. • Blogger & Bike rider.
  • 3. Cryptography 101 What is Cryptography? Encryption and Decryption Types of Cryptography • Symmetric • Asymmetric • Hash Functions General cryptographic implementations. Authentication and authentication schemas and attacks against authentication systems.
  • 4. Symmetric Encryption Same key is used for encryption and decryption Encryption Algorithms DES 3DES AES Key Exchange Problem
  • 5.
  • 6. Asymmetric Encryption Also known as Public Key Cryptography Two keys are used in the PKC, public key and private key A set of keys is associated with a particular user The sender encrypts the message with the receiver’s public key The receiver decrypts the encrypted message with the private key PKC Algorithms DSA RSA ECC
  • 7.
  • 9. Implementations of hash functions • The most popular use of hashes is for file identification and storing sensitive data, like passwords. • When you create an account on a website your password is converted to hash and this hash is stored in the server's database. • So when you login the password that you type in will be converted to a hash, the server will take it and compare it with the hash in it's database, if it's the same that means your password is correct and the server will let you in. • MD5 hashes are also used to ensure the data integrity of files. • Because the MD5 hashing algorithm always produces the same output for the same given input, it can be used to compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.
  • 10. Use of Cryptography Symmetric Encryption • To encrypt bulk data • Encryption of data at rest Asymmetric Encryption • Digital Signatures • Key Exchange • Sensitive data exchange Hash Functions • Password Storage • Data Integrity Checks
  • 11. Confusion Occurs between encoding and encrypting ? Let's say you have an encrypted file, the only way to decrypt it is using key. While encoded data can be decoded immediately, without keys. It's NOT a form of encryption, it just a way of representing data. A very popular encoding is Base64. Here's how "hi there" looks with Base64 encoding : aGkgdGhlcmU=
  • 12. Attacks on Cryptographic Systems Symmetric Cryptography • Known-Plaintext Attack • Chosen-Plaintext Attack • Differential Cryptanalysis • Linear Cryptanalysis Asymmetric Cryptography • Brute force key search • Alteration of public keys Hash Functions • Hash Collisions • Rainbow table