2. #WHOAMI
• Mohammed Adam
• Senior Security Engineer in Crossbowlabs
LLP, Bangalore
• Offensive Security Certified Professional
(OSCP)
• Chapter Lead in Null Villupuram
• Acknowledged by top 50+ companies in
Bugbounty Programs like US Dept of
Defense, AT&T, Oppo, Mastercard, Intel,
etc.
• Blogger & Bike rider.
3. Cryptography
101
What is Cryptography?
Encryption and
Decryption
Types of Cryptography
• Symmetric
• Asymmetric
• Hash Functions
General cryptographic
implementations.
Authentication and
authentication schemas
and attacks against
authentication systems.
6. Asymmetric Encryption
Also known as Public Key
Cryptography
Two keys are used in the PKC,
public key and private key
A set of keys is associated
with a particular user
The sender encrypts the
message with the receiver’s
public key
The receiver decrypts the
encrypted message with the
private key
PKC Algorithms
DSA
RSA
ECC
9. Implementations
of hash functions
• The most popular use of hashes is for file identification and storing sensitive
data, like passwords.
• When you create an account on a website your password is converted to hash
and this hash is stored in the server's database.
• So when you login the password that you type in will be converted to a hash,
the server will take it and compare it with the hash in it's database, if it's the
same that means your password is correct and the server will let you in.
• MD5 hashes are also used to ensure the data integrity of files.
• Because the MD5 hashing algorithm always produces the same output for the
same given input, it can be used to compare a hash of the source file with a
newly created hash of the destination file to check that it is intact and
unmodified.
10. Use of Cryptography
Symmetric
Encryption
• To encrypt
bulk data
• Encryption of
data at rest
Asymmetric
Encryption
• Digital
Signatures
• Key Exchange
• Sensitive data
exchange
Hash Functions
• Password
Storage
• Data Integrity
Checks
11. Confusion Occurs between encoding and
encrypting ?
Let's say you have an
encrypted file, the only way
to decrypt it is using key.
While encoded data can be
decoded immediately,
without keys.
It's NOT a form of
encryption, it just a way of
representing data.
A very popular encoding is
Base64. Here's how "hi
there" looks with Base64
encoding : aGkgdGhlcmU=
12. Attacks on Cryptographic Systems
Symmetric
Cryptography
• Known-Plaintext
Attack
• Chosen-Plaintext
Attack
• Differential
Cryptanalysis
• Linear
Cryptanalysis
Asymmetric
Cryptography
• Brute force key
search
• Alteration of
public keys
Hash Functions
• Hash Collisions
• Rainbow table