information security - paylogic techtalk 2014
DESCRIPTION
A primer in information security, giving an intro to the foundations, examples of different kinds vulnerabilities, and a bunch of extra info.TRANSCRIPT
![Page 1: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/1.jpg)
Informa(on Security Tech Talk
Aug 4th 2014 Dirk Zi=ersteyn
![Page 2: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/2.jpg)
Informa(on security
Three main goals
![Page 3: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/3.jpg)
Keep your data secure
![Page 4: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/4.jpg)
Make sure people can’t change your data
![Page 5: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/5.jpg)
Make sure your informa(on stays available
![Page 6: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/6.jpg)
Confiden(ality Integrity Availability
![Page 7: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/7.jpg)
Confiden(ality Integrity Availability
![Page 8: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/8.jpg)
Availability
Subject for another talk
![Page 9: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/9.jpg)
Confiden(ality and Integrity
Two sides of the same coin
If you can’t guarantee integrity, confiden(ality is useless, and vice-‐versa.
![Page 10: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/10.jpg)
Cryptography
Confiden(ality Integrity (a bit)
![Page 11: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/11.jpg)
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
![Page 12: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/12.jpg)
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
= Symmetric encryp(on
![Page 13: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/13.jpg)
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
≠ Asymmetric encryp(on
![Page 14: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/14.jpg)
Founda(ons Kerckhoffs (1835 – 1903) Shannon (1916 – 2001)
![Page 15: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/15.jpg)
Auguste Kerckhoffs
La Cryptographie Militaire (1883)
![Page 16: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/16.jpg)
Kerckhoffs’ principle The design of a system should not
require secrecy
![Page 17: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/17.jpg)
The design of a system should not require secrecy
Kerckhoffs’ principle
and compromise of the system should not inconvenience the
correspondents
![Page 18: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/18.jpg)
Kerckhoffs’ principle
Open Source your method
![Page 19: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/19.jpg)
Kerckhoffs’ principle
Security is in the key
![Page 20: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/20.jpg)
Claude Shannon
Perfect Secrecy Confusion Diffusion
![Page 21: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/21.jpg)
Claude Shannon "Perfect Secrecy" is defined by requiring of a
system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as
the a priori probabilities of the same messages before the interception
![Page 22: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/22.jpg)
In other words:
The enemy learns nothing.
![Page 23: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/23.jpg)
Claude Shannon
Confusion: Rela(on plaintext -‐ ciphertext
![Page 24: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/24.jpg)
Claude Shannon
Diffusion: Posi(on of plaintext in ciphertext
![Page 25: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/25.jpg)
Back in the days…
Caesar Cipher
![Page 26: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/26.jpg)
caesar = alpha[n:] + alpha[:n]
![Page 27: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/27.jpg)
caesar(‘Hello World’, 3) =
‘KHOOR ZRUOG’
![Page 28: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/28.jpg)
Decrypt
Simple.
![Page 29: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/29.jpg)
Decrypt
A li=le… too simple.
![Page 30: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/30.jpg)
for i in range(26):
print caesar('KHOOR ZRUOG', i)
![Page 31: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/31.jpg)
0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS
13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF
![Page 32: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/32.jpg)
ecuritysay oughthray obscurityyay
![Page 33: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/33.jpg)
ecuritysay oughthray obscurityyay
They simply assumed no-‐one would think to decrypt it
(they even hardcoded the number by which is was shi`ed: 3)
![Page 34: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/34.jpg)
KHOOR Z'RUOG! (Klingons never bluff)
They hoped people would think it was some language they did not understand
![Page 35: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/35.jpg)
Kerckhoffs’ principle
![Page 36: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/36.jpg)
Improving Caesar shi`
Keyspace ≈ 26
![Page 37: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/37.jpg)
Generalizing Caesar shi`
ABCDEFGHIJKLMNOPQRSTUVWXYZ
alpha = alpha[n:] + alpha[:n]
DEFGHIJKLMNOPQRSTUVWXYZABC
![Page 38: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/38.jpg)
Subs(tu(on cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
alpha = random.shuffle(alpha)
WGLOJTYUDZQXKVAFHMBPECRNIS
![Page 39: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/39.jpg)
Subs(tu(on cipher
Keyspace ≈ 26!
403291461126605635584000000
![Page 40: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/40.jpg)
Secure?
![Page 41: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/41.jpg)
You intercept: MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …
![Page 42: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/42.jpg)
English le=er freq’s
![Page 43: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/43.jpg)
Message le=er freq’s
![Page 44: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/44.jpg)
Pre=y similar! English Message
![Page 45: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/45.jpg)
![Page 46: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/46.jpg)
a d
![Page 47: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/47.jpg)
ab do
![Page 48: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/48.jpg)
abc dok
![Page 49: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/49.jpg)
abcdefghijklmnopqrstuvwxyz dokutbnvrxcespalyhzmwqjfgi
![Page 50: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/50.jpg)
Guessed key
dokutbnvrxcespalyhzmwqjfgi
![Page 51: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/51.jpg)
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
![Page 52: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/52.jpg)
Similar enough to come close
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
![Page 53: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/53.jpg)
More work needed
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
![Page 54: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/54.jpg)
There are some pre=y big mismatches
![Page 55: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/55.jpg)
Decoded with guessed key TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
![Page 56: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/56.jpg)
We’ve assumed it’s English TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
So let’s find some English words
![Page 57: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/57.jpg)
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 58: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/58.jpg)
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 59: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/59.jpg)
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 60: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/60.jpg)
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 61: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/61.jpg)
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 62: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/62.jpg)
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 63: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/63.jpg)
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 64: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/64.jpg)
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 65: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/65.jpg)
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 66: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/66.jpg)
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 67: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/67.jpg)
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 68: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/68.jpg)
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 69: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/69.jpg)
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 70: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/70.jpg)
the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 71: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/71.jpg)
the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 72: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/72.jpg)
the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 73: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/73.jpg)
the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 74: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/74.jpg)
the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
![Page 75: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/75.jpg)
![Page 76: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/76.jpg)
Cracked!
So, let’s adap(ng it in a different way
![Page 77: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/77.jpg)
Change the shi` each le=er
![Page 78: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/78.jpg)
Plaintext: supersecretmessageyoushouldnotsee
Key:
donotlook
![Page 79: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/79.jpg)
Repeat the key
supersecretmessageyoushouldnotsee
donotlookdonotlookdonotlookdonotl
![Page 80: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/80.jpg)
Add plaintext and key
supersecretmessageyoushouldnotsee
donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp
+
![Page 81: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/81.jpg)
This is the Vigenère Cipher
Named for Blaise de Vigenère (1523 – 1596)
![Page 82: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/82.jpg)
This is the Vigenère Cipher
Actually invented by Giovan Bapsta Bellaso
(1505 – ??)
![Page 83: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/83.jpg)
Also known as:
Le Chiffre Indéchiffrable (The Unbreakable Cipher)
![Page 84: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/84.jpg)
Secure?
![Page 85: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/85.jpg)
Brute Force:
possibili(es (n = 9 -‐> 10795636100592)
![Page 86: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/86.jpg)
Frequency analysis?
Ciphertext English
![Page 87: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/87.jpg)
First:
Guess the key length
![Page 88: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/88.jpg)
Repeated words, repeated key
Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB
![Page 89: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/89.jpg)
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
![Page 90: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/90.jpg)
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
![Page 91: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/91.jpg)
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]
![Page 92: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/92.jpg)
Repeated words, repeated key
[18, 9, 6, 3, 2, 1]
∩
[30, 15, 10, 6, 5, 3, 2, 1]
=
[6, 3, 2, 1]
![Page 93: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/93.jpg)
Repeated words, repeated key
[18, 9, 6, 3, 2, 1]
∩
[30, 15, 10, 6, 5, 3, 2, 1]
=
[6, 3, 2, 1]
![Page 94: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/94.jpg)
When you assume You make an ass out of u and me
![Page 95: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/95.jpg)
When you assume
There might not be any repeated words at the right spots
![Page 96: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/96.jpg)
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
![Page 97: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/97.jpg)
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
![Page 98: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/98.jpg)
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
Should be a standard letter distribution
![Page 99: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/99.jpg)
If the key length = 3 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC
uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe
AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC
Should be a standard letter distribution
![Page 100: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/100.jpg)
Let’s try this!
Encoded a plaintext with key ‘SECRET’
![Page 101: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/101.jpg)
Split the ciphertext,
![Page 102: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/102.jpg)
Split the ciphertext,
Sort characters by frequency
![Page 103: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/103.jpg)
Split the ciphertext,
Sort characters by frequency Sum highest frequencies, second highest, etc.
![Page 104: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/104.jpg)
![Page 105: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/105.jpg)
![Page 106: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/106.jpg)
secret
![Page 107: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/107.jpg)
secret s e c r e t
![Page 108: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/108.jpg)
Now that we know the key length, This is not that different from
subs(tu(on cipher
![Page 109: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/109.jpg)
Cracked!
Principle is easy
Doing it by hand is tedious
![Page 110: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/110.jpg)
Cracked!
smurfoncrack.com/pygenere/
source: smurfoncrack.com/pygenere/pygenere.py
![Page 111: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/111.jpg)
![Page 112: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/112.jpg)
Is there any truly secure method?
![Page 113: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/113.jpg)
Yes.
![Page 114: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/114.jpg)
The One-‐Time pad
Looks like Vigenère.
![Page 115: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/115.jpg)
The One-‐Time pad
Create a long key, without repeFFon
![Page 116: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/116.jpg)
The One-‐Time pad
Create a long key, without repeFFon Securely share it between both par(es
![Page 117: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/117.jpg)
The One-‐Time pad
To send a message:
![Page 118: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/118.jpg)
Plaintext attackatdawn Key owbxelcixrql
------------ +
Ciphertext opuxgvcbarmy
![Page 119: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/119.jpg)
And then:
![Page 120: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/120.jpg)
And then:
Destroy the key
![Page 121: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/121.jpg)
One-‐Time pad
![Page 122: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/122.jpg)
This is provably perfectly secure
You can’t even brute force it!
![Page 123: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/123.jpg)
This is provably perfectly secure opuxgvcbarmy owbxelcixrql
------------ -
attackatdawn
opuxgvcbarmy elqinoymwrku
------------ -
keepthepeace
![Page 124: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/124.jpg)
This is provably perfectly secure
So why don’t we all use it?
![Page 125: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/125.jpg)
Why we don’t use it:
You need to share the key securely, But how?
![Page 126: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/126.jpg)
Out of band communica(on
How the spies did it Before the mission, they received a codebook
![Page 127: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/127.jpg)
Out of band communica(on
How the spies did it But imprac(cal for ordinary use
![Page 128: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/128.jpg)
In band communica(on
Safe channel through which to send the key
![Page 129: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/129.jpg)
In band communica(on
Just use that channel to send the message.
![Page 130: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/130.jpg)
They all have in common:
Confusion ✓ Diffusion ✗
![Page 131: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/131.jpg)
Why do you need diffusion?
e.g. image encryp(on
![Page 132: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/132.jpg)
Using a block cipher
Encodes blocks of data
![Page 133: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/133.jpg)
![Page 134: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/134.jpg)
Electronic Code Book (ECB)
Blocks with the same data are encoded as the same data
![Page 135: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/135.jpg)
Encode this image with ECB:
24-‐bits bmp
![Page 136: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/136.jpg)
“Encrypted”
(a`er header restora(on)
![Page 137: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/137.jpg)
Cipher block chaining
Does do diffusion
![Page 138: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/138.jpg)
![Page 139: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/139.jpg)
Looks like noise.
![Page 140: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/140.jpg)
Methods covered so far:
Brute Force Caesar Cipher
![Page 141: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/141.jpg)
Methods covered so far:
Brute Force Caesar Cipher
Founda(onal weakness Vigenère, Subs9tu9on, ECB
![Page 142: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/142.jpg)
Next up:
Mad Science
![Page 143: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/143.jpg)
Next up:
Mad Science Side channel a=acks
![Page 144: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/144.jpg)
Tradi(onal model
E Plaintext
Key
Ciphertext
Key
Plaintext D
![Page 145: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/145.jpg)
Side channel model
E Plaintext
Key
Ciphertext
Key
Plaintext D
Heat
Timing
Heat
Timing
![Page 146: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/146.jpg)
Simple example def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
![Page 147: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/147.jpg)
Simple example if input == password: login()
else:
error()
![Page 148: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/148.jpg)
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
![Page 149: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/149.jpg)
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 0.8ms
![Page 150: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/150.jpg)
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.1ms (1 iter)
![Page 151: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/151.jpg)
Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.1ms (1 iter)
![Page 152: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/152.jpg)
Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.3ms (2 iter)
![Page 153: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/153.jpg)
Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.3ms (2 iter)
![Page 154: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/154.jpg)
Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.5ms (2 iter)
![Page 155: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/155.jpg)
Simple example This simple error has reduced your keyspace
From 26n to 26n
![Page 156: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/156.jpg)
![Page 157: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/157.jpg)
This isn’t really MAD science…
![Page 158: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/158.jpg)
Power consump(on of a CPU during RSA computa(on.
![Page 159: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/159.jpg)
0
![Page 160: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/160.jpg)
0 1 …
![Page 161: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/161.jpg)
![Page 162: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/162.jpg)
Crypto is a minefield
![Page 163: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/163.jpg)
h=p://w
ww.m
oserware.com
/2009/09/s(ck-‐figure-‐guide-‐to-‐advanced.html
![Page 164: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/164.jpg)
Methods covered so far:
Brute Force Caesar Cipher
Founda(onal weakness Vigenère, Subs9tu9on, ECB
Side channel a=acks Timing, Power Consump9on, Acous9c, etc.
![Page 165: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/165.jpg)
Last but not least
Rubber-‐Hose Cryptanalysis
![Page 166: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/166.jpg)
[..] In which a rubber hose is applied forcefully and frequently to the soles of the feet, un9l the
key to the cryptosystem is discovered
A process that can take a surprisingly short 9me and is quite computa9onally inexpensive
sci.crypt (1990)
![Page 167: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/167.jpg)
![Page 168: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/168.jpg)
![Page 169: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/169.jpg)
What haven’t I covered? Asymmetric encryp(on
public – private key …
A lot of math
Diffie – Hellman key exchange Prime factoriza(on Ellip(c Curve crypto …
Integrety assurance HMAC …
Stream Ciphers Man in the middle AES, DES, Hashes Salts Etc.
![Page 170: Information security - Paylogic TechTalk 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/555b7eeed8b42aab6c8b55b7/html5/thumbnails/170.jpg)
MORE!!!
Great intro to a great encryp(on standard
A s(ck figure guide to AES
Mad science side-‐channel a=acks To Protect and Infect (Jacob Applebaum)
Awesome primer for InfoSec
History of the informa(on age