Keeper's Cryptography Help Desk | Covering All Aspects

Nice, dude! Hope the first customer will come soon. :p

Not customer, but rather a person that needs help since the customer pays and this helpdesk is entirely free of charge.

I have a quick question about PBKDF2 and key derivation functions in general. I have recently been playing around trying to decrypt a AES file from a client. I was having some trouble decrypting the file with the pass phrase and IV supplied. I eventually worked out that it was due to differences in the way the key was generated for encryption and decryption. Encryption was happening via C# and decryption using CryptoJS. The solution was to generate the PBKDF2 using some C# code and using that instead. Well I guess have two questions, firstly is it best practice to decrypt using a pass phrase and generating the key or if you should just always generate the key during encryption and use that instead? And secondly should there be a difference between the two algorithms? Surely it is a standard (but I guess it doesn’t matter if they are not the same if you are using the key).

I hope that makes sense and is on topic :p

If it was up to me, I’d generate a key upon every iteration. In that way you don’t rely on anything and if something goes wrong (i.e suppose key corrupts or whatever the reason), the whole encryption process will not do so you’ll be aware of that less or more either ways. As for the difference between the two of em - there surely is. Despite the fact that nobody will be aware of the key or pass phrase or anything at all, even though using CryptoJS just for decryption you can still not rely on anything client-sided for algorithm processing and yes - it doesn’t matter of they aren’t the same.

Thank you for the answer, it pretty much confirms what I had concluded.

As for anyone wondering why decryption was happening client-side … the code was to be bundled in a phone gap application and distributed via a private internal market place. The content would have to be able to reach employees mobiles this seemed like the best solution.

Also be aware that the only truly applicable cryptanalyses against AES are side-channel attacks (which itself is quite oldschool). On the other hand, it is mathematically/theoretically possible to crack it but that’s a different topic and way above our knowledge.

Thank you Keeper. :D

Hey Keeper I hope you can help me with my problem. I am more or less a newbie to cryptography.
So my problem is the following:
I have an RSA encrypted message. N, e and the encrypted message are given. As hint to solve/decrypt we know that the plaintext is 72 bytes long. I have been trying some stuff but in the end couldnt figure out how to use this hint to hack this problem..
If you have a hint to lead me in the right direction I would be very happy ^.^

[quote=taga]Hey Keeper I hope you can help me with my problem. I am more or less a newbie to cryptography.
So my problem is the following:
I have an RSA encrypted message. N, e and the encrypted message are given. As hint to solve/decrypt we know that the plaintext is 72 bytes long. I have been trying some stuff but in the end couldnt figure out how to use this hint to hack this problem..
If you have a hint to lead me in the right direction I would be very happy ^.^[/quote]

Factorize it. In other words, that can lead to the Discrete Log problem which even with a specialized algorithm, will not be able to go behind O(2^nC). Unless you conduct some sort of exhaustive search attack (which is indeed factoring in order to get to the value of P), there is nothing more you can do.

There has been a similar cracking challenge at Cicada 3301 event this year where the RSA ciphertext was 430-bit. Check this table for a quick review –> http://en.wikipedia.org/wiki/RSA_numbers. You should better group with a bunch of people and do a distributed cracking. Depending on your computing power, you may as well not need anyone else to crack along with you but in most cases personal computers are of no use if left by themselves. In our case, we used msieve-cuda and each of us had setup his PC to a client, donating cores for more computing power.

But if you want faster results use a GPU device since the acceleration is a lot better than using a simple microprocessor which might as well lead to various hardware problems. Simply because CPUs are not meant for extensive calculation and especially not for cracking algorithms such as RSA. Two of my laptops had to undergo a revolving repair on the motherboard because of such nuisance.

Read up on asymmetric cryptography as well (since you are currently at the topic of it).

okay yeah i could use cuda to do it somehow on the gpu.. but this one is actually a ‘easy’ problem, i was told.
I already tried to factorize it and runned the programm for 2 hours.. well there was no parallelization in my code. even on the gpu it might take too long, since my N is 286 bytes long.. -.-

But i am sure that this hint, that the plaintext is 72 bytes long should be of significant help. However i cannot figure out how to use this hint. I am pretty sure that it is not ment to bruteforce the factorization..

maybe i should have noted, that there is no padding.. well I am looking how to exploit the low public key and the missing of padding. there are osme attacks on it.

dude i figured it out.. was acutally damn easy. Since there is no padding and the public exponent is so low, I checked how many bytes a string with 72 chars to the third power has. It matched the byte size of the encrypted message. So I knew that in
m^e mod(N)
the modulo operator wasn’t used at all and could only take the third root of my encrypted message to get the plaintext

XDD so cheap actually

anyway thanks a lot for your help!

Hy every one. taga, If you want to break the RSA algorithm,good luck! Because until today it is impossible to break it.
The principle of this public key cryptography is to use a one-way function, ie a function f which although known if we know x, we can compute f (x), while knowing f (x), we can not find x.
Here is the description of the algorithm:
- It starts by generating a public key n, which is the product of two secret primes p and q.
- Then chooses a random key E, first with respect to ((p-1) * (q-1)).
- Then create the private key that is given by d = e^?1 mod ((p ? 1) ? (q ? 1)).
- e is called the public exponent , d the private exponent.
- So, the public encryption key is (n, e) and private key (n, d).
- To encrypt a block m, it suffices to calculate c = m ^ (e) mod n (anyone can do it, only the private key is used).
- To decrypt a block c, it suffices to do m = c ^ (d) mod n. Here, only the person with the private key d can read this message.
So anyone who can encrypt a message with the public key that you released, but only you can decrypt it.

dude, stop with the math stuff. i just got out of math and i am soooo ready to punch a wall

@rastahypa dude this was a task specially designed to be solved like this.. and there are several other attacks on bad rsa encrytptions, just google it.
Of course if you generate all the numbers regarding certain requirements and equations one can not bruteforce rsa.. but as i explained I did NOT bruteforce the solution