We covered hashing functions including MD5 and SHA256 in addition to public key infrastructure and SSL/TLS certificates. This was part of TryHackMe Intro to Cryptography room.
Cryptography Recap: Symmetric vs. Asymmetric Encryption
The video started with a quick recap of the previous part, differentiating between symmetric and asymmetric encryption.
- Symmetric Encryption: I learned that this method uses a single secret key for both encrypting and decrypting data. It’s generally faster than asymmetric encryption. However, I discovered it’s not very scalable because if one key is compromised, the entire set might need to be regenerated, especially with many users. It also requires a secure channel to transfer the secret key initially.
- Asymmetric Encryption: This method, on the other hand, uses a pair of keys: a public key and a private key. In a two-party communication, this means each party has their own public and private key pair. To encrypt a message, the sender uses the recipient’s public key. To decrypt it, the recipient uses their own private key. I found this method to be slower than symmetric encryption but much more scalable. A significant advantage is that it doesn’t require a secure channel for transferring the ciphertext, as only the recipient with the private key can decrypt it.
Hashing: Ensuring Data Integrity
The video then transitioned to hashing, which is a cryptographic function that takes an input (like a file or a message) and produces a fixed-size output called a checksum or hash. The size of the checksum depends on the hashing algorithm, not the input size. I learned that identical inputs will always produce the same hash, but even a tiny change in the input will result in a completely different hash.
A critical concept I learned was hash collision, which occurs when two different inputs produce the same hash, indicating a vulnerability.
I explored common hashing algorithms:
- MD5: I learned that MD5 is prone to hash collisions and is considered insecure for sensitive data like passwords.
- SHA-256 (Secure Hashing Algorithm 256): This algorithm is generally considered secure.
- HMAC (Hash-based Message Authentication Code): This method enhances security by using a key in addition to the input to produce the hash.
The video also touched upon Rainbow Tables, which are precomputed tables of passwords and their corresponding hashes, used to crack weaker password hashes like MD5.
Public Key Infrastructure (PKI) and SSL/TLS: Securing Web Communication
I then delved into Public Key Infrastructure (PKI) and SSL/TLS, understanding the difference between HTTP (unsecured) and HTTPS (secured with a certificate).
I learned about the certificate generation process:
- First, you generate a Certificate Signing Request (CSR).
- Then, you send the CSR to a Certificate Authority (CA).
- The CA verifies the request and, if approved, signs the certificate.
- The signed certificate is then used by the domain (e.g., example.com) to enable HTTPS, indicated by a lock icon in the browser.
I also learned about self-signed certificates. Instead of sending a CSR to a CA, you can sign the certificate yourself. Browsers like Firefox and Chrome don’t trust self-signed certificates by default and will show a security warning. However, they are useful in corporate networks where a firewall might need to inspect HTTPS traffic. In such cases, the self-signed certificate is imported into all devices/browsers on the network, allowing the firewall to decrypt and inspect communications without browser warnings.
OpenSSL was introduced as a key tool for generating CSRs and self-signing certificates.
Practical Demonstrations and Technical Commands
The video provided practical examples using a Linux terminal, focusing on hashing tools and OpenSSL commands for certificate management, often referencing tasks from a TryHackMe room.
Hashing Commands:
cd task05: Navigated into a directory for a specific task.sha256sum order.json: Calculated the SHA-256 hash oforder.json.nano order.json: Used to edit theorder.jsonfile (e.g., changing a value from “1000” to “9000” to demonstrate how even small changes affect the hash).hmac256 <key> order.txt: Demonstrated calculating an HMAC-SHA256 hash using a key (the exact command might vary depending on the specifichmac256tool, butopenssl dgst -sha256 -hmac "<key>" order.txtis a common way).md5sum <filename>: Mentioned for calculating MD5 hashes.
OpenSSL Commands (Explained, not typed in terminal during demo):
- To generate a Certificate Signing Request (CSR) and a new private key:
openssl req -new -newkey rsa:2048 -nodes -keyout key.pem -out csr.pem-new: Generates a new CSR.-newkey rsa:2048: Generates a new RSA private key of 2048 bits.-nodes: Ensures the private key is not encrypted (no passphrase).-keyout key.pem: Specifies the output file for the private key.-out csr.pem: Specifies the output file for the CSR.
- To generate a self-signed certificate using an existing CSR and private key:
openssl x509 -req -in csr.pem -CAkey key.pem -CAcreateserial -out certificate.pem -days 365 -sha256x509: Command for X.509 certificate data management.-req: Indicates that the input is a CSR.-in csr.pem: Specifies the input CSR file.-CAkey key.pem: Specifies the private key to sign the certificate (acting as its own CA).-CAcreateserial: Creates a serial number file if one doesn’t exist.-out certificate.pem: Specifies the output file for the self-signed certificate.-days 365: Sets the validity period of the certificate to 365 days.-sha256: Specifies the SHA-256 hashing algorithm for the signature.
Inspecting Certificates:
openssl x509 -in cert.pem -text: This command was used to display the details of a certificate, including its public key size and validity period.
You have received the following encrypted message:
“Xjnvw lc sluxjmw jsqm wjpmcqbg jg wqcxqmnvw; xjzjmmjd lc wjpm sluxjmw jsqm bqccqm zqy.” Zlwvzjxj Zpcvcol
You can guess that it is a quote. Who said it?
Decrypt the file quote01 encrypted (using AES256) with the key s!kR3T55 using gpg. What is the third word in the file?
Decrypt the file quote02 encrypted (using AES256-CBC) with the key s!kR3T55 using openssl. What is the third word in the file?
Decrypt the file quote03 encrypted (using CAMELLIA256) with the key s!kR3T55 using gpg. What is the third word in the file?
On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task03; alternatively, you can use the task file from Task 2 to work on your own machine.
Bob has received the file ciphertext_message sent to him from Alice. You can find the key you need in the same folder. What is the first word of the original plaintext?
Take a look at Bob’s private RSA key. What is the last byte of p?
Take a look at Bob’s private RSA key. What is the last byte of q?
On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task04; alternatively, you can use the task file from Task 2 to work on your own machine.
A set of Diffie-Hellman parameters can be found in the file dhparam.pem. What is the size of the prime number in bits?
What is the prime number’s last byte (least significant byte)?
On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task05; alternatively, you can use the task file from Task 2 to work on your own machine.
What is the SHA256 checksum of the file order.json?
Open the file order.json and change the amount from 1000 to 9000. What is the new SHA256 checksum?
Using SHA256 and the key 3RfDFz82, what is the HMAC of order.txt?
On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task06; alternatively, you can use the task file from Task 2 to work on your own machine.
What is the size of the public key in bits?
Till which year is this certificate valid?
You were auditing a system when you discovered that the MD5 hash of the admin password is 3fc0a7acf087f549ac2b266baf94b8b1. What is the original password?
Video Walkthrough
