Encryption

From TheBeard Science Project Wiki
Jump to: navigation, search 
WEP - Wired Equivalent Privacy
WPA - Wi-Fi Protected Access
RC4 - stream encryption used by WEP. Cycles through 24 bit init vector. 
TKIP - Temporary Key Integrity Protocol. used in WPA. generates sequence of RC4 keys based on one master key. It changed that key every 10k packets. Also uses Message Integrity Code(MIC) to check if a packet has been tampered with. If so, it changes the key.
DES - Data Encryption Standard. Block cipher using a symmetric-key algorithm using 56 bit key.
DEA - Data Encryption Algorithm. Same as above, but specifically referring to the algorithm.
AES-CCMP - Advanced Encryption Standard with Counter-Mode/CBC-MAC Protocol. 128, 192, and 256 bit.
CBC - Cipher-Block Chaining
TLS - Transport Layer Security. 
SHA - Secure Hash Algorithm. 

RSA - Algorithm for encryption and signing.
DSA - Algorithm for signing. Preferable for signing, more secure, but slower.


=======
openssl
=======

openssl <encryption> <args>
	encryption
		passwd - creates password hash
		aes-256-cbc - strong aes (good for files)
		genrsa <args> <bits>- generate rsa key
			-aes256
			-des3
			-out <file> - key output
			2048 - bits
		req - generate and manage certificates
			-x509 - generate an x509 certificate
			-new - use if key is already made
			-key - specify premade key
			-newkey rsa:1024 - type:bits (also dsa:file)
			-keyout key.pem - output private key
			-out cert.pem - output certificate
			-days <#> - days before cert expires
		s_server - listen
			-cert <file> - key/cert file
			-accept <port> - port number to accept
		s_client - connect
			-cert <file> - key/cert file
			-connect <host>:<port> - connect to server
		rand <opt> <#> - generate random bytes
			-base64
			-hex
		ciphers -v - list of ciphers
		prime <#> - test if # is prime
			-hex
	general args:
		-e - encrypt (default)
		-d - decrypt
		-k <passwd> - provide password
		-salt <string> - provide salt (not stated while decrypting)
		-a - output in base64 (makes viewable in text)
		-table - output as table
	
	

examples:
	openssl passwd <password> 
	openssl passwd -salt AB <password> -out file.txt
	echo 'hello world' | openssl aes-256-cbc -a -salt -k <password> #encrypt
	echo '<hash>' | openssl aes-256-cbc -a -d -k <password> #decrypt
	openssl aes-256-cbc -salt -in file1 -out file2

generate certificate:
	openssl genrsa -aes256 -out key.pem 2048 #create private key
	openssl req -x509 -new -key key.pem >> key.pem #create certificate and append to private key

encrypted tcp connection:
	openssl s_server -cert key.pem -accept <port> #server listen
	openssl s_client -cert key.pem -connect <host>:<port> #client connect


=========
checksums
=========

create/check checksum with:
	md5sum
	shasum
	sha1sum
	sha224sum
	sha256sum
	sha384sum
	sha512sum

all of them work like:
	md5sum <file> > <checksum.txt> - create checksum
	md5sum -c <checksum.txt> - check the checksum (do while in dir of file)

========
cracking
========

john the ripper:

	NOTE: sometimes expects hashfile to be formatted as: username:hash. username can be anything.
	
	john - shows help plus supported algorithms
	john hashfile.txt - cracks hashes in file
		--single - single crack mode
		--wordlist=file - use dictionary attack with file as wordlist
		--incremental - use brute force. can use --incremental=mode where mode can be "All" or something else
		--test - benchmark system
		--users=user,user - users to crack form hashfile
		--salts=<#/-#>
		--format=type - force hash type 
			DES/BSDI/MD5/BF/AFS/LM/NT/mscash/NETLM/NETNTLM/bfegg/DOMINOSEC/lotus5/raw-MD5/raw-sha1/IPB2/nsldap/openssha/HDAA
	example:
		john --format=raw-MD5 hashfile.txt

ophcrack:
	ophcrack -d /path/tables -t table1:table2 -w /path/config -l /path/outputfile	
		-g - use gui
		-b - disable brute force
		-f /path/file - load hash from file instead of samfile (-w /path/config)

lcrack:

	NOTE: sometimes expects hashfile to be formatted as: username:hash. username can be anything.

	lcrack <options> <file> - shows help plus supported algorithms
		-o <file> - output file
		-d <file> - wordlist file
		-t <file> - use table file
		-s <charset> - charset for incremental
		-s# <file> - charset from file
		-l <lenset> - length-set for incremental
		-x<mode>[+|-]  : activate/deactivate specified mode
			l - login mode
			f - fast word list mode
			s - smart word list mode
			b - incremental (brute-force) mode
		-rand - randomized brute-force mode
		-m <method> - hash algorithm. default: null
			dom/md4/md5/nt4/null/sha1
	example:
		lcrack -m md5 -xb+ hashfile.txt
Retrieved from "https://beardedmaker.com/wiki/index.php?title=Encryption&oldid=165"