项目作者: holoubekm

项目描述 :
高级语言: C++
项目地址: git://github.com/holoubekm/BI-BEZ.git
创建时间: 2018-03-24T12:57:15Z
项目社区:https://github.com/holoubekm/BI-BEZ

开源协议:Apache License 2.0

下载


BI-BEZ Course v2014

Bezpečnost

CTU / ČVUT FIT

Bonuses

Bonus 1

The first bonus task was to show how the birthday paradox works. You can select number of iterations the program will use.

  1. cd bonus_1
  2. make && ./paradox 10000

Bonus 2

The second bonus was about attacking on a stream cipher. It simply takes two encrypted strings moves one of them along and tries to stop when readable word is detected.

  1. make && ./stream

Labs

Lab 2

The first part located in ukol1.cpp tries to find SHA256 collision in the first 2 bytes. The input clear text is systematically generated and output is matched against two hardcoded values.

The second task shown, that stream cipher applied twice with the same config has no security at all. It was easy to xor those two outputs and effiently get unencrypted output.

Basic idea:

  1. in_1 = "......."
  2. in_2 = "......."
  3. cipher_stream = RC4_GetStream();
  4. #The same stream used twice
  5. out_1 = bytewise_xor(in_1, cipher_stream)
  6. out_2 = bytewise_xor(in_2, cipher_stream)
  7. #We know this, because `xor` will remove the cipher_stream
  8. #Now there is not secrecy
  9. bytewise_xor(in_1, in_2) == bytewise_xor(out_1, out_2)

Lab 3

This lab show different properties of block ciphers in different set-ups. The bmp image of Homer Simpson was disected and split into image header and data. Image data was encrypted and the results merged. Now we have different images encrypted with different setups. Given this we can easily (okometricky) compare the quality of encryption.

Encryption combinations

  1. CBC-ENCRYPTION
  2. CBC-DECRYPTION
  3. ECB-ENCRYPTION
  4. ECB-DECRYPTION

Lab 4

Is about assymetric cryptography. You can encrypt and decrypt file using private and public keys.

Lab 5

Program opens SSL connection to a hardcoded webserver and downloads it’s certificate to the local pem file.

Lab 6

Program opens SSL connection to a hardcoded webserver and lists server capabilities concerning security suits and configs.