LINUX NAVIGATIONAL

COMMANDS AND
CRYPTOGRAPHY
DABUDZ
LINUX OFFERS AN ALTERNATIVE TO THE USUAL WINDOWS
AND ICONS. THE TERMINAL MIGHT SEEM DIFFERENT AT
FIRST, RELYING ON TEXT COMMANDS INSTEAD OF A
MOUSE. BUT THIS SIMPLICITY HOLDS IMMENSE POWER.
DIFFERENCE BETWEEN
WINDOWS AND LINUX
FILE SYSTEM
PWD (PRINT WORKING DIRECTORY)
LS (LIST FILES AND DIRECTORIES)
 CD (CHANGE DIRECTORY)
• THE CD COMMAND IS USED TO MOVE BETWEEN
FOLDERS. YOU CAN TELL IT EXACTLY WHICH
FOLDER YOU WANT TO GO TO (LIKE GIVING IT AN
ADDRESS), OR YOU CAN USE SHORTCUTS TO GET
AROUND. LET'S LOOK INTO BOTH THE METHODS.
• MOVING AROUND NEARBY FOLDER
• IF YOU WANT TO MOVE INTO A FOLDER THAT'S WITHIN THE ONE YOU'RE
ALREADY IN, YOU CAN JUST USE ITS NAME. FOR INSTANCE, IF YOU'RE IN YOUR
HOME DIRECTORY AND WANT TO REACH DOWNLOADS.

• CD [DIRECTORY NAME]
• CD DOWNLOADS
• GOING TO A SPECIFIC FOLDER
• IMAGINE TELLING SOMEONE THE FULL ADDRESS TO FIND YOUR HOUSE.
SIMILARLY, YOU CAN DO THE SAME BY GIVING THE COMPLETE PATH TO THE
FOLDER. FOR EXAMPLE, YOU WANT TO ACCESS THE DOCUMENTS FOLDER
INSIDE THE USERNAME FOLDER.

• CD [DIRECTORY PATH]
• CD /HOME/USERNAME/DOCUMENTS
MKDIR (MAKE DIRECTORY)
 RMDIR (REMOVE EMPTY DIRECTORY)
• THE RMDIR COMMAND, SHORT FOR "REMOVE DIRECTORY," ENABLES YOU TO
DELETE EMPTY DIRECTORIES. THIS IS USEFUL FOR CLEANING UP UNUSED
FOLDERS AND MAINTAINING A STREAMLINED FILE SYSTEM.

• THE SYNTAX FOR RMDIR IS:

• RMDIR [DIRECTORY_NAME]
• NOTE: RMDIR CAN ONLY DELETE EMPTY DIRECTORIES.
 CP (COPY)
• THE CP COMMAND ACTS LIKE A DUPLICATOR, CREATING A COPY OF A FILE IN A
NEW LOCATION.

• CP [SOURCE_FILE] [LOCATION]
• FOR INSTANCE, TO COPY "IMAGE.JPG" FROM

DOWNLOADS TO PICTURES WHILE KEEPING THE ORIGINAL, YOU'D USE

• CP ~/DOWNLOADS/IMAGE.JPG ~/PICTURES
 MV (MOVE)
• THE MV COMMAND IS LIKE A HANDY MOVER, ALLOWING YOU TO RELOCATE
FILES FROM ONE FOLDER TO ANOTHER.

• MV [SOURCE_FILE] [LOCATION]
• FOR INSTANCE, TO MOVE A FILE NAMED "IMAGE.JPG" FROM YOUR DOWNLOADS
FOLDER TO DOCUMENTS, YOU'D USE

• MV ~/DOWNLOADS/IMAGE.JPG ~/PICTURES
 CRYPTOGRAPHY
• CRYPTOGRAPHY IS THE PROCESS OF HIDING OR CODING INFORMATION SO THAT ONLY
THE PERSON A MESSAGE WAS INTENDED FOR CAN READ IT. THE ART OF
CRYPTOGRAPHY HAS BEEN USED TO CODE MESSAGES FOR THOUSANDS OF YEARS
AND CONTINUES TO BE USED IN BANK CARDS, COMPUTER PASSWORDS, AND
ECOMMERCE.

• CRYPTOGRAPHY CAN BE TRACED ALL THE WAY BACK TO ANCIENT EGYPTIAN

HIEROGLYPHICS BUT REMAINS VITAL TO SECURING COMMUNICATION AND
INFORMATION IN TRANSIT AND PREVENTING IT FROM BEING READ BY UNTRUSTED
PARTIES. IT USES ALGORITHMS AND MATHEMATICAL CONCEPTS TO TRANSFORM
MESSAGES INTO DIFFICULT-TO-DECIPHER CODES THROUGH TECHNIQUES LIKE
CRYPTOGRAPHIC KEYS AND DIGITAL SIGNING TO PROTECT DATA PRIVACY, CREDIT
CARD TRANSACTIONS, EMAIL, AND WEB BROWSING.
THE IMPORTANCE OF CRYPTOGRAPHY

• CRYPTOGRAPHY REMAINS IMPORTANT TO

PROTECTING DATA AND USERS, ENSURING
CONFIDENTIALITY, AND PREVENTING CYBER
CRIMINALS FROM INTERCEPTING SENSITIVE
CORPORATE INFORMATION.
 PRIVACY AND CONFIDENTIALITY
• INDIVIDUALS AND ORGANIZATIONS USE CRYPTOGRAPHY ON A DAILY BASIS TO PROTECT
THEIR PRIVACY AND KEEP THEIR CONVERSATIONS AND DATA CONFIDENTIAL.
CRYPTOGRAPHY ENSURES CONFIDENTIALITY BY ENCRYPTING SENT MESSAGES USING AN
ALGORITHM WITH A KEY ONLY KNOWN TO THE SENDER AND RECIPIENT. A COMMON
EXAMPLE OF THIS IS THE MESSAGING TOOL WHATSAPP, WHICH ENCRYPTS CONVERSATIONS
BETWEEN PEOPLE TO ENSURE THEY CANNOT BE HACKED OR INTERCEPTED.

• CRYPTOGRAPHY ALSO SECURES BROWSING, SUCH AS WITH VIRTUAL PRIVATE NETWORKS

(VPNS), WHICH USE ENCRYPTED TUNNELS, ASYMMETRIC ENCRYPTION, AND PUBLIC AND
PRIVATE SHARED KEYS.
 AUTHENTICATION
INTEGRITY
• SIMILAR TO HOW CRYPTOGRAPHY CAN CONFIRM THE AUTHENTICITY OF A MESSAGE, IT CAN ALSO
PROVE THE INTEGRITY OF THE INFORMATION BEING SENT AND RECEIVED. CRYPTOGRAPHY ENSURES
INFORMATION IS NOT ALTERED WHILE IN STORAGE OR DURING TRANSIT BETWEEN THE SENDER AND
THE INTENDED RECIPIENT. FOR EXAMPLE, DIGITAL SIGNATURES CAN DETECT FORGERY OR
TAMPERING IN SOFTWARE DISTRIBUTION AND FINANCIAL TRANSACTIONS.

NONREPUDIATION
• CRYPTOGRAPHY CONFIRMS ACCOUNTABILITY AND RESPONSIBILITY FROM THE SENDER OF A
MESSAGE, WHICH MEANS THEY CANNOT LATER DENY THEIR INTENTIONS WHEN THEY CREATED OR
TRANSMITTED INFORMATION. DIGITAL SIGNATURES ARE A GOOD EXAMPLE OF THIS, AS THEY ENSURE
A SENDER CANNOT CLAIM A MESSAGE, CONTRACT, OR DOCUMENT THEY CREATED TO BE
FRAUDULENT. FURTHERMORE, IN EMAIL NONREPUDIATION, EMAIL TRACKING MAKES SURE THE
SENDER CANNOT DENY SENDING A MESSAGE AND A RECIPIENT CANNOT DENY RECEIVING IT.
 KEY EXCHANGE

• KEY EXCHANGE IS THE METHOD USED

TO SHARE CRYPTOGRAPHIC KEYS
BETWEEN A SENDER AND THEIR
RECIPIENT
 TYPES OF CRYPTOGRAPHIC
ALGORITHMS

• THERE ARE MANY TYPES OF CRYPTOGRAPHIC

ALGORITHMS AVAILABLE. THEY VARY IN
COMPLEXITY AND SECURITY, DEPENDING ON THE
TYPE OF COMMUNICATION AND THE SENSITIVITY
OF THE INFORMATION BEING SHARED.
 SECRET KEY CRYPTOGRAPHY

• SECRET KEY CRYPTOGRAPHY, ALSO KNOWN AS

SYMMETRIC ENCRYPTION, USES A SINGLE KEY
TO ENCRYPT AND DECRYPT A MESSAGE. THE
SENDER ENCRYPTS THE PLAINTEXT MESSAGE
USING THE KEY AND SENDS IT TO THE
RECIPIENT WHO THEN USES THE SAME KEY TO
DECRYPT IT AND UNLOCK THE ORIGINAL
PLAINTEXT MESSAGE.
 STREAM CIPHERS
• STREAM CIPHERS WORK ON A SINGLE BIT OR BYTE AT ANY TIME AND
CONSTANTLY CHANGE THE KEY USING FEEDBACK MECHANISMS. A SELF-
SYNCHRONIZING STREAM CIPHER ENSURES THE DECRYPTION PROCESS
STAYS IN SYNC WITH THE ENCRYPTION PROCESS BY RECOGNIZING
WHERE IT SITS IN THE BIT KEYSTREAM. A SYNCHRONOUS STREAM
CIPHER GENERATES THE KEYSTREAM INDEPENDENTLY OF THE MESSAGE
STREAM AND GENERATES THE SAME KEYSTREAM FUNCTION AT BOTH THE
SENDER AND THE RECEIVER.
 BLOCK CIPHERS

• BLOCK CIPHERS ENCRYPT ONE BLOCK OF FIXED-SIZE DATA AT A TIME. IT WILL

ALWAYS ENCRYPT A PLAINTEXT DATA BLOCK TO THE SAME CIPHERTEXT
WHEN THE SAME KEY IS USED. A GOOD EXAMPLE OF THIS IS THE FEISTEL
CIPHER, WHICH USES ELEMENTS OF KEY EXPANSION, PERMUTATION, AND
SUBSTITUTION TO CREATE VAST CONFUSION AND DIFFUSION IN THE CIPHER.
• THE STAGES OF ENCRYPTION AND DECRYPTION ARE SIMILAR IF NOT
IDENTICAL, WHICH MEANS REVERSING THE KEY REDUCES THE CODE SIZE
AND CIRCUITRY REQUIRED FOR IMPLEMENTING THE CIPHER IN A PIECE OF
SOFTWARE OR HARDWARE.
 PUBLIC KEY CRYPTOGRAPHY
• PUBLIC KEY CRYPTOGRAPHY (PKC), OR ASYMMETRIC
CRYPTOGRAPHY, USES MATHEMATICAL FUNCTIONS TO CREATE
CODES THAT ARE EXCEPTIONALLY DIFFICULT TO CRACK. IT ENABLES
PEOPLE TO COMMUNICATE SECURELY OVER A NONSECURE
COMMUNICATIONS CHANNEL WITHOUT THE NEED FOR A SECRET
KEY. FOR EXAMPLE, PROXY RE-ENCRYPTION ENABLES A PROXY
ENTITY TO RE-ENCRYPT DATA FROM ONE PUBLIC KEY TO ANOTHER
WITHOUT REQUIRING ACCESS TO THE PLAINTEXT OR PRIVATE KEYS
 RSA
• RSA WAS THE FIRST AND REMAINS THE MOST COMMON PKC
IMPLEMENTATION. THE ALGORITHM IS NAMED AFTER ITS MIT
MATHEMATICIAN DEVELOPERS, RONALD RIVEST, ADI SHAMIR, AND
LEONARD ADLEMAN, AND IS USED IN DATA ENCRYPTION, DIGITAL
SIGNATURES, AND KEY EXCHANGES. IT USES A LARGE NUMBER
THAT IS THE RESULT OF FACTORING TWO SELECTED PRIME
NUMBERS. IT IS IMPOSSIBLE FOR AN ATTACKER TO WORK OUT THE
PRIME FACTORS, WHICH MAKES RSA ESPECIALLY SECURE.
 ELIPTIC CURVE CRYPTOGRAPHY (ECC)

• ECC IS A PKC ALGORITHM BASED ON THE USE OF

ELLIPTIC CURVES IN CRYPTOGRAPHY. IT IS DESIGNED
FOR DEVICES WITH LIMITED COMPUTING POWER OR
MEMORY TO ENCRYPT INTERNET TRAFFIC. A COMMON
USE OF ECC IS IN EMBEDDED COMPUTERS,
SMARTPHONES, AND CRYPTOCURRENCY NETWORKS
LIKE BITCOIN, WHICH CONSUMES AROUND 10% OF THE
STORAGE SPACE AND BANDWIDTH THAT RSA
DIGITAL SIGNATURE ALGORITHM (DSA)

• DSA IS A STANDARD THAT ENABLES DIGITAL

SIGNATURES TO BE USED IN MESSAGE
AUTHENTICATION. IT WAS INTRODUCED BY THE
NATIONAL INSTITUTE OF STANDARDS AND
TECHNOLOGY (NIST) IN 1991 TO ENSURE A BETTER
METHOD FOR CREATING DIGITAL SIGNATURES.
 IDENTITY-BASED ENCRYPTION (IBE)
• IBE IS A PKC SYSTEM THAT ENABLES THE PUBLIC KEY
TO BE CALCULATED FROM UNIQUE INFORMATION
BASED ON THE USER’S IDENTITY, SUCH AS THEIR
EMAIL ADDRESS. A TRUSTED THIRD PARTY OR PRIVATE
KEY GENERATOR THEN USES A CRYPTOGRAPHIC
ALGORITHM TO CALCULATE A CORRESPONDING
PRIVATE KEY. THIS ENABLES USERS TO CREATE THEIR
OWN PRIVATE KEYS WITHOUT WORRYING ABOUT
DISTRIBUTING PUBLIC KEYS.
 PUBLIC KEY CRYPTOGRAPHY
•
STANDARDS (PKCS)
ALL PKC ALGORITHMS AND USAGE ARE GOVERNED BY A SET OF STANDARDS AND GUIDELINES
DESIGNED BY RSA DATA SECURITY. THESE ARE AS FOLLOWS:
• PKCS #1 OR RFC 8017: RSA CRYPTOGRAPHY STANDARD
• PKCS #3: DIFFIE-HELLMAN KEY AGREEMENT STANDARD
• PKCS #5 AND PKCS #5 V2.1 OR RFC 8018: PASSWORD-BASED CRYPTOGRAPHY STANDARD
• PKCS #6: EXTENDED-CERTIFICATE SYNTAX STANDARD (BEING REPLACED BY X.509V3)
• PKCS #7 OR RFC 2315: CRYPTOGRAPHIC MESSAGE SYNTAX STANDARD
• PKCS #8 OR RFC 5958: PRIVATE KEY INFORMATION SYNTAX STANDARD
• PKCS #9 OR RFC 2985: SELECTED ATTRIBUTE TYPES
 PUBLIC KEY CRYPTOGRAPHY
STANDARDS (PKCS)

• PKCS #10 OR RFC 2986: CERTIFICATION REQUEST SYNTAX STANDARD

• PKCS #11: CRYPTOGRAPHIC TOKEN INTERFACE STANDARD
• PKCS #12 OR RFC 7292: PERSONAL INFORMATION EXCHANGE SYNTAX
STANDARD
• PKCS #13: ELLIPTIC CURVE CRYPTOGRAPHY STANDARD
• PKCS #14: PSEUDORANDOM NUMBER GENERATION STANDARD
• PKCS #15: CRYPTOGRAPHIC TOKEN INFORMATION FORMAT STANDARD
 DIFFIE-HELLMAN AND KEY EXCHANGE
ALGORITHM (KEA)

• THE DIFFIE-HELLMAN ALGORITHM WAS DEVISED IN 1976 BY STANFORD

UNIVERSITY PROFESSOR MARTIN HELLMAN AND HIS GRADUATE STUDENT
WHITFIELD DIFFIE, WHO ARE CONSIDERED TO BE RESPONSIBLE FOR
INTRODUCING PKC AS A CONCEPT. IT IS USED FOR SECRET KEY EXCHANGES
AND REQUIRES TWO PEOPLE TO AGREE ON A LARGE PRIME NUMBER.
• KEA IS A VARIATION OF THE DIFFIE-HELLMAN ALGORITHM AND WAS
PROPOSED AS A METHOD FOR KEY EXCHANGE IN THE NIST/NATIONAL
SECURITY AGENCY’S (NSA) CAPSTONE PROJECT, WHICH DEVELOPED
CRYPTOGRAPHY STANDARDS FOR PUBLIC AND GOVERNMENT USE.
 HASH FUNCTION

• HASH FUNCTIONS ENSURE THAT DATA INTEGRITY IS MAINTAINED IN THE

ENCRYPTION AND DECRYPTION PHASES OF CRYPTOGRAPHY. IT IS ALSO USED
IN DATABASES SO THAT ITEMS CAN BE RETRIEVED MORE QUICKLY.
• HASHING IS THE PROCESS OF TAKING A KEY AND MAPPING IT TO A SPECIFIC
VALUE, WHICH IS THE HASH OR HASH VALUE. A HASH FUNCTION
TRANSFORMS A KEY OR DIGITAL SIGNATURE, THEN THE HASH VALUE AND
SIGNATURE ARE SENT TO THE RECEIVER, WHO USES THE HASH FUNCTION
TO GENERATE THE HASH VALUE AND COMPARE IT WITH THE ONE THEY
RECEIVED IN THE MESSAGE.
 HASH FUNCTION

• A COMMON HASH FUNCTION IS FOLDING, WHICH TAKES A VALUE AND

DIVIDES IT INTO SEVERAL PARTS, ADDS PARTS, AND USES THE LAST FOUR
REMAINING DIGITS AS THE KEY OR HASHED VALUE. ANOTHER IS DIGIT
REARRANGEMENT, WHICH TAKES SPECIFIC DIGITS IN THE ORIGINAL VALUE,
REVERSES THEM, AND USES THE REMAINING NUMBER AS THE HASH VALUE.
EXAMPLES OF HASH FUNCTION TYPES INCLUDE SECURE HASH ALGORITHM 1
(SHA-1), SHA-2, AND SHA-3.
 TYPES OF CRYPTOGRAPHIC KEY
ATTACKS AND RISKS
• WHAT ARE CRYPTOGRAPHIC KEY ATTACKS? MODERN
CRYPTOGRAPHIC KEY TECHNIQUES ARE INCREASINGLY
ADVANCED AND OFTEN EVEN CONSIDERED
UNBREAKABLE. HOWEVER, AS MORE ENTITIES RELY ON
CRYPTOGRAPHY TO PROTECT COMMUNICATIONS AND
DATA, IT IS VITAL TO KEEP KEYS SECURE. ONE
COMPROMISED KEY COULD RESULT IN REGULATORY
ACTION, FINES AND PUNISHMENTS, REPUTATIONAL
DAMAGE, AND THE LOSS OF CUSTOMERS AND
INVESTORS.
WEAK KEYS
• KEYS ARE ESSENTIALLY RANDOM NUMBERS THAT BECOME MORE DIFFICULT TO CRACK
THE LONGER THE NUMBER IS. KEY STRENGTH AND LENGTH NEED TO BE RELATIVE TO
THE VALUE OF THE DATA IT PROTECTS AND THE LENGTH OF TIME THAT DATA NEEDS TO
BE PROTECTED. KEYS SHOULD BE CREATED WITH A HIGH-QUALITY, CERTIFIED RANDOM
NUMBER GENERATOR THAT COLLECTS ENTROPY—THE INFORMATION DENSITY OF A
FILE IN BITS OR CHARACTERS—FROM SUITABLE HARDWARE NOISE SOURCES.
INCORRECT USE OF KEYS
• WHEN KEYS ARE USED IMPROPERLY OR ENCODED POORLY, IT BECOMES EASIER FOR A
HACKER TO CRACK WHAT SHOULD HAVE BEEN A HIGHLY SECURE KEY.
REUSE OF KEYS
• EVERY KEY SHOULD ONLY BE GENERATED FOR A SPECIFIC SINGLE-USE
ENCRYPT/DECRYPT PURPOSE, AND USE BEYOND THAT MAY NOT OFFER THE LEVEL OF
PROTECTION REQUIRED.
NON-ROTATION OF KEYS
• KEYS THAT ARE OVERUSED, SUCH AS ENCRYPTING TOO MUCH DATA ON A KEY, BECOME
VULNERABLE TO ATTACKS. THIS IS PARTICULARLY THE CASE WITH OLDER CIPHERS AND
COULD RESULT IN DATA BEING EXPOSED. KEYS NEED TO BE ROTATED, RENEWED, AND
UPDATED WHEN APPROPRIATE.
INAPPROPRIATE STORAGE OF KEYS
• STORING KEYS ALONGSIDE THE INFORMATION THEY HAVE BEEN CREATED TO PROTECT
INCREASES THEIR CHANCES OF BEING COMPROMISED. FOR EXAMPLE, KEYS STORED ON A
DATABASE OR SERVER THAT GETS BREACHED COULD ALSO BE COMPROMISED WHEN THE
DATA IS EXFILTRATED.
INADEQUATE PROTECTION OF KEYS
• HUGE CYBERATTACKS LIKE MELTDOWN/SPECTRE AND HEARTBLEED HAVE BEEN CAPABLE OF
EXPOSING CRYPTOGRAPHIC KEYS STORED IN SERVER MEMORY. THEREFORE, STORED KEYS
MUST BE ENCRYPTED AND ONLY MADE AVAILABLE UNENCRYPTED WHEN PLACED WITHIN
SECURE, TAMPER-PROTECTED ENVIRONMENTS, OR EVEN KEPT OFFLINE.
INSECURE MOVEMENT OF KEYS
• MOVING KEYS BETWEEN SYSTEMS SHOULD ONLY OCCUR WHEN THE KEY IS ENCRYPTED OR
WRAPPED UNDER AN ASYMMETRIC OR SYMMETRIC PRE-SHARED TRANSPORT KEY. IF THIS IS
NOT POSSIBLE, THEN THE KEY MUST BE SPLIT UP INTO MULTIPLE PARTS THAT ARE KEPT
SEPARATE, RE-ENTERED INTO THE TARGET SYSTEM, THEN DESTROYED.
INSIDER THREATS (USER AUTHENTICATION, DUAL CONTROL, AND SEGREGATION OF
ROLES)
• INSIDER THREATS ARE ONE OF THE MOST SERIOUS THREATS POSED TO ANY KEY. THIS IS
MOST LIKELY TO OCCUR THROUGH A ROGUE EMPLOYEE HAVING ACCESS TO A KEY, THEN
USING IT FOR MALICIOUS PURPOSES OR GIVING OR SELLING IT TO A HACKER OR THIRD
PARTY.
LACK OF RESILIENCE
• RESILIENCE IS VITAL TO PROTECTING THE AVAILABILITY, CONFIDENTIALITY, AND INTEGRITY
OF KEYS. ANY KEY THAT SUFFERS A FAULT WITH NO BACKUP RESULTS IN THE DATA THE KEY
PROTECTS BEING LOST OR INACCESSIBLE.
LACK OF AUDIT LOGGING
• KEY LIFE CYCLES MUST BE LOGGED AND RECORDED IN FULL TO ENSURE ANY
COMPROMISE CAN BE TRACKED AND ENABLE SUBSEQUENT INVESTIGATIONS
TO OCCUR SMOOTHLY.
MANUAL KEY MANAGEMENT PROCESSES
• RECORDING KEY MANAGEMENT PROCESSES MANUALLY ON PAPER OR
SPREADSHEETS RUNS THE RISK OF HUMAN ERROR AND MAKES THE KEYS
HIGHLY VULNERABLE TO ATTACK OR THEFT.
PREPARE FOR AN ACTIVITY NEXT MEETING….