Breaking out of crypto authentication

Jan 8, 2022Download as PPTX, PDF0 likes126 views

This document provides an introduction to cryptography concepts including symmetric encryption, asymmetric encryption, hash functions, and common attacks on cryptographic systems. It begins with an introduction of the author and then defines cryptography as the practice of encryption and decryption. It explains the basic concepts of symmetric encryption using the same key for encryption and decryption, asymmetric encryption using public and private key pairs, and hash functions. It provides examples of implementations and uses of these cryptographic methods. Finally, it outlines some common attacks against symmetric, asymmetric cryptography and hash functions.

#WHOAMI
• Mohammed Adam
• Senior Security Engineer in Crossbowlabs
LLP, Bangalore
• Offensive Security Certified Professional
(OSCP)
• Chapter Lead in Null Villupuram
• Acknowledged by top 50+ companies in
Bugbounty Programs like US Dept of
Defense, AT&T, Oppo, Mastercard, Intel,
etc.
• Blogger & Bike rider.

Cryptography
101
What is Cryptography?
Encryption and
Decryption
Types of Cryptography
• Symmetric
• Asymmetric
• Hash Functions
General cryptographic
implementations.
Authentication and
authentication schemas
and attacks against
authentication systems.

Symmetric
Encryption
Same key is used for
encryption and decryption
Encryption
Algorithms
DES
3DES
AES
Key Exchange Problem

Asymmetric Encryption
Also known as Public Key
Cryptography
Two keys are used in the PKC,
public key and private key
A set of keys is associated
with a particular user
The sender encrypts the
message with the receiver’s
public key
The receiver decrypts the
encrypted message with the
private key
PKC Algorithms
DSA
RSA
ECC

Implementations
of hash functions
• The most popular use of hashes is for file identification and storing sensitive
data, like passwords.
• When you create an account on a website your password is converted to hash
and this hash is stored in the server's database.
• So when you login the password that you type in will be converted to a hash,
the server will take it and compare it with the hash in it's database, if it's the
same that means your password is correct and the server will let you in.
• MD5 hashes are also used to ensure the data integrity of files.
• Because the MD5 hashing algorithm always produces the same output for the
same given input, it can be used to compare a hash of the source file with a
newly created hash of the destination file to check that it is intact and
unmodified.

Use of Cryptography
Symmetric
Encryption
• To encrypt
bulk data
• Encryption of
data at rest
Asymmetric
Encryption
• Digital
Signatures
• Key Exchange
• Sensitive data
exchange
Hash Functions
• Password
Storage
• Data Integrity
Checks

Confusion Occurs between encoding and
encrypting ?
Let's say you have an
encrypted file, the only way
to decrypt it is using key.
While encoded data can be
decoded immediately,
without keys.
It's NOT a form of
encryption, it just a way of
representing data.
A very popular encoding is
Base64. Here's how "hi
there" looks with Base64
encoding : aGkgdGhlcmU=

Attacks on Cryptographic Systems
Symmetric
Cryptography
• Known-Plaintext
Attack
• Chosen-Plaintext
Attack
• Differential
Cryptanalysis
• Linear
Cryptanalysis
Asymmetric
Cryptography
• Brute force key
search
• Alteration of
public keys
Hash Functions
• Hash Collisions
• Rainbow table

This document discusses MD5 encryption and its security risks. MD5 uses a 128-bit encryption algorithm, making the possible combinations very large. While it is better than previous algorithms, MD5 is not completely secure due to known flaws that allow exploits. The two main cracking techniques are brute force attacks and collision checking, both of which aim to find ways to decrypt or manipulate the encrypted information without authorization.

Encryption.pptreshmy12

This document provides an introduction to encryption. It defines encryption as the process of converting data into an unrecognizable form. Encryption is important for achieving data security and privacy. It allows users to securely protect passwords, personal data, and ensure files have not been altered. Examples of encryption applications include web browsing, email, and hard drive encryption. The document then describes how encryption works by encrypting a message using an encryption key. It also outlines different encryption methods like hashing, symmetric, and asymmetric encryption.

Kieon secure passwords theory and practice 2011Kieon

The document discusses password security and different methods for storing passwords. It analyzes passwords from a data breach of 32 million passwords and finds that most passwords were very weak. It then discusses various methods for storing passwords like clear text, hashed passwords without salts, hashed passwords with static salts, and hashed passwords with dynamic salts. Hashing passwords with dynamic salts provides the strongest security since each hash is unique and cannot be cracked using rainbow tables. The document concludes that while no database is completely secure, dynamic hashing with salts makes the passwords much harder to steal through automated attacks or by experienced hackers.

Elasticsearch - Scalability and MultitenancyBozhidar Bozhanov

Encryption in the enterpriseBozhidar Bozhanov

Encryption is widely used by companies to secure sensitive data. It comes in different varieties and purposes. There's symmetric vs asymmetric encryption, there's encryption at rest, in transit and in use, there's TDE vs record-level encryption vs column/field level encryption, and then there's key-encryption (wrapping). All of these varieties serve different purposes and use-cases that we review - from the point of view of an infosec person, a sysadmin, a developer and an architect.

UVic Startup Slam September 2014 (Kiind)sendwithus

The document discusses practical cryptography concepts like cryptographic hashing and HMAC. It explains that cryptographic hashes provide integrity by ensuring a message hasn't changed, but don't provide authenticity by themselves. HMAC adds authenticity by using a secret key along with a hash algorithm, so only the key holder can validate a hash. The document then discusses using HMAC for API authentication by including identifying information in JSON Web Tokens (JWTs) along with a signature to validate requests without database lookups. This allows authentication and authorization without initially accessing the database.

Web cryptography javascriptJose Manuel Ortega Candel

The document discusses introducing cryptography concepts from a developer perspective using JavaScript. It covers authentication and encryption methods like AES, RSA, and hashing algorithms. It also discusses browser storage, the Web Cryptography API, cryptography libraries for JavaScript like CryptoJS, encrypting data on servers with Node.js, and tools for analyzing encryption. Practical examples are provided on implementing cryptography in apps.

Overview Of CryptographyManjarul Hoque

Cryptography is a method of securing communication and information by encoding messages in such a way that only authorized parties can access it. It involves encrypting plaintext using an algorithm and key to create ciphertext, which can then be decrypted using the same key. Common uses of cryptography include ensuring data privacy, authenticity, integrity, and non-repudiation. Symmetric key encryption uses the same key for encryption and decryption while asymmetric key encryption uses different public and private keys.

Information and network security 37 hash functions and message authenticationVaibhav Khanna

User And Physical Securityguest648519

Cryptography is used to protect information from unauthorized access and fulfill basic security requirements like confidentiality, integrity, availability, authenticity, and non-repudiation. There are several mechanisms used for this, including symmetric-key cryptography which uses a single key to encrypt and decrypt data and is very fast but requires sharing keys in advance, and public-key cryptography which uses different keys to encrypt and decrypt.

Techniques for password hashing and crackingNipun Joshi

This document discusses techniques for securely storing passwords using hashing and preventing cracking. It recommends using algorithms like bcrypt and PBKDF2 that include salts and key stretching to make passwords very difficult to brute force or dictionary attack by requiring extensive time and computing resources. The document provides examples of hashing best practices and measures organizations and users can take to better protect against leaks and unauthorized access.

php[world] 2016 - Tales From the Crypto: A Cryptography PrimerAdam Englander

Cryptography is a complex and confusing subject. There seems to be more misinformation than actual information. Learn how to properly use cryptography to secure user credentials and sensitive data. We will discuss cryptographic methodologies and algorithms available to PHP. The focus will be on encryption, digital signatures, and hashing. We will discuss methodologies as part of a compare and contrast; based on cryptography strength and randomness.

CiphersAhtesham Husain Shaikh

This document provides an introduction to cipher suites used in TLS/SSL network protocols. It discusses the key components of a cipher suite, including the key exchange algorithm, authentication algorithm, bulk encryption algorithm, and message authentication code algorithm. An example cipher suite is provided to illustrate these components. Vulnerabilities related to cipher suites like SWEET32, POODLE, and BEAST are also mentioned. The document concludes by stating the importance of understanding SSL and TLS to prevent server vulnerabilities from being exploited.

Cantina content based approach to detect phishing websitesthestarlight92

CANTINA is a content-based approach to detecting phishing websites that examines the text-based content of websites along with surface characteristics like the age of the domain and presence of known images. It uses the TF-IDF algorithm to generate lexical signatures of web pages by calculating term frequency-inverse document frequency values for words. It then tests the page by searching for its lexical signature and checking if the domain matches top search results to determine if the page is legitimate or a phishing attempt. The system aims to detect phishing URLs and links to protect users from disclosing personal information on fraudulent websites or through malicious emails.

Class 16Dr. Ajith Sundaram

The document discusses cryptography and its objectives of providing confidentiality, authentication, data integrity, availability, non-repudiation, and access control. It defines basic terminology like plaintext, ciphertext, encryption, decryption, and cryptanalysis. It then covers the history of cryptography from manual ciphers like the Caesar cipher to modern computer-based ciphers like RSA. It also discusses symmetric and asymmetric cryptographic methods and examples of algorithms for each like AES and RSA.

OpenOffice.org Digital Signatures, OOoCon 2004Malte Timmermann

Malte Timmermann, a technical architect at Sun Microsystems, gave a presentation on digital signatures in OpenOffice.org. He discussed why digital signatures are used for authentication, authorization, and verifying document integrity. He then explained the technology behind digital signatures, including hash values, encryption algorithms, and public key certificates. Finally, he covered OpenOffice.org's implementation of digital signatures using XML DSIG and its security framework, and demonstrated features like adding and verifying signatures.

Secure passwords-theory-and-practiceAkash Mahajan

Encryption Adnan Malak

Encryption is a process that converts plain text into cipher text using an encryption algorithm. There are two main types: symmetric encryption which uses a shared secret key for encryption and decryption, and asymmetric encryption which uses a public/private key pair. While symmetric encryption is faster, asymmetric encryption is more secure as the private key is never shared. Encryption is used to provide authentication, privacy, accountability, integrity and security for data across various applications such as e-commerce, banking, defense services and more.

Brute Force Attacks - Finding and Stopping themFlowTraq

Module (Blockchain & Cryptocurrency).pptxBaharAli53

Basic Cryptography.pdfSetiya Nugroho

Cryptography is the study of secure communication techniques. The document provides a high-level overview of basic cryptography concepts including its history, objectives, terminology, and types (symmetric, asymmetric, hash functions). Symmetric cryptography uses a single secret key for encryption and decryption while asymmetric cryptography uses two keys: a public key for encryption and a private key for decryption. Popular symmetric algorithms include AES and RSA. Hash functions like MD5 and SHA are used to verify message integrity. Quantum computing may improve applications like cancer treatment, traffic optimization, and weather forecasting by solving complex optimization problems.

Information Security 05- Encryption.pdfnfaiziikanwal47

Data Security Essentials - JavaOne 2013javagroup2006

This document provides an overview of data security essentials and cryptographic concepts. It discusses motivation for data security, including reputation, business competitiveness, and cloud computing. The agenda includes basic cryptographic concepts like hashes, symmetric and asymmetric cryptography. It also covers secure credential storage, data confidentiality, authentication, and recent trends in cloud data security.

CLOUD COMPUTING AND CRYPTOGRAPHY (1).pptxSylvesterNdegese1

Basics of CRYPTOGRAPHIC techniques applications.pptxSylvesterNdegese1

All details of cryptography and all the topics of cryptography was explainedkhitishKumarSahoo1

Introduction to Network Security presentationkrishkiran2408

CISSP - Chapter 3 - CryptographyKarthikeyan Dhayalan

Cryptography is the science of encrypting and decrypting data using mathematical concepts. It allows sensitive information to be stored or transmitted securely over insecure networks so that only the intended recipient can read it. The key concepts in cryptography include symmetric and asymmetric encryption algorithms, cryptosystems, cryptanalysis, cryptographic primitives like block ciphers and stream ciphers, and elements like keys, initialization vectors, and cryptographic services like confidentiality, integrity, authentication, and non-repudiation. Proper implementation with secure algorithms, large random keys, and protection of actual keys is important for cryptosystem strength.

big data and Iot , its security part ,hoe yoy help thiswarriorshanta

Cryptography is the art and science of securing communication and data by con...kalojo7178

Cryptography is the art and science of securing communication and data by converting plain text into unintelligible ciphertext. It's an essential aspect of cybersecurity and privacy, used in various fields such as finance, government, military, and everyday online communication. At its core, cryptography relies on algorithms and mathematical principles to encrypt and decrypt data securely. There are two main types of cryptographic techniques: symmetric and asymmetric encryption. 1. **Symmetric Encryption**: In symmetric encryption, the same key is used for both encryption and decryption. It's faster and more efficient for large volumes of data. Algorithms like AES (Advanced Encryption Standard) are commonly used for symmetric encryption. 2. **Asymmetric Encryption**: Also known as public-key cryptography, asymmetric encryption uses a pair of keys - public and private. The public key is used for encryption, while the private key is used for decryption. RSA and Elliptic Curve Cryptography (ECC) are popular asymmetric encryption algorithms. Cryptography serves several crucial purposes: - **Confidentiality**: It ensures that only authorized parties can access the information. - **Integrity**: It verifies that the information has not been altered or tampered with during transmission. - **Authentication**: It confirms the identity of the communicating parties. - **Non-repudiation**: It prevents the sender from denying the authenticity of the message. Cryptography also faces challenges, such as the rise of quantum computing which poses a threat to traditional cryptographic methods, prompting the development of quantum-resistant algorithms. Overall, cryptography plays a vital role in protecting sensitive information in today's digital world, enabling secure communication and transactions over the internet.

More Related Content

What's hot (11)

Information and network security 37 hash functions and message authenticationVaibhav Khanna

User And Physical Securityguest648519

Techniques for password hashing and crackingNipun Joshi

php[world] 2016 - Tales From the Crypto: A Cryptography PrimerAdam Englander

CiphersAhtesham Husain Shaikh

Cantina content based approach to detect phishing websitesthestarlight92

Class 16Dr. Ajith Sundaram

OpenOffice.org Digital Signatures, OOoCon 2004Malte Timmermann

Secure passwords-theory-and-practiceAkash Mahajan

Encryption Adnan Malak

Brute Force Attacks - Finding and Stopping themFlowTraq

Information and network security 37 hash functions and message authenticationVaibhav Khanna

User And Physical Securityguest648519

Techniques for password hashing and crackingNipun Joshi

php[world] 2016 - Tales From the Crypto: A Cryptography PrimerAdam Englander

CiphersAhtesham Husain Shaikh

Cantina content based approach to detect phishing websitesthestarlight92

Class 16Dr. Ajith Sundaram

OpenOffice.org Digital Signatures, OOoCon 2004Malte Timmermann

Secure passwords-theory-and-practiceAkash Mahajan

Encryption Adnan Malak

Brute Force Attacks - Finding and Stopping themFlowTraq

Similar to Breaking out of crypto authentication (20)

Module (Blockchain & Cryptocurrency).pptxBaharAli53

Basic Cryptography.pdfSetiya Nugroho

Information Security 05- Encryption.pdfnfaiziikanwal47

Data Security Essentials - JavaOne 2013javagroup2006

CLOUD COMPUTING AND CRYPTOGRAPHY (1).pptxSylvesterNdegese1

Basics of CRYPTOGRAPHIC techniques applications.pptxSylvesterNdegese1

All details of cryptography and all the topics of cryptography was explainedkhitishKumarSahoo1

Introduction to Network Security presentationkrishkiran2408

CISSP - Chapter 3 - CryptographyKarthikeyan Dhayalan

big data and Iot , its security part ,hoe yoy help thiswarriorshanta

Cryptography is the art and science of securing communication and data by con...kalojo7178

Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxukd789555

This document discusses secret key cryptography. Secret key cryptography uses the same key to encrypt and decrypt messages. It provides examples of simple substitution ciphers and discusses algorithms like AES, 3DES, and RC4. The document outlines the uses of secret key cryptography for secure communication when both parties have the shared key. It also discusses the advantages of speed and disadvantages of needing to keep the shared key secret.

CRYPTOGRAPHY and its applications .pptxeveanchalvaj2206

Encryption in phpsana mateen

The document discusses various methods for encrypting and authenticating data in PHP, including: 1. Encrypting data with md5() hash functions, the MCrypt package, and file-based authentication. 2. MCrypt supports two-way encryption algorithms like DES and allows encrypting and decrypting data. 3. File-based authentication parses a text file into an array to authenticate users by comparing hashed passwords.

Sw prezen3pdfs1190088

Encryption is used to secure private information such as credit card details, bank account information, and personal correspondence from unauthorized access. There are different types of encryption including symmetric key encryption where both parties use the same secret key, public key encryption which uses separate keys for encryption and decryption, and TLS which provides security for communications through protocols like SSL. Hash functions are also used for encryption through computing hash values from inputs and incorporating them into algorithms to detect tampering of data.

Track 5 session 2 - st dev con 2016 - security iot best practicesST_World

This document summarizes a presentation on IoT security good practices. It discusses various types of invasive and non-invasive attacks on IoT devices, as well as solutions to improve security such as adding a secure element, using an MCU's security features, and risk management practices. Cryptography methods that can be used for authentication, encryption and integrity are explained. The document also covers topics like secure boot, secure storage, secure communications, and the importance of security over the entire product lifecycle. Recommendations are made to design fortified products, understand risks, use security features and tools, and work with trusted partners.

Sw2 prezen3pdfs1190088

This document discusses different types of encryption used to secure information. It introduces symmetric key encryption, which uses the same key to encrypt and decrypt, and public key encryption, which uses separate keys. It also mentions TLS/SSL protocols for secure communication and hash functions, which are incorporated into algorithms to detect tampering and enable faster data processing and comparison.

Steve Jones - Encrypting DataRed Gate Software

This document provides an overview of encryption in SQL Server, including: - Transparent Data Encryption allows encrypting data at rest on disk for increased security. - Communications can be encrypted using SSL or IPSec to encrypt data in transit. - Hashing provides a way to index and search encrypted data faster than decryption. - SQL Server uses a hierarchy of keys including symmetric, asymmetric, and certificates to manage encryption.

SecuritySri Manakula Vinayagar Engineering College

The document discusses various topics related to cryptography and network security. It defines key terms like cryptography, plaintext, ciphertext, encryption, decryption, symmetric key encryption, public key encryption, hashing, digital signatures, AES, DES, and firewall. It provides details on how symmetric and public key encryption works, the structure and process of AES encryption, key expansion in AES, and implementation aspects of AES on CPUs. The document provides an overview of important concepts and algorithms in cryptography and network security.

Information Security 06- Hashing and Digital Signatures.pdffaiziikanwal47

Module (Blockchain & Cryptocurrency).pptxBaharAli53

Basic Cryptography.pdfSetiya Nugroho

Information Security 05- Encryption.pdfnfaiziikanwal47

Data Security Essentials - JavaOne 2013javagroup2006

CLOUD COMPUTING AND CRYPTOGRAPHY (1).pptxSylvesterNdegese1

Basics of CRYPTOGRAPHIC techniques applications.pptxSylvesterNdegese1

All details of cryptography and all the topics of cryptography was explainedkhitishKumarSahoo1

Introduction to Network Security presentationkrishkiran2408

CISSP - Chapter 3 - CryptographyKarthikeyan Dhayalan

big data and Iot , its security part ,hoe yoy help thiswarriorshanta

Cryptography is the art and science of securing communication and data by con...kalojo7178

Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxukd789555

CRYPTOGRAPHY and its applications .pptxeveanchalvaj2206

Encryption in phpsana mateen

Sw prezen3pdfs1190088

Track 5 session 2 - st dev con 2016 - security iot best practicesST_World

Sw2 prezen3pdfs1190088

Steve Jones - Encrypting DataRed Gate Software

SecuritySri Manakula Vinayagar Engineering College

Information Security 06- Hashing and Digital Signatures.pdffaiziikanwal47

More from Mohammed Adam (20)

Android Penetration Testing - Day 3Mohammed Adam

Android Penetration testing - Day 2Mohammed Adam

Android Penetration Testing - Day 1Mohammed Adam

Wireless Penetration TestingMohammed Adam

Network Penetration TestingMohammed Adam

Basic Foundation For CybersecurityMohammed Adam

Golden Ticket Attack - AD - Domain PersistenceMohammed Adam

Evading Antivirus software for fun and profitMohammed Adam

Introduction to Network FundamentalsMohammed Adam

Cybersecurity Awareness Session by AdamMohammed Adam

Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam

Introduction to null villupuram communityMohammed Adam

Internet securityMohammed Adam

This document discusses internet security and common mistakes people make. It begins by introducing the presenter, Mohammed Adam, and his background in security. It then asks questions to get the reader thinking about how hackers could target them by learning personal details from social media. Several common mistakes are outlined, such as trusting unknown emails, using public Wi-Fi without passwords, downloading untrusted software, and reusing the same password across accounts. The document provides solutions like using unique, strong passwords, updating software, and enabling two-factor authentication. It emphasizes being careful about what personal information is shared online and backing up important data.

BugBounty Roadmap with Mohammed AdamMohammed Adam

Bug bounty roadmap covers various techniques for finding vulnerabilities such as understanding the target application flow, using passive reconnaissance tools to discover assets, hacking with Burp Suite to find bugs like XSS and SQLi, and keeping up with new trends to improve bounty hunting. The presentation emphasizes thorough preparation and research to avoid duplicate reports and better understand the target before launching attacks. It also provides tips for writing high-quality bug reports to build good relationships with security teams.

Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam

This document summarizes a webinar on ethical hacking and cybersecurity. It introduces the speaker as a senior security consultant who has been acknowledged by over 50 companies for bug bounties. It then discusses tools used for scanning and enumeration like Nmap, Nessus, gobuster, and Nikto. It provides examples of commands for these tools and explains how vulnerability scanners work. It also covers topics that will be discussed in the webinar like exploitation and post-exploitation using tools like Metasploit. The document aims to help attendees understand common tools, techniques, and best practices for scanning, enumeration, and vulnerability assessment in an ethical hacking context.

OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam

The document summarizes a webinar on ethical hacking and cybersecurity. It introduces the speaker, Mohammed Adam, and his background. It then outlines the 5 stages of ethical hacking that will be covered: reconnaissance, scanning and enumeration, exploitation, post-exploitation, and clearing tracks. It focuses on the reconnaissance stage, explaining the concepts of open-source intelligence (OSINT) and different types of intelligence like human, geospatial, signals, and open-source intelligence. It provides examples of how OSINT is used in ethical hacking and penetration testing as well as examples of traditional and modern OSINT methods and tools.

Android Application Penetration Testing - Mohammed AdamMohammed Adam

Vulnerability assessment & Penetration testing Basics Mohammed Adam

What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam

SSL is a protocol that allows clients and servers to securely communicate over the internet. It uses public-key encryption to authenticate servers, optionally authenticate clients, and establish an encrypted connection to securely transmit data. The SSL handshake allows the client and server to negotiate encryption parameters to generate shared secrets and session keys, which are then used to encrypt all further communication during the SSL session. Common implementations of SSL include OpenSSL and Apache-SSL.

Network SecurityMohammed Adam

Android Penetration Testing - Day 3Mohammed Adam

Android Penetration testing - Day 2Mohammed Adam

Android Penetration Testing - Day 1Mohammed Adam

Wireless Penetration TestingMohammed Adam

Network Penetration TestingMohammed Adam

Basic Foundation For CybersecurityMohammed Adam

Golden Ticket Attack - AD - Domain PersistenceMohammed Adam

Evading Antivirus software for fun and profitMohammed Adam

Introduction to Network FundamentalsMohammed Adam

Cybersecurity Awareness Session by AdamMohammed Adam

Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam

Introduction to null villupuram communityMohammed Adam

Internet securityMohammed Adam

BugBounty Roadmap with Mohammed AdamMohammed Adam

Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam

OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam

Android Application Penetration Testing - Mohammed AdamMohammed Adam

Vulnerability assessment & Penetration testing Basics Mohammed Adam

What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam

Network SecurityMohammed Adam

Recently uploaded (20)

ELectronics Boards & Product Testing_Shiju.pdfShiju Jacob

15th International Conference on Computer Science, Engineering and Applicatio...IJCSES Journal

Introduction to Zoomlion Earthmoving.pptxAS1920

Data Structures_Searching and Sorting.pptxRushaliDeshmukh2

Artificial Intelligence (AI) basics.pptxaditichinar

railway wheels, descaling after reheating and before forgingJavad Kadkhodapour

MAQUINARIA MINAS CEMA 6th Edition (1).pdfssuser562df4

AI-assisted Software Testing (3-hours tutorial)Vəhid Gəruslu

five-year-soluhhhhhhhhhhhhhhhhhtions.pdfAdityaSharma944496

some basics electrical and electronics knowledgenguyentrungdo88

Reagent dosing (Bredel) presentation.pptxAlejandroOdio

Data Structures_Introduction to algorithms.pptxRushaliDeshmukh2

Concept of Problem Solving, Introduction to Algorithms, Characteristics of Algorithms, Introduction to Data Structure, Data Structure Classification (Linear and Non-linear, Static and Dynamic, Persistent and Ephemeral data structures), Time complexity and Space complexity, Asymptotic Notation - The Big-O, Omega and Theta notation, Algorithmic upper bounds, lower bounds, Best, Worst and Average case analysis of an Algorithm, Abstract Data Types (ADT)

IntroSlides-April-BuildWithAI-VertexAI.pdfLuiz Carneiro

Metal alkyne complexes.pptx in chemistrymee23nu

International Journal of Distributed and Parallel systems (IJDPS)samueljackson3773

The growth of Internet and other web technologies requires the development of new algorithms and architectures for parallel and distributed computing. International journal of Distributed and parallel systems is a bimonthly open access peer-reviewed journal aims to publish high quality scientific papers arising from original research and development from the international community in the areas of parallel and distributed systems. IJDPS serves as a platform for engineers and researchers to present new ideas and system technology, with an interactive and friendly, but strongly professional atmosphere.

Introduction to FLUID MECHANICS & KINEMATICSnarayanaswamygdas

Fluid mechanics is the branch of physics concerned with the mechanics of fluids (liquids, gases, and plasmas) and the forces on them. Originally applied to water (hydromechanics), it found applications in a wide range of disciplines, including mechanical, aerospace, civil, chemical, and biomedical engineering, as well as geophysics, oceanography, meteorology, astrophysics, and biology. It can be divided into fluid statics, the study of various fluids at rest, and fluid dynamics. Fluid statics, also known as hydrostatics, is the study of fluids at rest, specifically when there's no relative motion between fluid particles. It focuses on the conditions under which fluids are in stable equilibrium and doesn't involve fluid motion. Fluid kinematics is the branch of fluid mechanics that focuses on describing and analyzing the motion of fluids, such as liquids and gases, without considering the forces that cause the motion. It deals with the geometrical and temporal aspects of fluid flow, including velocity and acceleration. Fluid dynamics, on the other hand, considers the forces acting on the fluid. Fluid dynamics is the study of the effect of forces on fluid motion. It is a branch of continuum mechanics, a subject which models matter without using the information that it is made out of atoms; that is, it models matter from a macroscopic viewpoint rather than from microscopic. Fluid mechanics, especially fluid dynamics, is an active field of research, typically mathematically complex. Many problems are partly or wholly unsolved and are best addressed by numerical methods, typically using computers. A modern discipline, called computational fluid dynamics (CFD), is devoted to this approach. Particle image velocimetry, an experimental method for visualizing and analyzing fluid flow, also takes advantage of the highly visual nature of fluid flow. Fundamentally, every fluid mechanical system is assumed to obey the basic laws : Conservation of mass Conservation of energy Conservation of momentum The continuum assumption For example, the assumption that mass is conserved means that for any fixed control volume (for example, a spherical volume)—enclosed by a control surface—the rate of change of the mass contained in that volume is equal to the rate at which mass is passing through the surface from outside to inside, minus the rate at which mass is passing from inside to outside. This can be expressed as an equation in integral form over the control volume. The continuum assumption is an idealization of continuum mechanics under which fluids can be treated as continuous, even though, on a microscopic scale, they are composed of molecules. Under the continuum assumption, macroscopic (observed/measurable) properties such as density, pressure, temperature, and bulk velocity are taken to be well-defined at "infinitesimal" volume elements—small in comparison to the characteristic length scale of the system, but large in comparison to molecular length scale

Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Journal of Soft Computing in Civil Engineering

Analysis of reinforced concrete deep beam is based on simplified approximate method due to the complexity of the exact analysis. The complexity is due to a number of parameters affecting its response. To evaluate some of this parameters, finite element study of the structural behavior of the reinforced self-compacting concrete deep beam was carried out using Abaqus finite element modeling tool. The model was validated against experimental data from the literature. The parametric effects of varied concrete compressive strength, vertical web reinforcement ratio and horizontal web reinforcement ratio on the beam were tested on eight (8) different specimens under four points loads. The results of the validation work showed good agreement with the experimental studies. The parametric study revealed that the concrete compressive strength most significantly influenced the specimens’ response with the average of 41.1% and 49 % increment in the diagonal cracking and ultimate load respectively due to doubling of concrete compressive strength. Although the increase in horizontal web reinforcement ratio from 0.31 % to 0.63 % lead to average of 6.24 % increment on the diagonal cracking load, it does not influence the ultimate strength and the load-deflection response of the beams. Similar variation in vertical web reinforcement ratio leads to an average of 2.4 % and 15 % increment in cracking and ultimate load respectively with no appreciable effect on the load-deflection response.

The Gaussian Process Modeling Module in UQLabJournal of Soft Computing in Civil Engineering

We introduce the Gaussian process (GP) modeling module developed within the UQLab software framework. The novel design of the GP-module aims at providing seamless integration of GP modeling into any uncertainty quantification workflow, as well as a standalone surrogate modeling tool. We first briefly present the key mathematical tools on the basis of GP modeling (a.k.a. Kriging), as well as the associated theoretical and computational framework. We then provide an extensive overview of the available features of the software and demonstrate its flexibility and user-friendliness. Finally, we showcase the usage and the performance of the software on several applications borrowed from different fields of engineering. These include a basic surrogate of a well-known analytical benchmark function; a hierarchical Kriging example applied to wind turbine aero-servo-elastic simulations and a more complex geotechnical example that requires a non-stationary, user-defined correlation function. The GP-module, like the rest of the scientific code that is shipped with UQLab, is open source (BSD license).

Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxMahaveerVPandit

Compiler Design Unit1 PPT Phases of Compiler.pptxRushaliDeshmukh2

ELectronics Boards & Product Testing_Shiju.pdfShiju Jacob

15th International Conference on Computer Science, Engineering and Applicatio...IJCSES Journal

Introduction to Zoomlion Earthmoving.pptxAS1920

Data Structures_Searching and Sorting.pptxRushaliDeshmukh2

Artificial Intelligence (AI) basics.pptxaditichinar

railway wheels, descaling after reheating and before forgingJavad Kadkhodapour

MAQUINARIA MINAS CEMA 6th Edition (1).pdfssuser562df4

AI-assisted Software Testing (3-hours tutorial)Vəhid Gəruslu

five-year-soluhhhhhhhhhhhhhhhhhtions.pdfAdityaSharma944496

some basics electrical and electronics knowledgenguyentrungdo88

Reagent dosing (Bredel) presentation.pptxAlejandroOdio

Data Structures_Introduction to algorithms.pptxRushaliDeshmukh2

IntroSlides-April-BuildWithAI-VertexAI.pdfLuiz Carneiro

Metal alkyne complexes.pptx in chemistrymee23nu

International Journal of Distributed and Parallel systems (IJDPS)samueljackson3773

Introduction to FLUID MECHANICS & KINEMATICSnarayanaswamygdas

Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Journal of Soft Computing in Civil Engineering

The Gaussian Process Modeling Module in UQLabJournal of Soft Computing in Civil Engineering

Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxMahaveerVPandit

Compiler Design Unit1 PPT Phases of Compiler.pptxRushaliDeshmukh2

Breaking out of crypto authentication

1. Breaking out of Crypto Authentication

2. #WHOAMI • Mohammed Adam • Senior Security Engineer in Crossbowlabs LLP, Bangalore • Offensive Security Certified Professional (OSCP) • Chapter Lead in Null Villupuram • Acknowledged by top 50+ companies in Bugbounty Programs like US Dept of Defense, AT&T, Oppo, Mastercard, Intel, etc. • Blogger & Bike rider.

3. Cryptography 101 What is Cryptography? Encryption and Decryption Types of Cryptography • Symmetric • Asymmetric • Hash Functions General cryptographic implementations. Authentication and authentication schemas and attacks against authentication systems.

4. Symmetric Encryption Same key is used for encryption and decryption Encryption Algorithms DES 3DES AES Key Exchange Problem

6. Asymmetric Encryption Also known as Public Key Cryptography Two keys are used in the PKC, public key and private key A set of keys is associated with a particular user The sender encrypts the message with the receiver’s public key The receiver decrypts the encrypted message with the private key PKC Algorithms DSA RSA ECC

8. Hash Functions

9. Implementations of hash functions • The most popular use of hashes is for file identification and storing sensitive data, like passwords. • When you create an account on a website your password is converted to hash and this hash is stored in the server's database. • So when you login the password that you type in will be converted to a hash, the server will take it and compare it with the hash in it's database, if it's the same that means your password is correct and the server will let you in. • MD5 hashes are also used to ensure the data integrity of files. • Because the MD5 hashing algorithm always produces the same output for the same given input, it can be used to compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.

10. Use of Cryptography Symmetric Encryption • To encrypt bulk data • Encryption of data at rest Asymmetric Encryption • Digital Signatures • Key Exchange • Sensitive data exchange Hash Functions • Password Storage • Data Integrity Checks

11. Confusion Occurs between encoding and encrypting ? Let's say you have an encrypted file, the only way to decrypt it is using key. While encoded data can be decoded immediately, without keys. It's NOT a form of encryption, it just a way of representing data. A very popular encoding is Base64. Here's how "hi there" looks with Base64 encoding : aGkgdGhlcmU=

12. Attacks on Cryptographic Systems Symmetric Cryptography • Known-Plaintext Attack • Chosen-Plaintext Attack • Differential Cryptanalysis • Linear Cryptanalysis Asymmetric Cryptography • Brute force key search • Alteration of public keys Hash Functions • Hash Collisions • Rainbow table

13. Thankyou ! @iam_amdadam mohammedadam24

Breaking out of crypto authentication

Recommended

More Related Content

What's hot (11)

Similar to Breaking out of crypto authentication (20)

More from Mohammed Adam (20)

Recently uploaded (20)

Breaking out of crypto authentication