You are to produce a report discussing the vulnerability of weak passwords. In this report, you can briefly explain how passwords are stored and the process of cracking your passwords. You should discuss the different techniques password crackers use. The aim of this lab to understand the complexity required if you are to use a combination of usernames and passwords to login to your systems. Next, you are to look at the login process and make recommendations (see OWASP for authentication cheatsheet). Finally, use a password manager and give your thoughts and recommendations.
In this practical, you will learn how encryption works, and how symmetric and asymmetric (public key) encryption operates so that a body of sensitive information may be transmitted securely across a network.
The traditional use of cryptography was to make messages unreadable to the enemy during wartime. However, the introduction of the computing age changed this perspective dramatically. Through the use of computers, a whole new use for information hiding was evolved. Around the early 1970s, the private sector began to feel the need for cryptographic methods to protect their data. This could include ‘sensitive information’ (corporate secrets), password files, or personal records.
Computer encryption is based on the science of cryptography, which has been used throughout history. Most forms of cryptography these days rely on computers, simply because a human-based code is too easy for a computer to crack. An encryption algorithm, or cipher, is used to encrypt normal text or plaintext. This encrypted text is then known as ciphertext. Trying to regenerate the original plaintext from the ciphertext is known as decryption.
Most computer encryption systems belong in one of two categories:
The encryption key and the decryption key may or may not be the same. When they are the cryptosystem is called a “symmetric key” system; when they are not it is called an “asymmetric key” system. The most widely known instance of an asymmetric cryptosystem is DES (Data Encryption Standard). One of the most widely known implementations of an asymmetric key cryptosystem is RSA.
Round Function, F:
XOR the two inputs and then perform a left circular shift of 1 bit on the result
Subkey generation function:
If we write the 6 bits of the key as b1 b2 b3 b4 b5 b6 then
K1 = b1 b2 b3 b4
K2 = b3 b4 b5 b6
K3 = b2 b3 b4 b5
K4 = b1 b2 b5 b6