Hexcellents CTF Wiki

Symmetrical ciphers

Modern ciphers

Block ciphers

  • DES
    • Key size: 7 bytes. Block size: 8 bytes
  • 3DES
    • Key size: 7, 14 or 21 bytes. Block size: 8 bytes
  • AES
    • Key size: 16, 24 or 32 bytes. Block size: 16 bytes
  • IDEA
    • Key size: 16 bytes. Block size: 8 bytes

Stream ciphers

  • RC4
    • E_RC4(key, plaintext) = ciphertext; E_RC4(key,ciphertext) = plaintext

Block ciphers in general

  • ECB mode (Electronic Code Book)
    • Each block is encrypted separately: C_1 = E( k, P_1); C_2 = E(k, P_2), etc.
    • ECB can be brute forced if some plain text blocks are known
    • Large images encrypted with ECB can be “visually decrypted”


  • CBC mode (Cipher block chaining)
    • Uses an Initialisation Vector (IV) block viewed as C_0 (note that the IV is in general not seen by the attacker)
    • Each block is sequentially xored with the previous block C_1=E(k, P_1 XOR IV); C_2 = E(k, P_2 XOR C1); etc.
    • As ECB, a plaintext block must be known for brute forcing. However do not use the first block as the IV is unknown.
  • CTR mode
    • Uses an IV that is incremented for each block: C_1 = E(k, P_1 XOR IV); C_2 = E(k, P_2 XOR (IV+1))
    • Possible attacks
      1. if IV is initialised with all zero bytes
      2. if the counter is reset or not incremented (for example in an encrypted conversation between two parties)
      3. if there are more blocks than 2^(block size in bits) (usually unfeasible)
  • OFB mode
  • Padding
    • ECB and CBC require padding of the last block
    • There are two main types of padding: null bytes (disadvantage: length of original message becomes ambiguous if it wasn't text) and length padding (PKCS7) which is more common.
    • Padding oracle attacks
      • These use the fact that after block decryption, if the last byte is N then the last N bytes must be equal to N. Using the encryption and decryption properties of the cipher a brute force attack can be launched to incrementally determine the last byte of the plaintext, the next-to-last byte, etc. More information at http://www.skullsecurity.org/blog/2013/padding-oracle-attacks-in-depth.
      • There are tools such as | Pypadbuster that automatically use this algorithm if given a function that returns True on correct padding and False on incorrect padding (the oracle)
kb/crypto/sym.txt · Last modified: 2013/10/12 16:41 by rcaragea
[unknown link type]Back to top