You are here >  theory >  security

Weak Encryption

Weak encryption based attacks target the implementation or the algorithm itself, that is used in implementing password based authentication. In some cases, the implementation of a password based authentication system uses encryption techniques such as ROT[Rotation], Public-key Cryptography/Infrastructure[PKI] and its implementations such as RSA[Ronald Rivest, Shamir and Adleman], Elliptic-curve cryptography, secret-key crypto and its implementation such as DES[Data Encryption Standards], 3DES[Tripple-DES] and AES[Advanced Encryption Standards]. If the attacker has access to the location where the passwords are stored, and if there are suitable conditions for the attacker to break the passwords, then it is pretty much a situation of compromise. The suitable conditions may include [and is not limited to]:

  • Weak Algorithm Strength.
  • Weak Implementation.
  • Weak Unique/Secret Key used.
  • Key shared among many people.
  • Known plain-text cipher-text pair.
  • Known plain-text and key.
  • Known key and cipher.
  • and much more.

One thing we have noticed is that many articles that we have come across talk about weak encryption and then say that MD5 and SHA-1 are the weak implementation of encryption algorithm. This is totally untolerable and absolutely incorrect. MD5 and SHA-1 are Hashing techniques. Hashing is where an input goes in and its "irreversable" digest comes out. This digest is used to determine if the input is what it is, when it is resent. Hence, this technique is used in the challenge handshake authentication where people give the password to the software and the software Hashes the password and send it across the wire and then the server determines if that hash matches the hash of the password stored in the server, the user is granted permission to access and if not, then the user is denied access. In this method, if the attacker is sniffing the packets and if the packets are not encrypted, then the attacker could do a replay attack and gain the same access as this user, since the hash is going to be the same as previous time. This is why passwords are salted before they get hash. Salt is a tiny stream of bits/data added to the password before taking a hash value to it. Since this salt value is generated by the software using a Pseudo-Random Number Generator(PRNG), it is believed to be random. If the number generated is random, how would the server know about it? Since the server is using the same function, it would also calculate the random number and then attach it to the password and generate a hash from that value to check if the user supplied input is the same as the one at its end. Now, attackers would have two ways to get values in this case. Attackers aim at breaking the PRNG generator to get the value or its implementation.

An attacker could perform man-in-the-middle and/or sniff the packets to get the values in each session and find a regularity in the pattern, and then try reversing the function used to implement this PRNG. Attackers could also try reversing the implementation of the algorithm by reverse engineering the software itself, that is if they got a copy of the same software. There are other possible techniques where attackers could gain access too. But the reason for discussing this is because, using MD5 and SHA-1 cannot be called as "Weak Encryption", because encryption is a technique used to convert plain-text to a "reversable" cipher (reversable through a process called decryption) and hashing is the process of converting a plain-text or data to a "non-reversable" form. This is why hashed data is used for challenge handshake authentication process. At system level, hashing is used to find the hash value of the files to determine if there were any changes to the file or to document the file with its hash value rather than its name because, malware authors can change the name of the files although, they cannot change its hash value due to its irreversable nature.

Even though hashing is irreversable process, there is a new kind of attack that just was released few years back. This is called Hash-collission. Hash-collision is something where you have two values or two different data, producing the same hash value. Why would this be useful in an attack? Imagine any algorithm using hashing to verify the integrity [hashing malware files] or authentication [challenge handshake protocol], where you could produce the same hash value for two or more different files or data. It would be a disaster, if that happens. This is what is predominantly known as hash-collission attack and this has been proven for limited values in a very limited case. After the Proof-of-Concept [PoC] of this hash-collision attack got released by a Research Professor in China, security professionals have started using a combination of Sha-1 and MD5 for the same data to provide a combinational HASH match and determine the integrity and authenticity of the data submitted. So far, there has been no attack [theoretical and practical] proven to attack the hashing combo technique.

Although, weaknesses in encryption and hashing could be used to attack the transaction or storage of passwords, attackers generally prefer to attack the implementation of these algorithms rather than the alogorithm itself as their purpose is very simple – Steal the password or misuse the authentication mechanism. Cryptanalysts on the other hand do this for research or for the heck of it, by challenging the algorithms and cryptography techniques over the thousand years. This is nothing new and has always been a challenge from time to time, starting from the age of empires to the current computerized world. The reason for us to discuss in PasswordAnalytics is because, one should think about their algorithm and implementation, even before they think about the strength of their passwords.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google