Experiences with Bruce Schneier's self study course in block cipher cryptanalysis?

Hello all, was just wondering if any of you have given a crack at this course and your experience, and what background you'd recommend before starting it. Seems very interesting and fun, albeit a bit intimidating with

> If a student can’t break any of the ciphersβ€” > especially the easy onesβ€”it’s a good indication that he should find another line of work

lol. I know he mentioned some prerequisites already but it's an old document, so curious if anybody has anything else to add now.

The document in question can be found here.

Cheers

Edit: Thanks for your responses everyone!

πŸ‘︎ 39
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/groninger17
πŸ“…︎ Mar 04 2021
🚨︎ report
Which of the following passwords most likely takes the highest cryptanalysis work factor?

As the password attack is one of the most common attacks, for example, brute force attack, dictionary attack, rainbow table attack, and so forth, an external security team will be employed to inspect weak passwords.

For experienced, ethical hackers, which of the following passwords most likely takes the highest cryptanalysis work factor?

Do you want to know the answer, if so check out the CISSP ISC2 question telegram group.

https://t.me/CISSP_2021/110

View Poll

πŸ‘︎ 7
πŸ“°︎ r/Passwords
πŸ’¬︎
πŸ‘€︎ u/ServerCISP
πŸ“…︎ Mar 03 2021
🚨︎ report
Looking for a breakdown of jobs involving cryptanalysis

Are there jobs where the primary activity is breaking cryptographic systems? I've heard that cryptanalysis jobs exist in the intelligence world, but my guess is that they require a prohibitively advanced background in math. If someone could confirm/clarify, I'd appreciate it.
I've really enjoyed working through the cryptopals exercises, and I guess I'm wondering if there are jobs that resemble that kind of work: breaking crypto rather than implementing it. My background is in software reverse-engineering, and my orientation is very much towards puzzle-solving rather than system-building. Math skills are decent enough but not nearly phd-level. Any input is appreciated!

πŸ‘︎ 36
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/drill_death
πŸ“…︎ Mar 02 2021
🚨︎ report
Current state of Static Diffie-Hellman cryptanalysis? (How secure OPAQUE over Curve25519 really is?)

I've recently became aware of an apparent contradiction between the respective security considerations of the OPRF and OPAQUE RFC drafts, that is leading me to question what I believed about the security of oblivious pseudo-random functions (specifically, blinding over elliptic curves).

Here's what the OPRF draft says:

> A side-effect of our OPRF design is that it allows instantiation of a oracle for constructing Q-strong-DH (Q-sDH) samples. […] > > The assumption that this problem is hard was first introduced in [BB04]. Since then, there have been a number of cryptanalytic studies that have reduced the security of the assumption below that implied by the group instantiation (for example, BG04 and Cheon06). In summary, the attacks reduce the security of the group instantiation by log_2(Q) bits. > > As an example, suppose that a group instantiation is used that provides 128 bits of security against discrete log cryptanalysis. Then an adversary with access to a Q-sDH oracle and makes Q = 2^20 queries can reduce the security of the instantiation by log_2(2^20) = 20 bits.

When I read this I deduced that if I construct an OPRF over Curve25519 to protect a salt, an attacker could perform a million queries (2^20), then use them to break the OPRF in 2^106 time instead of 2^126. (Order of the curve is 2^252, so regular brute force costs 2^126 point operations). Not quite practical, but in my opinion ceases to be "boring". Because of this, I used to reject OPAQUE over Curve25519, because its security relies solely on the blind salt: if the OPRF is broken, then the attacker can perform an offline dictionary attack.

The OPAQUE draft however sounds much more optimistic:

> While one can expect the practical security of the OPRF function (namely, the hardness of computing the function without knowing the key) to be in the order of computing discrete logarithms or solving Diffie-Hellman, Brown and Gallant [BG04] and Cheon [Cheon06] show an attack that slightly improves on generic attacks. For the case that q-1 or q+1, where q is the order of the group G, has a t-bit divisor, they show an attack that calls the OPRF on 2^t chosen inputs and reduces security by t/2 bits, i.e., it can find the OPRF key in time

... keep reading on reddit ➑

πŸ‘︎ 43
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/loup-vaillant
πŸ“…︎ Jan 15 2021
🚨︎ report
CISSP Domain 3 MindMap / Review video focused on Cryptanalysis

The next video on cryptography is up! This one focuses on Cryptanalysis: https://youtu.be/pnITDgs63M4

Topics covered include Cryptanalysis, Cryptanalytic Attacks, Brute Force Attack, Ciphertext Only Attack, Known Plaintext Attack, Chosen Plaintext Attack, Chosen Ciphertext Attack, Factoring Attack, Cryptographic Attacks, Man-in-the-middle, Replay Attack, Temporary Files Attack, Implementation Attacks, Side Channel Attack, Dictionary Attack, Rainbow Tables, Birthday Attack, Social Engineering, Purchase Key Attack, Rubber Hose Cryptanalysis

Here are the other review / MindMap videos I have completed so far:

Domain 2

Domain 3

Domain 4

  • Coming soon(ish)!

Domain 5

Domain 6

Domain 7

Domain 8

I have also created a couple of deep dives into topics important to understand for the exam:

All the best in your studies!

Rob

πŸ‘︎ 33
πŸ“°︎ r/cissp
πŸ’¬︎
πŸ‘€︎ u/RWitchest
πŸ“…︎ Nov 20 2020
🚨︎ report
Cryptanalysis (Mono Alphabet)

If you use an encryption process that makes a brute-force attack infeasible, is that encryption method secure ? - Can we break the encryption? - Here is a first try of an β€žarticle/tutorialβ€œ from me: https://aicdev.com/?p=67

Hope that is at least kind of interesting or helpful. Cheers

πŸ‘︎ 68
πŸ’¬︎
πŸ‘€︎ u/docaicdev
πŸ“…︎ Nov 09 2020
🚨︎ report
Linear Diferential Cryptanalysis Attack

Hello, so I have this task that my teacher assigned me , it was to implement a linear diferential cryptanalysis attack on the first round of simplified AES(in the photo below).But I dont really know what to do , I've looked in the book and I see no correlation between linear diferential cryptanalysis and AES . If anyone can help me out I would realyy appreciate it .

https://preview.redd.it/egu0hb7fht761.png?width=662&format=png&auto=webp&s=40faaf8dc14d5fcb0889fbb33190bd74cd8568bf

πŸ‘︎ 2
πŸ“°︎ r/cryptography
πŸ’¬︎
πŸ‘€︎ u/AlbinyyyS
πŸ“…︎ Dec 27 2020
🚨︎ report
Dead Ends in Cryptanalysis #1: Length Extension Attacks soatok.blog/2020/10/06/de…
πŸ‘︎ 47
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/Soatok
πŸ“…︎ Oct 07 2020
🚨︎ report
Help to understand AES / Rijndael cryptanalysis

Hello.

I wish to understand how AES / Rijndael cryptanalysis works but as all the articles or paper I find are all way too complicated for me.

Do some of you know where I can find a simplified explanation of such cryptanalysis (mostly differential and related-key attacks) in a more "casual" language so I can understand the core concepts. Obviously, I'm not looking to understand the state of the art attacks but have a better understanding of cryptographic attacks.

Thanks.

πŸ‘︎ 22
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/capiya7398
πŸ“…︎ Oct 01 2020
🚨︎ report
Improved Cryptanalysis of UOV and Rainbow eprint.iacr.org/2020/1343
πŸ‘︎ 22
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/SAI_Peregrinus
πŸ“…︎ Oct 26 2020
🚨︎ report
[Book] Elementary Cryptanalysis: A Mathematical Approach
  • DOI/PMID/ISBN: 978-0-88385-937-7

  • URL

https://www.jstor.org/stable/10.4169/j.ctt19b9krf

Thanks in advance

πŸ‘︎ 3
πŸ“°︎ r/Scholar
πŸ’¬︎
πŸ‘€︎ u/thync
πŸ“…︎ Jul 24 2020
🚨︎ report
Getting to know differential cryptanalysis in a modern and interactive way

Getting to know differential cryptanalysis in a modern and interactive way

I wrote my master thesis in computer science last year and would like to share it with the community.

When I got to know differential cryptanalysis (DCA), I probably used the same literature and web pages as many others dealing with it. I started to deal with this attack without any prior knowledge.

I quickly found out that the paper by Howard Hays and the book "The Block Cipher Companion" are really good, but they don't always help a beginner in many places. On the other hand, when looking very closely and validating experiments, the specifications do not seem to be fully described.

One of my results with the occupation is an interactive tutorial consisting of three parts, integrated in the open-source and e-learning software CrypTool 2. This is designed to teach the necessary theory with slides and to put it into practice directly. So far there has been no interactive tutorial that combines theory and practice. There are isolated code fragments and for example the website of Amazing King, but a console application is didactically not as valuable as an application with a graphical interface and the possibility to influence the process.

Various parameters, such as the key to be attacked, can be determined by the user himself. Different types of learners are addressed by different display formats (e.g. for differentials). Learning and understanding is supported by the fact that each step of the DCA can be viewed separately instead of viewing the DCA as a 'black box' with different inputs and a key as output.

Another result are extensive experiments with exact specifications. This creates traceability and the public source code ensures transparency.

If you are interested, you can have a look at the DCA in CrypTool 2. It can be found under the following link and can be downloaded for free:

https://www.cryptool.org/en/ct2-downloads

After finishing my master thesis, I created a series of challenges for the website MysteryTwister

C3 with my supervisor. Currently 2 of 4 challenges of the DCA are published. If you are interested, you can find them at https://www.mysterytwisterc3.org.

I would really appreciate your feedback about how you like the DCA tutorials in CrypTool 2 and whether you know of any other competitive implementations available.

Thank you

πŸ‘︎ 35
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/Crypto-Berlin
πŸ“…︎ Jul 19 2020
🚨︎ report
Cryptanalysis starterpack
πŸ‘︎ 60
πŸ“°︎ r/starterpack
πŸ’¬︎
πŸ“…︎ Jul 24 2020
🚨︎ report
Cryptanalysis on homomorphic encryption by analyzing application execution?

This may be a dumb question, and I assume that there is some fault in my logic due to a lack of understanding on my part. Given a scenario where one would be writing an application that interacts with a fully homomorphically encrypted integer, wouldn't it be trivial for one to determine what the value of the data was?

For instance here is a theoretical example provided from Here [1]:

while (encrypted_value < 100) {
  perform_some_operation_on(&encrypted_value);
}

Wouldn't the execution of the function preform_some_operation_on() inherently leak that encrypted_value is less than 100. If so, couldn't this just be expanded to eventually find the value of encrypted_value? Maybe there is something that I am missing in how homomorphically encrypted values are evaluated but this has been something that I was not able to figure out on my own so I thought it would be best to post it here. Thanks for all the help!

[1]: https://blog.cryptographyengineering.com/2012/01/02/very-casual-introduction-to-fully/

πŸ‘︎ 16
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/redfiji
πŸ“…︎ Apr 28 2020
🚨︎ report
Learn Reverse Engineering and Cryptanalysis by solving Ransomeware challenge
πŸ‘︎ 46
πŸ“°︎ r/cybersecurity
πŸ’¬︎
πŸ‘€︎ u/DaringJoker
πŸ“…︎ May 03 2020
🚨︎ report
Cryptanalysis of the Sarah2 Pen-and-Paper Cipher robertxiao.ca/hacking/sar…
πŸ‘︎ 58
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/blake8086
πŸ“…︎ Jan 13 2020
🚨︎ report
Wanna learn Reverse engineering and cryptanalysis? daringjoker.wordpress.com…
πŸ‘︎ 159
πŸ’¬︎
πŸ‘€︎ u/DaringJoker
πŸ“…︎ May 03 2020
🚨︎ report
For the first time in 14 years, USA has a central intelligence bureau; last federal espionage agency, the Black Chamber, focused on cryptanalysis, was shut down in 1929, by a Secretary of State declaring "Gentlemen do not read each other's mail."

^- ^Live ^tweets ^from ^1942 ^(@RealTimeWWII) ^| ^July ^13, ^2020

πŸ‘︎ 9
πŸ“°︎ r/RealTimeWW2
πŸ’¬︎
πŸ‘€︎ u/RealTimeWW2Bot
πŸ“…︎ Jul 13 2020
🚨︎ report
The Multiprogram Research Facility (also known as Building 5300) is a facility at the Oak Ridge National Laboratory used by the NSA to design and build supercomputers for cryptanalysis and other classified projects [35Β°55'51.6"N 84Β°18'43.2"W] imgur.com/a/MFH9Rbx
πŸ‘︎ 15
πŸ“°︎ r/intelligenceporn
πŸ’¬︎
πŸ‘€︎ u/Cultural_Attache
πŸ“…︎ Jul 16 2020
🚨︎ report
[Article] Applicability of Cellular Automata in Cryptanalysis

https://www.igi-global.com/article/applicability-of-cellular-automata-in-cryptanalysis/178479

DOI: 10.4018/IJAMC.2017040103

Thanks for any help everyone can provide!

πŸ‘︎ 2
πŸ“°︎ r/Scholar
πŸ’¬︎
πŸ‘€︎ u/ToughPink
πŸ“…︎ May 08 2020
🚨︎ report
Cryptanalysis of LEDAcrypt (Pracitcal Break) eprint.iacr.org/2020/455
πŸ‘︎ 26
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/SAI_Peregrinus
πŸ“…︎ Apr 21 2020
🚨︎ report
[r/cryptanalysis cross-post] How can I bolster my resume to work as a cryptanalysist?

I'm in the first year of my M.Sc. in pure math, doing arithmetic geometry. While I'm en route towards a Ph.D., I'm also considering leaving once I've finished my masters to work in cryptanalysis, most likely for CSIS, (Canada's CIA). I have some basic python/Sage skills, I have taken a course called "Applied Algebra" where are large focus was on elementary cryptography (RSA, Diffe-Hellman etc.), and I've taken a number of graduate courses in a variety of courses, favoring algebra.
What can I do over the next year and a half to make myself an ideal candidate for a job in cryptanalysis, or CSIS in particular? If you could offer some more specific advice and/or resources than "git gud at python" I'd appreciate it. I imagine an ideal answer would include something like recommended textbook reading list or trusted online courses/certifications, or even a concise list of particular things I should be able to do with a computer.

πŸ‘︎ 16
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/kr1staps
πŸ“…︎ Jan 03 2020
🚨︎ report
[Journal] Quantum algorithms for typical hard problems: a perspective of cryptanalysis idp.springer.com/transit?…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/iciq
πŸ“…︎ Apr 30 2020
🚨︎ report
Frontal view of the reconstructed Colossus, a set of computers developed by British codebreakers in the years 1943–1945 to help in the cryptanalysis of the Lorenz cipher, at The National Museum of Computing, Bletchley Park
πŸ‘︎ 23
πŸ“°︎ r/intelligenceporn
πŸ’¬︎
πŸ‘€︎ u/Cropitekus
πŸ“…︎ Mar 05 2020
🚨︎ report
When cryptanalysis isn’t simple

Does anyone recommend a method to working with an Autokey Vigenere cipher when there’s another layer of ciphertext underneath? Typically you solve by placing partial keys over and over until you get bits of readable plain text. But... if the cipher is layered on another cipher, that doesn’t work...

πŸ‘︎ 2
πŸ“°︎ r/CipherBrowser
πŸ’¬︎
πŸ‘€︎ u/Novi_Star_4571
πŸ“…︎ Oct 22 2019
🚨︎ report
TIL that US Navy Commander Joseph Rochefort, who commanded the code breaking effort that enabled US victory at the Battle of Midway, was reassigned from Cryptanalysis to command a floating dry dock for the remainder of the war, due to internal Navy politics. nytimes.com/1985/11/17/us…
πŸ‘︎ 60
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/AspireAgain
πŸ“…︎ Aug 29 2019
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 11
πŸ“°︎ r/encryption
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report
Terrible blow for UK intelligence: German U-boats have begun using a new, more complex version of the Enigma code, impenetrable to their cryptanalysis.

^- ^WW2 ^Tweets ^from ^1942 ^(@RealTimeWWII) ^| ^February ^16, ^2020

πŸ‘︎ 16
πŸ“°︎ r/RealTimeWW2
πŸ’¬︎
πŸ‘€︎ u/RealTimeWW2Bot
πŸ“…︎ Feb 16 2020
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 22
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report
Explaining differential cryptanalysis (DCA) as a Xmas challenge

Just came across a DCA crypto challenge made detailed and thoroughly. Part 1 requires to attack a small block cipher with DCA when already filtered pairs of plaintext and ciphertext are given.

Part 1 of this series was published as this year's Xmas challenge on MysteryTwister C3.

https://www.mysterytwisterc3.org/en/challenges/the-four-levels

https://www.mysterytwisterc3.org/en/challenges/level-2/christmas-challenge-2019-differential-cryptanalysis-part-1

Merry Xmas

πŸ‘︎ 5
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/treifi
πŸ“…︎ Dec 23 2019
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 4
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 3
πŸ“°︎ r/securityCTF
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 11
πŸ“°︎ r/LiveOverflow
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report
TIL about Rubber Hose cryptanalysis, where the person is repeatedly beaten with a rubber hose, until secret information is extracted en.wikipedia.org/wiki/Rub…
πŸ‘︎ 36
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/KidsMaker
πŸ“…︎ Nov 05 2019
🚨︎ report
[R] Deep Learning for Cryptanalysis

I had a paper at CRYPTO 2019 on cryptanalysis using neural networks that I thought I might share here, since there has previously been some interest in cross-domain work between cryptology and machine learning on this subreddit (e.g. CipherGAN, Learning the Enigma with Recurrent Neural Networks):

Paper (eprint version): https://ia.cr/2019/037

Github: https://www.github.com/agohr/deep_speck

Talk: https://youtu.be/weX1itU9VrM

tl;dr: Using neural networks to distinguish cipher output from random data together with an efficient search policy, we achieve a 200-fold speedup over the best previously published key recovery attack against a round-reduced (i.e. weakened) version of a modern block cipher. This is the first example of state of the art block cipher cryptanalysis using deep learning. The trained deep learning models are also compared to very strong distinguishers using traditional techniques and some partial insight into the source of the additional signal picked up by the DL model is provided.

πŸ‘︎ 5
πŸ“°︎ r/MachineLearning
πŸ’¬︎
πŸ‘€︎ u/tea_search
πŸ“…︎ Oct 13 2019
🚨︎ report
Classical cipher cryptanalysis cheatsheet :: Notes from Overthewire Krypton sumit-ghosh.com/articles/…
πŸ‘︎ 2
πŸ“°︎ r/netsecstudents
πŸ’¬︎
πŸ‘€︎ u/SkullTech101
πŸ“…︎ Feb 26 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.