尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Breaking out of crypto authentication

Download as PPTX, PDF
Mohammed Adam
Mohammed Adam

This document provides an introduction to cryptography concepts including symmetric encryption, asymmetric encryption, hash functions, and common attacks on cryptographic systems. It begins with an introduction of the author and then defines cryptography as the practice of encryption and decryption. It explains the basic concepts of symmetric encryption using the same key for encryption and decryption, asymmetric encryption using public and private key pairs, and hash functions. It provides examples of implementations and uses of these cryptographic methods. Finally, it outlines some common attacks against symmetric, asymmetric cryptography and hash functions.

Engineering
1 of 13
Breaking out of Crypto Authentication
#WHOAMI • Mohammed Adam • Senior Security Engineer in Crossbowlabs LLP, Bangalore • Offensive Security Certified Professional (OSCP) • Chapter Lead in Null Villupuram • Acknowledged by top 50+ companies in Bugbounty Programs like US Dept of Defense, AT&T, Oppo, Mastercard, Intel, etc. • Blogger & Bike rider.
Cryptography 101 What is Cryptography? Encryption and Decryption Types of Cryptography • Symmetric • Asymmetric • Hash Functions General cryptographic implementations. Authentication and authentication schemas and attacks against authentication systems.
Symmetric Encryption Same key is used for encryption and decryption Encryption Algorithms DES 3DES AES Key Exchange Problem
Asymmetric Encryption Also known as Public Key Cryptography Two keys are used in the PKC, public key and private key A set of keys is associated with a particular user The sender encrypts the message with the receiver’s public key The receiver decrypts the encrypted message with the private key PKC Algorithms DSA RSA ECC
Hash Functions
Implementations of hash functions • The most popular use of hashes is for file identification and storing sensitive data, like passwords. • When you create an account on a website your password is converted to hash and this hash is stored in the server's database. • So when you login the password that you type in will be converted to a hash, the server will take it and compare it with the hash in it's database, if it's the same that means your password is correct and the server will let you in. • MD5 hashes are also used to ensure the data integrity of files. • Because the MD5 hashing algorithm always produces the same output for the same given input, it can be used to compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.
Use of Cryptography Symmetric Encryption • To encrypt bulk data • Encryption of data at rest Asymmetric Encryption • Digital Signatures • Key Exchange • Sensitive data exchange Hash Functions • Password Storage • Data Integrity Checks
Confusion Occurs between encoding and encrypting ? Let's say you have an encrypted file, the only way to decrypt it is using key. While encoded data can be decoded immediately, without keys. It's NOT a form of encryption, it just a way of representing data. A very popular encoding is Base64. Here's how "hi there" looks with Base64 encoding : aGkgdGhlcmU=
Attacks on Cryptographic Systems Symmetric Cryptography • Known-Plaintext Attack • Chosen-Plaintext Attack • Differential Cryptanalysis • Linear Cryptanalysis Asymmetric Cryptography • Brute force key search • Alteration of public keys Hash Functions • Hash Collisions • Rainbow table
Thankyou ! @iam_amdadam mohammedadam24

Recommended

Md5
Md5Md5
Md5
Sanjeevsharma620
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Elasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and MultitenancyElasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
Bozhidar Bozhanov
 
UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)
sendwithus
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
Jose Manuel Ortega Candel
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
Manjarul Hoque
 

Recommended

Md5
Md5Md5
Md5
Sanjeevsharma620
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Elasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and MultitenancyElasticsearch - Scalability and Multitenancy
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
Bozhidar Bozhanov
 
UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)UVic Startup Slam September 2014 (Kiind)
UVic Startup Slam September 2014 (Kiind)
sendwithus
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
Jose Manuel Ortega Candel
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
Manjarul Hoque
 
Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
Vaibhav Khanna
 
User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
guest648519
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
Adam Englander
 
Ciphers
CiphersCiphers
Ciphers
Ahtesham Husain Shaikh
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
Class 16
Class 16Class 16
Class 16
Dr. Ajith Sundaram
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
Malte Timmermann
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
Encryption
Encryption Encryption
Encryption
Adnan Malak
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
Setiya Nugroho
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
javagroup2006
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
 
Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
kalojo7178
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
ukd789555
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
s1190088
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
s1190088
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
Red Gate Software
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 

More Related Content

What's hot

Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
Vaibhav Khanna
 
User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
guest648519
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
Adam Englander
 
Ciphers
CiphersCiphers
Ciphers
Ahtesham Husain Shaikh
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
Class 16
Class 16Class 16
Class 16
Dr. Ajith Sundaram
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
Malte Timmermann
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
Encryption
Encryption Encryption
Encryption
Adnan Malak
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
 

What's hot (11)

Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
 
User And Physical Security
User And Physical SecurityUser And Physical Security
User And Physical Security
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
 
Ciphers
CiphersCiphers
Ciphers
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
 
Class 16
Class 16Class 16
Class 16
 
OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004OpenOffice.org Digital Signatures, OOoCon 2004
OpenOffice.org Digital Signatures, OOoCon 2004
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
Encryption
Encryption Encryption
Encryption
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
 

Similar to Breaking out of crypto authentication

Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
Setiya Nugroho
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
javagroup2006
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
 
Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
kalojo7178
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
ukd789555
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
s1190088
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
s1190088
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
Red Gate Software
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
Adam Englander
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier
 
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSBasic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSS
SURBHI SAROHA
 
Network security
Network securityNetwork security
Network security
ABHISHEK KUMAR
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
How encryption works
How encryption worksHow encryption works
How encryption works
RaxTonProduction
 
cryptography security
cryptography security cryptography security
cryptography security
Zia3130
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
7wounders
 

Similar to Breaking out of crypto authentication (20)

Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 
Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...Cryptography is the art and science of securing communication and data by con...
Cryptography is the art and science of securing communication and data by con...
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
 
Sw prezen3pdf
Sw prezen3pdfSw prezen3pdf
Sw prezen3pdf
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Sw2 prezen3pdf
Sw2 prezen3pdfSw2 prezen3pdf
Sw2 prezen3pdf
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
 
Security
SecuritySecurity
Security
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSBasic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSS
 
Network security
Network securityNetwork security
Network security
 
Cryptography
CryptographyCryptography
Cryptography
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
cryptography security
cryptography security cryptography security
cryptography security
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 

More from Mohammed Adam

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
Mohammed Adam
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
Mohammed Adam
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
Mohammed Adam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
Mohammed Adam
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
Mohammed Adam
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
Mohammed Adam
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
Mohammed Adam
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
Mohammed Adam
 
Internet security
Internet securityInternet security
Internet security
Mohammed Adam
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
Mohammed Adam
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Network Security
Network SecurityNetwork Security
Network Security
Mohammed Adam
 

More from Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Recently uploaded

INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASICINTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
GOKULKANNANMMECLECTC
 
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Tsuyoshi Horigome
 
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
aarusi sexy model
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
felixwold
 
Basic principle and types Static Relays ppt
Basic principle and types Static Relays pptBasic principle and types Static Relays ppt
Basic principle and types Static Relays ppt
Sri Ramakrishna Institute of Technology
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
drshikhapandey2022
 
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine
 
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Dr.Costas Sachpazis
 
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
Ak47
 
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
nainakaoornoida
 
Intuit CRAFT demonstration presentation for sde
Intuit CRAFT demonstration presentation for sdeIntuit CRAFT demonstration presentation for sde
Intuit CRAFT demonstration presentation for sde
ShivangMishra54
 
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
sexytaniya455
 
BBOC407 Module 1.pptx Biology for Engineers
BBOC407 Module 1.pptx Biology for EngineersBBOC407 Module 1.pptx Biology for Engineers
BBOC407 Module 1.pptx Biology for Engineers
sathishkumars808912
 
Microsoft Azure AD architecture and features
Microsoft Azure AD architecture and featuresMicrosoft Azure AD architecture and features
Microsoft Azure AD architecture and features
ssuser381403
 
Technological Innovation Management And Entrepreneurship-1.pdf
Technological Innovation Management And Entrepreneurship-1.pdfTechnological Innovation Management And Entrepreneurship-1.pdf
Technological Innovation Management And Entrepreneurship-1.pdf
tanujaharish2
 
Cricket management system ptoject report.pdf
Cricket management system ptoject report.pdfCricket management system ptoject report.pdf
Cricket management system ptoject report.pdf
Kamal Acharya
 
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book NowKandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
SONALI Batra $A12
 
My Airframe Metallic Design Capability Studies..pdf
My Airframe Metallic Design Capability Studies..pdfMy Airframe Metallic Design Capability Studies..pdf
My Airframe Metallic Design Capability Studies..pdf
Geoffrey Wardle. MSc. MSc. Snr.MAIAA
 
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort ServiceCuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
yakranividhrini
 
Online train ticket booking system project.pdf
Online train ticket booking system project.pdfOnline train ticket booking system project.pdf
Online train ticket booking system project.pdf
Kamal Acharya
 

Recently uploaded (20)

INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASICINTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
INTRODUCTION TO ARTIFICIAL INTELLIGENCE BASIC
 
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
 
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
🔥 Hyderabad Call Girls  👉 9352988975 👫 High Profile Call Girls Whatsapp Numbe...
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
 
Basic principle and types Static Relays ppt
Basic principle and types Static Relays pptBasic principle and types Static Relays ppt
Basic principle and types Static Relays ppt
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
 
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024
 
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
 
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
College Call Girls Kolkata 🔥 7014168258 🔥 Real Fun With Sexual Girl Available...
 
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
 
Intuit CRAFT demonstration presentation for sde
Intuit CRAFT demonstration presentation for sdeIntuit CRAFT demonstration presentation for sde
Intuit CRAFT demonstration presentation for sde
 
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
Call Girls Nagpur 8824825030 Escort In Nagpur service 24X7
 
BBOC407 Module 1.pptx Biology for Engineers
BBOC407 Module 1.pptx Biology for EngineersBBOC407 Module 1.pptx Biology for Engineers
BBOC407 Module 1.pptx Biology for Engineers
 
Microsoft Azure AD architecture and features
Microsoft Azure AD architecture and featuresMicrosoft Azure AD architecture and features
Microsoft Azure AD architecture and features
 
Technological Innovation Management And Entrepreneurship-1.pdf
Technological Innovation Management And Entrepreneurship-1.pdfTechnological Innovation Management And Entrepreneurship-1.pdf
Technological Innovation Management And Entrepreneurship-1.pdf
 
Cricket management system ptoject report.pdf
Cricket management system ptoject report.pdfCricket management system ptoject report.pdf
Cricket management system ptoject report.pdf
 
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book NowKandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
Kandivali Call Girls ☑ +91-9967584737 ☑ Available Hot Girls Aunty Book Now
 
My Airframe Metallic Design Capability Studies..pdf
My Airframe Metallic Design Capability Studies..pdfMy Airframe Metallic Design Capability Studies..pdf
My Airframe Metallic Design Capability Studies..pdf
 
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort ServiceCuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
Cuttack Call Girls 💯Call Us 🔝 7374876321 🔝 💃 Independent Female Escort Service
 
Online train ticket booking system project.pdf
Online train ticket booking system project.pdfOnline train ticket booking system project.pdf
Online train ticket booking system project.pdf
 

Breaking out of crypto authentication

  • 2. #WHOAMI • Mohammed Adam • Senior Security Engineer in Crossbowlabs LLP, Bangalore • Offensive Security Certified Professional (OSCP) • Chapter Lead in Null Villupuram • Acknowledged by top 50+ companies in Bugbounty Programs like US Dept of Defense, AT&T, Oppo, Mastercard, Intel, etc. • Blogger & Bike rider.
  • 3. Cryptography 101 What is Cryptography? Encryption and Decryption Types of Cryptography • Symmetric • Asymmetric • Hash Functions General cryptographic implementations. Authentication and authentication schemas and attacks against authentication systems.
  • 4. Symmetric Encryption Same key is used for encryption and decryption Encryption Algorithms DES 3DES AES Key Exchange Problem
  • 5.
  • 6. Asymmetric Encryption Also known as Public Key Cryptography Two keys are used in the PKC, public key and private key A set of keys is associated with a particular user The sender encrypts the message with the receiver’s public key The receiver decrypts the encrypted message with the private key PKC Algorithms DSA RSA ECC
  • 7.
  • 9. Implementations of hash functions • The most popular use of hashes is for file identification and storing sensitive data, like passwords. • When you create an account on a website your password is converted to hash and this hash is stored in the server's database. • So when you login the password that you type in will be converted to a hash, the server will take it and compare it with the hash in it's database, if it's the same that means your password is correct and the server will let you in. • MD5 hashes are also used to ensure the data integrity of files. • Because the MD5 hashing algorithm always produces the same output for the same given input, it can be used to compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.
  • 10. Use of Cryptography Symmetric Encryption • To encrypt bulk data • Encryption of data at rest Asymmetric Encryption • Digital Signatures • Key Exchange • Sensitive data exchange Hash Functions • Password Storage • Data Integrity Checks
  • 11. Confusion Occurs between encoding and encrypting ? Let's say you have an encrypted file, the only way to decrypt it is using key. While encoded data can be decoded immediately, without keys. It's NOT a form of encryption, it just a way of representing data. A very popular encoding is Base64. Here's how "hi there" looks with Base64 encoding : aGkgdGhlcmU=
  • 12. Attacks on Cryptographic Systems Symmetric Cryptography • Known-Plaintext Attack • Chosen-Plaintext Attack • Differential Cryptanalysis • Linear Cryptanalysis Asymmetric Cryptography • Brute force key search • Alteration of public keys Hash Functions • Hash Collisions • Rainbow table
  翻译: