Encryption - Crypto 101
This guide contains the answer and steps necessary to get to them for the Encryption - Crypto 101 room.
Table of contents
- Key terms
- Why is Encryption important?
- Crucial Crypto Maths
- Types of Encryption
- RSA - Rivest Shamir Adleman
- Digital signatures and Certificates
- SSH Authentication
- PGP, GPG and AES
Key terms
-
I agree not to complain too much about how theory heavy this room is.
-
Are SSH keys protected with a passphrase or a password?
The answer can be found in the text.
Click for answer
passphrase
Why is Encryption important?
- What does SSH stand for?
Looking up SSH gives us what it stands for.
Click for answer
Secure Shell
- How do webservers prove their identity?
This can be found in the text.
Click for answer
Certificates
- What is the main set of standards you need to comply with if you store or process payment card details?
These standards are noted in the Payment Card Industry Data Security Standards. This can be found through a search.
Click for answer
PCI-DSS
Crucial Crypto Maths
- What's 30 % 5?
Dividing 30 by 5 gives us 6. So it is divisible by 5 and the remainder is 0.
Click for answer
0
- What's 25 % 7
25 isn't divisible by 7. Closest we can get is 3*7=21. So the remainder is 4
Click for answer
4
- What's 118613842 % 9091
Dividing 118613842 by 9091 gives us a large decimal number, so it isn't divisible by 9091. If we take all that is after the comma and multiply it with 9091 we get 3565. This would be the remainder.
Click for answer
3565
Types of Encryption
- Should you trust DES? Yea/Nay
From the text we can gather DES is not considere secure anymore.
Click for answer
Nay
- What was the result of the attempt to makeDESmore secure so that it could be used for longer?
This we must research!
Click for answer
triple DES
- Is it ok to share your public key? Yea/Nay
Only the private key must be kept private.
Click for answer
Yea
RSA - Rivest Shamir Adleman
- p = 4391, q = 6659. What is n?
n is the product of p and q, so we need to multiply p and q to get our answer.
Click for answer
29239669
- I understand enough about RSA to move on, and I know where to look to learn more if I want to.
Digital signatures and Certificates
- Who is TryHackMe's HTTPS certificate issued by?
We can find the website's certificate by clicking on the padlock icon in the address bar. This already shows us who verified the website. CLicking on more information should give us the name we are after.
Click for answer
E1
SSH Authentication
- I recommend giving this a go yourself. Deploy a VM, like Linux Fundamentals 2 and try to add an SSH key and log in with the private key.
If you want to try, use the following commands:
ssh-keygen
-> To generate the private and public key pair.
cat id_rsa > authorized_keys
or
ssh-copy-id
-> To copy the public key into the authorized_keys file
Now create a folder on the target machine .ssh and place the public key and authorized_keys file in it.
Now you can log in with your private key using:
-
Download the SSH Private Key attached to this room.
-
What algorithm does the key use?
After downloading the file, we can make a guess of the used algorithm by looking at its file name. This can be checked by opening the file.
Click for answer
RSA
- Crack the password with John The Ripper and rockyou, what's the passphrase for the key?
First we must convert the key into a suitable format for John.
Click for answer
delicious
PGP, GPG and AES
-
Time to try some GPG. Download the archive attached and extract it somewhere sensible.
-
You have the private key, and a file encrypted with the public key. Decrypt the file. What's the secret word?
We must use gpg to decrypt the file. Since we have the key, we can import it into gpg.
Now we can decrypt the message.
Click for answer
Pineapple