Cryptography Attacks and Countermeasures

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course in this video. We're just gonna talk about some cryptography attacks as well as some countermeasures that we conduce. We'll keep things that kind of a high level for this video.
00:10
So are different types of attacks are things like no in plain text attack,
00:14
chosen plain text attack cipher text only the replay attack, and then also the chosen cipher attack.
00:21
So let's talk about those a little bit more in depth.
00:24
So far known. Plain text attack. The attacker has both the plain text information as well as the corresponding cipher text messages. Eso basically what this meant This attack, it's the more the better, right? So what the attacker is gonna do is you're going to scan the plain text for repeatable sequences, and then they're gonna compare that to the cipher text versions,
00:43
and over time,
00:45
with enough of that,
00:46
there will be able to actually decipher the key.
00:49
We've got a chosen plain text attack. And so in this example, the Attackers gonna encrypt multiple plain text copies for themselves. And the goal with that is to actually go ahead and decide for the key through that method
01:00
with our cipher text on Lee Attack. The attacker gains copies of several messages that are encrypted in the same way. So basically, they're using the same algorithm and then with enough statistical analysis, they could eventually find a repeating code and then that that can then be used to decode the actual message later on
01:19
with a replay attacks similar to other replay attacks. It's basically a man in the middle of a man in the middle attack. And so what the attacker is gonna do is we're gonna repeat a portion of that cryptographic exchange, and the goal with that is to take that authenticated aspect, replay it and try to take over that communication session.
01:38
Bye.
01:41
Replaying that information and so one way to kind of mitigate this is using the session tokens that expire.
01:47
And then we have our chosen Seifert attack.
01:49
And so what the attacker does here is they take a cipher, text message or messages, and they try to figure out the key through what's called comparative analysis. So they're trying to use multiple keys on the plain text version R. S. A. Is actually one that's vulnerable to this type of attack So what are some countermeasures that we can do for cryptographic attacks? Well,
02:07
using a stronger encryption algorithm, it's not 100%. But
02:10
if we use a stronger encryption algorithm, makes it more difficult for an attacker to actually use that as an attack method. And they're more likely to do something else, like something a little easier for them, like social engineering, right? And some encryption algorithms might take forever, especially with a longer key to crack right or at least
02:28
forever in our minds. It might take 50 years or 1000 years or a million years
02:31
at some point be cracked. But realistically, in our lifetime, it won't be,
02:37
and especially if we make sure that we're changing the keys on a regular basis, that doesn't mean you have to change them every day. But as long as we're changing them on a regular basis, it will make it even more difficult for the attacker to succeed and using keys that are 256 bits, um, or higher.
02:53
So a quick, quick question here and this type of attack. The attacker has a plain text and the cipher text. Which type of attack is that is that chosen plain text known plain text or the replay attacks.
03:04
All right, so if you guess the known plain text attack, you are correct.
03:07
So in this video, we just talked about different cryptography attacks. We also talked about some fundamental countermeasures that we can do to help protect against cryptographic attacks.
Up Next
Penetration Testing and Ethical Hacking

The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course walks students through the process of gaining intelligence, scanning and enumerating and hacking the target.

Instructed By