CrypTool Lab

Cryp Tool is a non-academic analysis tool for the professional penetration tester.  Cryp Tool delivers a fundamental understanding of encryption algorithms.  This lab demonstration of Cryp Tool gives insight into how the encryption process works and what you learn from it. For example, you’ll learn how to conduct pattern analysis with Cryp Tool to identify trends in patterns. [toggle_content title="Transcript"] Hi, Leo Dregier here. In this video, I want to highlight Cryp Tool. Cryp Tool is an application that you can use to further your crypto-analysis background. Most of what we do in the field of cryptography comes from the academic world, which is relatively painful, because that's where you learn integrity versus symmetric versus asymmetric, tying it all together with a PKI, et cetera. Well this is actually more professionally speaking, because it allows you to actually use the tools, and give you a much better, much more fundamental, hands-on application. So, my website is the Code of Learning, which is based off Edgar Dale's "The Cone of Learning", which basically puts a lot of application in doing this stuff. In other words, you'll know the stuff if you actually do it. This is one of the reasons why I can demonstrate so many of these tools, is because I've actually used, it just seems like way too many tools. So let’s go ahead and get an idea of 1/ an overview of the program and then how to use a tool like this. So how to start. Cryp Tools is a free e-leaning program designed to demonstrate the application and analysis of encryption algorithms. Cryp Tool includes an extensive online help, yea, yea, yea. Please press F1 while selecting any menu and you get the dialogue box. Ok great, thank you. So Cryp Tool, for example, a starting example for the Cryp Tool version, family. Cryp Tool is a comprehensive free educational program, et cetera, et cetera. Basically, just highlighting what we did there, and that's basically our help. So we can go ahead and get rid of that. So in this case, let’s go ahead and open up a file. Now, I just happen to have a file on my hard drive that I created, which is an encryption dot text, and we'll just go try to open that encrypted file up, and basically see what we can learn, ok? And you can see the file info. It says it's compressed, but it's actually encrypted. File info and AEP here, so not too much in terms of the work flow of this encrypted file. But none the less, it does give us the cipher text and maybe we could go ahead and start doing pattern analysis and things like that, to just that. So you can basically open up any server encrypted file or, let’s try to open up the clear text version of this at this point. So we'll go back up here, and we will look for, I thought we had a text file in there, let me see what happened to the text file. I think I deleted it when I actually encrypted, so let’s go look at -- so, here we go. Plain text dot txt. Hi Mom, control s, alt F4, and now we should be able to open that back up in the tool, so there's your plain text, and you can see that it pulls the plain text right out of it. More so what I wanted to demonstrate was plain text versus cipher text, ok? So that's the big picture, and any sort of symmetric encryption, right. So you can go ahead and take this plain text file, symmetric class it, and look at some of the different algorithms. So you have the Vigenere cipher, basic substitution, you can exclusively this, you can make a homophone, you can solitaire skytail, so it's pretty good in terms of analyzing, in applying some of the basic, classic cryptography-style algorithms. So if we take some of them like the Caesar cipher, which is a classic rotation of 13 places, because it's a ROT13 as opposed to a ROT3. So Caesar, the value of the first alphabet equals 0, there you go, let’s do alpha-numeric characters, and basically you want to shift the number of values. So in this case, the mapping is going to be exactly the same, so that's not going to be any fun there, so let’s pick something like 3, and then you can see A turns into D, B turns into E, C turns into F. Or if we do 13, then you can see A turns into N, B O, C P, et cetera, and follow it out. And then go ahead and encrypt that, and then, boom, there you go, now you have the equivalent of the cipher text. Then if you want to decrypt that, you can do the same thing. So take this file, do a 13, and same mapping, and then decrypt it, and then "Hi Mom" comes out. So then, that was the Caesar cipher. Then you could take something like Vigenere, which is a poly-alphabetic, so enter in the key, in this case we're going to need a repeating key here, and we could do "Hi Mom". Now this, in cryptography language, was what we would refer to as 'dumb', because now we have a key that is directly related to our message, and so that's basically bad. But nonetheless, we can use it for an example. So you can see that using the Vigenere, which is a poly-alphabetic version of Caesar, basically I can get a cross-reference. So we're going to do this again, we're going to do "Hi Mom", decrypt this and then, boom, it comes right back out, ok? So then we can do a symmetric algorithm. Now the only ones that they have really to play here is the RSA algorithm, as opposed to elgamal or elliptical curve, or there's no DSA here, or none of the key exchange algorithms, like Diffie-Hellman or Sicam or anything like that. If you want something a little bit more advanced, you can go into the hybrid mode, and that does have elliptical curve with AES, but start out at the basics first. I want you guys to get the basic Caesar, Vigenere and then exclusively, and then you can move up to some of the advanced algorithms. Because a couple of hours with this tool, and then a couple of hours on Wikipedia, just researching the basics of the algorithm, that's how you can get some really, really good, valuable time, actually understanding how this stuff works. If you want to do PKI, you can generate a report, keys here, you can digitally sign, you can digitally verify with the corresponding public and private keys, you can extract the digital signature for signing. You can look at hashing, so if I want to take "Hi Mom" and hash it, I can get the value of that. And I can do the same thing at the Command prompt if I wanted to. So all the principles are right here in this tool, which is why this is one of my favorite tools for actually analyzing cryptography. Nothing will drive home the principles of cryptography more than actually using the stuff in hands-on environment. Because this is where you physically get to see that in the asymmetric world, you have a public and private key. In the symmetric world, you only have private keys. In the hashing, you don't have any keys, you're just analyzing data, ok? And so this is a great, great analysis tool, plus you get to learn some of the analysis attacks here, like for example, what is a cipher-text only attack, what is a known plain text, how do you manually analyze it. You can go into some of the other algorithms like Mars and Serpent, Twofish and et cetera, et cetera. You can try to do factorization attacks, if you're going to do something like RSA. You can see your relating factorizations, RSA, to side channel attacks, et cetera, et cetera. So attack the hash value of a digital signature, or analyzing the randomness text, see if it meets the FIPS 140 standard. And then you have plot analysis for spectrums and things like that, which you can use. This is too simple here for plot analysis, but nonetheless, when you get to the advanced stuff you can see that. You also can choose your alphabets and some of the text options, and things like that. So go ahead, play with this tool. Spend some time on it. I find myself, when I was learning this, getting lost in this tool for hours, because it was actually verifying and validating all of the stuff that I've actually learned, and all of the theory, ok. So, enjoy it. Try the Cryp Tool, this is going to be paramount in your study of crypto-analysis. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?