Umbrellas make a good defence against cameras substitution cipher example on English alphabet
26! is very big ~ 100x(10^3)^8, 100~7 bits, 10^3 ~10 bits, total ~90 bits of work.
For a 16GHz computer it would take a whole year of running to compute => 16 x 10^9, 2^34 operations per second * 2^12 seconds in an hour * 2^5 hours in day * 2^9 days in year = 2^60 = 60 bits of work.
Theoretically it would be infeasible to crack a substitution cipher, yeah because of the patterns in the English language it takes considerably less time than advertised. This is because English has low Entropy.
Passwords are more likely to use common english phrases. Guided brute force algorithms takes advantage of this.
Telegraph example: possible attacks
Replay Attacks
An attacker uses replay messages from a different context into the intended or original context. This exploits the predictability or protocols and fooling participants that think they are successfully completing task up to protocol.
Main-in-the-middle
An attacks secretly relays and/or possibly altering message between 2 parties communicating in a network that believe the are only communicating to each other.
A method of cryptography that generates a seemingly random value given distinct messages/data. The hash function must be consistent in assigning these values.
They must return the same y given an x (deterministic)
Avoid Hash collisions - where 2 distinct x’s map to the same y value
Clustering in the data causes clustering in the hash function
Birthday attack exploits hash collisions
To check if a file has been tampered with, compare hash’s of the original file and the file you received to see if anything was changed. The site will normally put up the hash of their file on the website.
Putting it all together, the features of a hash are:
Fast to hash, infeasibly slow to decipher
Hard to find 2 messages with the same hash (Collisions)
Social engineering is the art of learning and lying to gain access to physical systems and into software vulnerabilities. Mostly relies on human manipulation. 95% of attacks use some sort of social engineering cause people are so trusting. It usually takes 146 days to detect a breach cause by social engineering. E.g. phishing, ransomware, USB baiting etc.
Investigation - learn as much as possible about victims
Hook - initiate the conversation with the target and build rapport
Play - obtain the information
Exit - leave the conversation without seeming suss
Social engineering vectors
Pretexting - invented scenario to get information out from someone
Baiting - taking advantage of curiosity or greed
Quid Pro Quo - getting something for something
Tailgating e.g. heavy box technique
Phishing - like emailing someone to get credit card details or sensitive information
People can be easily exploited and/manipulated.
Reciprocity - people like to return acts of generosity with acts of generosity. Taking advantage of obligation essentially.
Liking - Getting someone to like you will make it easier for you to manipulate or take advantage of them
Social cues - peer pressuring and exploitation of purely social functioning in the victim and his/her circle.
Authority - people often blindly follow orders without asking too many questions.
Setting the hash output to the biggest it can possibly be is the only way of preventing most attacks. That way even the square root of a number is too much work to do.
Preimage attacks - given an h(M) find an M. Usually takes 2^n bits and on average 2^(n-1).
2nd preimage attack - given M find M’ such that h(M)=h(M’). Usually only 2^(n) and on average 2^(n-1)
Collision attack - find both M and M’ such that h(M)=h(M’). Usually only 2^(n/2) and on average 2^(n/2-1)
Examples of hashes include:
Fingerprinting - check that the hash generated from the fingerprint scan matches the one save on file
Proof of Work - in bitcoin you only get a new block when you solve a very difficult puzzle. It’s hard to produce and easy to verify.
Message Authentication Codes (MAC) - append a password to the end of a message to be hashed.
Has some extra properties:
Needs to be quick to compute
Hard to reverse (no preimage attacks)
A small change in the text results in a large change in the hash