#examstudy

I’ll skip the intro/admin stuff because my tutor (Trashpanda) told us to keep things quite short. This may get quite long though... I’ll separate this into a tutorial summary and a reflection then.

Something Awesome. I need to start thinking about something security related that I’m interested in learning and exploring. Some project to undertake that’s fun and beneficial. Since it’s due in like 7 weeks, I don’t have much time to decide and get started. So ideally, but the end of this week I will have chosen what I want to do and gone into it. At the very least I want to get well into it so that I’m actually competent somewhat.

In terms of ideas, I think I’ll be interested in doing some cracking or problem solving. I think going off the different topics offered to the extension students would be good. Some key things like CTFs, hacking into systems and Cryptocurrency sounds like it would be good in general.

All this ties up into the Job Application which covers:

Analysis

Time Management

Skills

Community / Professionalism

Something Awesome Project

We discussed a few ideas and the extent that we could go to in pursuing our project. Nobody had decided yet, so Trashpanda tossed up a few ideas and talked about what people did in the past.

Cryptography After learning about cryptography in the lecture, we came together to crack two codes together. They were all substitution ciphers, appropriate since the exam may have a question on this.

Some learning from this section included:

t is the second-most common letter in English

Pattern recognition is quite critical in deciphering codes

Apostrophes (suggests ‘s’ or ‘t’ like don’t or panda’s)

Hyphens

We used Puzzle Barons since the NSA one isn’t working as intended. By the end of the course, I hope to get quite good at this achieving at minimum at time of 90 seconds.

Code vs. Encryption With CODES and substitution, the meta information is still there. The lengths of words are generally the same, and you have a limitation in how you encode characters.

On the other hand, ENCRYPTION gives you nothing. All the processes that lead into encryption come down to a single key. In order to decrypt the code, you would need to essentially reverse the process, making it harder to break. This is the standard and what we use today.

*On another note, hashes are irreversible :o

CIA (Confidentiality Integrity Authentication)

C or Confidentiality means that only the personnel that you intend to know should know.

I for Integrity means that there is an assurance or validity that your information stays untampered with. This can be done using hashes like the MAC addresses which need to match to ensure things are the same as they claim to be.

A for Authentication means that you are verifying that people are who they say they are.

Note: On the other hand, Authorisation is different as an action where you are giving PERMISSIONS to others to access that they didn’t have previously

Bits of Security We did an example where given a password with 8 characters which can be:

Lowercase (26)

Uppercase (26)

A number between 0 and 9 (10)

Then for each character you can have 26+26+10 combinations (62). So for the whole password, the total number of permutations are 62^8 = 2E14.

Simplifying this, we want to define the bits of security in binary (base 2).

So we round off the base to its closest power of 2.

If we round the number to 64^8 that’s approximately the same (2E14).

Now then, if we take that as a base 2, it becomes 2^6^8

That resolves to become 2^48