Cryptographic attacks

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term rootkit is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.

program that records the keys struck on a keyboard

thumb|upright=1.5|Reconstruction of the appearance of cyclometer, a device used to break the encryption of an early version of the [[Enigma machine. Based on sketches in Marian Rejewski's memoirs.]]

Stuxnet is a malicious computer worm first uncovered on 17 June 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the Iran nuclear program after it was first installed on a computer at the Natanz Nuclear Facility in 2009. Although neither the United States nor Israel has openly admitted responsibility, multiple independent news organizations claim Stuxnet to be a cyberweapon built jointly by the two countries in a collaborative effort know

cryptanalytic method for unauthorized users to access data via an exhaustive search

form of active eavesdropping in which the attacker makes connections with the victims and relays messages between them

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Rapid7, a Boston, Massachusetts-based security company.

study of the frequency of letters or groups of letters in a ciphertext

technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

precomputed table for reversing cryptographic hash functions

any attack based on information gained from the implementation of a computer system

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running on Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. Th

network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed, carried out either by the originator or by an adversary who intercepts the data and retransmits it

type of cryptographic attack

general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions

process of recovering passwords from data that has been stored in or transmitted by a computer system

cryptographic attack against encryption schemes that rely on performing multiple encryption operations in sequence

method in cryptanalysis

cryptanalytic attack model where the attacker has access to both the plaintext and its encrypted version

attack model for cryptanalysis where the attacker has access to a set of ciphertexts

attack model against cryptographic hash functions

codename referring to investigations and studies of compromising emanations

cryptographic attack

Distributed.net is a volunteer computing effort that is attempting to solve large scale problems using otherwise idle CPU or GPU time. It is governed by Distributed Computing Technologies, Incorporated (DCTI), a non-profit organization under U.S. tax code 501(c)(3).

extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture

In cryptography, a side channel attack

process of intercepting and examining messages

general form of cryptanalysis based on finding affine approximations to the action of a cipher

cryptanalytic attack model where the attacker gathers information by obtaining the decryptions of chosen ciphertexts.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. The Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Steganalysis is the study of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography.

Key that is easy to break with a specific cipher

Cryptologic technique used in World War II

How often identical letters appear in the same position in two texts

cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network

FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer (so-called RSA EXPORT keys), with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with a

cryptographic attack that forces the use of weaker or no encryption

Amount of ciphertext needed to unambiguously break an encryption system

Type of cryptographic attack

in cryptography, a malicious entity

CRIME (Compression Ratio Info-leak Made Easy) is a security vulnerability in HTTPS and SPDY protocols that utilize compression, which can leak the content of secret web cookies. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks. CRIME was assigned .

classification of cryptographic attacks specifying the kind of access a cryptanalyst has to a system under attack

pwdump is the name of various Windows programs that outputs the LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM) database and from the Active Directory domain's users cache on the operating system.

British science historian, World War II codebreaker at Bletchley Park (1918–2011)

Locky is ransomware malware released in 2016. It is delivered by email (that is allegedly an invoice requiring payment) with an attached Microsoft Word document that contains malicious macros. When the user opens the document, it appears to be full of gibberish, and includes the phrase "Enable macro if data encoding is incorrect," a social engineering technique. If the user does enable macros, they save and run a binary file that downloads the actual encryption Trojan, which will encrypt all files that match particular extensions. Filenames are converted to a unique 16 letter and number combin

theoretical attack on block ciphers

form of cryptanalysis

Refers to several related phenomena

attack against cryptographical hash functions, where knowing Hash(message₁) and the length of message₁ allows an attacker to calculate Hash(message₁ ‖ message₂) for an attacker-controlled message₂

attack which uses the padding validation of a cryptographic message to decrypt the ciphertext

Banburismus was a cryptanalytic process developed by Alan Turing at Bletchley Park in Britain during the Second World War. It was used by Bletchley Park's Hut 8 to help break German Kriegsmarine (naval) messages enciphered on Enigma machines. The process used sequential conditional probability to infer information about the likely settings of the Enigma machine. It gave rise to Turing's invention of the ban as a measure of the weight of evidence in favour of a hypothesis. This concept was later applied in Turingery and all the other methods used for breaking the Lorenz cipher.

cross-protocol attack against TLS using the SSLv2 protocol

in cryptography, a side channel attack which exploits sounds

TeslaCrypt was a ransomware trojan. It is now defunct, and its master key was released by the developers.

cryptographic timing attack against implementations of TLS that use the CBC mode, reported in February 2013 by N. J. AlFardan and K. Paterson

cryptographic weakness

class of attack on cryptographic systems