Government Security
Network Security Resources

Jump to content

Photo

Tutorial - Breaking Weak Encryption With Excel

- - - - - security encryption perl algorithm tutorial
  • Please log in to reply
No replies to this topic

#1 bspirovski

bspirovski

    Specialist

  • Sergeant Major
  • 118 posts

Posted 29 November 2009 - 10:07 AM

The importance of a good encryption algorithm is essential to functional security. And yet there are a lot of misguided initiatives to use an 'internal', 'trusted' and 'secret' algorithm. Obscurity IS NOT Security and an algorithm that hasn't passed external scrutiny may be fundamentally flawed. If you go down that road you may even find your encryptions hacked by non-programmers.

Here is a tutorial on how easy it is to crack an encryption that is not properly designed.
For this tutorial, We are going to work with a really simple and weak algorithm - XECryption.

Here is a narrative summary of the algorithm:
  • The password the user chose is first used to produce a number by adding the ASCII value of every character in the password to produce one large total. This number is used as the encryption key.
  • The message is encrypted by adding the password key is added to the ASCII value of each letter in the message, then it is divided by three. A random number between -10 and 10 is added to this new number. This becomes the first number in the series, and is repeated to produce the second number. The third number is the difference between the first two final numbers and the original ASCII value plus the password key. At the end, every letter in the encrypted message takes on the following format: ".193.144.164".
  • When decrypting, the password key is found in the same way that it's encrypted. Each triplet is added together, and then the password key is subtracted. This is the ASCII value of the letter.
So in summary, an XECryption encrypted message represents each letter in number triplets. Here is a sample XECryption encrypted message for your exercise.

Most readers have already noticed that there are a lot of flaws to the algorithm. Here are some which we will use:
  • There are multiple decryption passwords - there are a lot of combinations of characters that will produce the same number which is used to create the encrypted message. In essence
  • Also,the encryption number/key is contained within the message.
  • It is extremely easy to bruteforce this algorithm.
Here is how to approach this crack, and you won't even need to program anything:
  • First, we need to remember that each total of the triplets contains the encryption number, and since it needs to be subtracted from the total, the resulting number needs to be positive. So your password is contained even in the lowest total of any triplet in the message.
  • Once you find the lowest triplet total, you can just attempt all numbers starting from the lowest total down to zero as a possible encryption number - in essence, just bruteforce the text.
  • If you use a program to do the bruteforcing, you need to program a logic which will be able to identify that the bruteforced result is the real solution. This is usually done by counting how many of the bruteforce calculated ASCII codes are codes for letters, numbers and punctuation marks. If the percentage is large, it is a possible solution.
  • If you use Excel, the pattern matching will be done by your brain - a human can easily identify words and discover the solution.
  • To utilize this approach, simply place the encrypted text into an excel sheet, and create sums of every three numbers. These numbers are the triplet totals that need to be decrypted.
  • Place the triplet totals sequence on row 1 of a sheet, and on column 1 find the minimum total of the sequence. Starting from this minimum simply fill the rows in column 1 with every number from the minimum down to 1
  • Then in the cells from row 2 and in all columns which have triplet total in row 1 use the following function - CHAR(Row1,ColumnX - RowX,Column1).
Conclusion of the article and excel example
http://www.shortinfo...ption-with.html
Bozidar Spirovski
http://www.shortinfosec.net





Also tagged with one or more of these keywords: security, encryption, perl, algorithm, tutorial