Fall 2013: Computer Science 347 - crypto

Keywords: crypto, openssl, PKI, truecrypt, md5, RSA.



---

1. Locate WindowsXPProfessionalBase_2013.rar and RH72LabImage_2013_2.rar in the /virtual_machines directory.
2. Extract the VMs.
   1. In RH72, go to /home/hacker/crypto. There you will find two files: t1.html and t2.html. Your goal is to use openssl to sign t1.html (you need to generate keys, etc.). such that the same signature is valid when verifying t2.html. I.e. create a forgery.
   2. You might find the following commands useful:
   3. openssl genrsa -out mykey.pem 1024
   4. openssl rsa -in mykey.pem -pubout > mykey.pub
   5. openssl rsautl -encrypt -pubin -inkey publickey.pem -in plain.txt -out cipher.txt
   6. openssl rsautl -decrypt -inkey 1privatekey.pem -in cipher.txt -out plainRcv.txt
   7. openssl sha1 -sign privatekey.pem -out out.file plain.txt
   8. openssl sha1 -verify publickey.pem -signature out.file plain.txt
3. Now, go into the windows XP machine. Using TrueCrypt, generate a new 10MB volume using AES-Twofish encryption and SHA-512 hashing function. Mount the volume and create a text file containing: hello world.
4. Using a hex editor (installed in the VM), open up the text file you created. Is it readable?
5. Dismount the volume, open up the whole volume in the hex editor. Can you find the file you created? Is it readable?
6. Create another volume named 347_2 with AES encryption and RIPEMD-160 hash function.
7. Exercise: See truecrypt volume: 347_1 on the desktop. Now, your goal is to crack this volume (mount and read the content). What is the secret? (hint: compare it with the new volume what you created)
8. Using Cain and Abel crack as many Windows passwords as you can. How did you do it? Did you find any collisions?
   

   ---