Demos of selected tasks and discussion of the answers is available here.
A summary of the meaning of the feedback you see when you view your grade is below. Note that they different comments/notes may result in different (or even no) penalty score.
Task 3: Most students changed the key and compared the different outputs, which is correct. You should change just one bit at a time; not change multiple bits. Also, you should count the number of bits in the ciphertext which are different – not just saying “they are significantly different”.
Task 4, 5 and 6: Some students recognise the repetition of blocks in ciphertext when using ECB. When decrypting the modified ciphertext, I was looking for explanations of WHY the plaintext values different from the original. Only those with Ok or Good had explanations of WHY. Most other students identified that the plaintext was different (e.g. by X bytes) but didn't give a clear explanation of why (Not explained, or No explanation why).
Use OpenSSL to try several symmetric, block ciphers.
OpenSSL is both a library and standalone application for cryptography. If you write your own software, you can use the library. In this homework, you will only use the standalone application.
OpenSSL is free software, and is available for various operating systems, including being already installed on the ict.siit.tu.ac.th server. It is installed by default on Ubuntu Linux and Mac OSX - although make sure you have a recent version, at least version 1. If you don't want to install OpenSSL yourself or have an old version, I recommend using the IT server, i.e. login to the the IT server and run OpenSSL. To check the version, on the command line run the following (this shows the version on the IT server)
$ openssl version OpenSSL 1.0.1 14 Mar 2012
OpenSSL supports many different operations. Run man openssl to see the manual, which lists the operations. The main operation you will use in this homework is enc (for symmetric ciphers). Run man enc to see the details, including ciphers supported.
Last year I created a 12-minute screencast showing how to use OpenSSL to encrypt using DES (as well as a few other operations). I recommend viewing this example to see OpenSSL in use.
In the following replace ID with your student ID.
Task 1. Create two plaintext files:
Also choose a random key to be used for DES, and save the 16 digit hexadecimal value in a file key.txt. There are different ways to generate a random value, an easy way is to use openssl rand (try man rand for an explanation).
Task 2. Encrypt the first plaintext file, name.txt using DES, your key and ECB mode of operation. The ciphertext should be in a file named name.enc. Look at the binary version of the file. Note that OpenSSL adds a 81 Byte integrity check to the end of the ciphertext. - you can ignore these last 8 Bytes. SG 2012-12-07: To avoid the integrity check, which may cause confusion later, use the -nopad option. Create a text file, discussion.txt, and include the exact command you used to encrypt the first plaintext file.
Task 3. Determine if the avalanche effect is present in the cipher when different key values are used. (Remember to ignore the last 8 Bytes of ciphertext - the integrity check - when comparing values). You should try at least 3 different keys. In the file discussion.txt, add an explanation of how you tested for the avalanche effect (including the keys you used), your results and conclusions. You don't have to study the avalanche effect with different plaintexts - only with different keys. (SG 2012-12-10: Be careful when changing the key: recall that DES takes a 64-bit key as input but only uses 56 of those bits in the encryption - 8 bits are used for parity check. So when changing the key, make sure you change one of the 56 bits. The 8th, 16th, 24th, ...64th bit of the input key are not used in encryption - see slide 35).
Task 4. Encrypt the second plaintext file, repeated.txt, using DES, the same key and with three different modes of operation: ECB, CBC and OFB. Save the ciphertext as repeated-ecb.enc, repeated-cbc.enc and repeated-ofb.enc. Look at the output binary values and in the file discussion.txt, comment on the different binary values (i.e. do you notice anything about them?).
Task 5. In each of the 3 ciphertext files from Task 4, modify 1 bit in the first byte, creating three new files: repeated-ecb-mod.enc, repeated-cbc-mod.enc and repeated-ofb-mod.enc.
Task 6. Decrypt the 6 ciphertext files, saving the output of each as decrypt-ecb.txt, decrypt-cbc.txt, decrypt-ofb.txt, decrypt-ecb-mod.txt, decrypt-cbc-mod.txt and decrypt-ofb-mod.txt. In the file discussion.txt, comment on the decrypted values.
Submit all your files in Moodle. There must be 17 files:
The last file, discussion.txt is a plain text file with your notes/comments from the different tasks. Although it is not a requirement, you may include copy-and-paste of output of your commands if it is useful in the explanation. All other files must be exactly how you used them. I will read discussion.txt, but I will not read the other files. Instead I will run a script that tests your other files.
For all ciphers, use the following:
How to generate a random number? In the screenast from last year I used /udev/random. A simpler way is to use OpenSSL and the rand operation. To get an output in hexadecimal (which is the input format for a key in OpenSSL) use the -hex option. You can specify the number of bytes, e.g. 8 bytes (or 64 bits):
$ openssl rand -hex 8 c42eaad968a1031e
How to create a file without a newline? You can use echo with the -n option:
$ echo -n "stevengo" > name.txt $ cat name.txt stevengo
How to create a file which repeats another X times? You can use cat. For example, the following repeated "stevengo" 3 times:
$ cat name.txt name.txt name.txt > repeated.txt $ cat repeated.txt stevengostevengostevengo
How to view the binary form of a file? Most hex editors will allow you to view hex/binary. On the command line you can use xxd, e.g.:
$ xxd name.txt 0000000: 7374 6576 656e 676f stevengo $ xxd -b name.txt 0000000: 01110011 01110100 01100101 01110110 01100101 01101110 steven 0000006: 01100111 01101111 go $ cat name.txt stevengo
How to edit a binary file i? Again, a hex editor will often allow you to both view and edit a file. Alternatively, you can edit hex values on the command line using sed, e.g. to replace the hex value 73 with the value 74: (SG 2012-12-10: the following sed command works in Linux, but not Mac OSX. In MaC OSX you can instead use perl -pe 's/\x73/\x74/' - that is, replace sed with perl -pe)
$ xxd -b name.txt 0000000: 01110011 01110100 01100101 01110110 01100101 01101110 steven 0000006: 01100111 01101111 go $ sed 's/\x73/\x74/' name.txt > name-mod.txt $ cat name-mod.txt ttevengo $ xxd -b name-mod.txt 0000000: 01110100 01110100 01100101 01110110 01100101 01101110 tteven 0000006: 01100111 01101111 go
Another alternative is to use Emacs.
How to count bits? You can use xxd to display the binary form of ciphertext. Using options, it can be formatted to easily get the sequence of bits you desire:
$ xxd -b name.enc 0000000: 10100001 00000110 00011101 11010010 10011111 10100111 ...... 0000006: 00001000 10100100 01111110 01000010 00101000 00100010 ..~B(" 000000c: 01110111 00110110 01100110 11000000 w6f. $ xxd -b -c 8 -g 8 name.enc 0000000: 1010000100000110000111011101001010011111101001110000100010100100 ........ 0000008: 0111111001000010001010000010001001110111001101100110011011000000 ~B("w6f. $ xxd -b -c 8 -g 8 name.enc | head -1 0000000: 1010000100000110000111011101001010011111101001110000100010100100 ........ $ xxd -b -c 8 -g 8 name.enc | head -1 | cut -d " " -f 2 1010000100000110000111011101001010011111101001110000100010100100
Now you can compare this binary sequence with another.
Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT