Petr Zak

Finance and IT enthusiast, problem solver

Page 2 of 3

Monoalphabetic cipher and natural language

Monoalphabetic cipher uses a permutation of itself as a key and then substitutes the plaintext using this key.

Example

Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Key: FIDKHTMVQBJXWPYAUOLESCRGZN

It gives us n! possibilities of keys. Ie. it is kind of resistant to brute force. Nevertheless, using the statistics and properties of natural language we can analyze the frequency of letters’ occurrence and map corresponding alphabet-key pairs. Simply said the plaintext frequencies translate to ciphertext frequencies. The longer the message the more accurate results we can get for certain letters and then deduct the rest.

Example

The most often letters in English are “e” and “t”, the least “z” and “q”.

Caesar cipher

Caesar cipher is a substitution cipher. You take the whole alphabet and substitute it with a different alphabet. In Caesar’s case you shift the plaintext alphabet to the right by k letters for encryption. Key k is an arbitrary integer. Continue reading

Side-Channel attack

Let’s consider an encryption algorithm that is “unbreakable” by design. We code it and implement in on certain hardware (provided by 3rd party for example). The Side-Channel attack uses the unintentional leakage of secret information generated by that hardware. For instance, Paul Kocher realized that different plaintexts and keys cause different loads of system resources. Another example could be electro-magnetic radiation generated by the hardware we use. To prevent the first kind of leakage we can obscure the computation, therefore there won’t be any peaks or bottoms in consumption. The second one could be avoided by better EM shields.

Types of attacks

Brute force

Trying all possible keys until the we find the correct one; we need to be able to distinguish the correct key as there might be different keys giving meaningful outcomes. With the key of length n, we have 2n possibilities and on average we are successful after 2n-1 tries. Continue reading

Information Entropy

In cryptography, it is a measurement of uncertainty or unpredictability. Continue reading

CIA

We do not refer to the Central Intelligence Agency but key concepts in ethical hacking:

  • Confidentiality – keep the information away from non-authorized people/systems; using encryption, access rights
  • Integrity – keep the information unaltered by non-authorized
  • Availability – keep the information available to those who need it

Opposite would be:

  • Disclosure
  • Alteration
  • Disruption

 

Hacker’s needs…

Hacker’s needs to commit a crime are the same like in case of a regular crime:

  • Means
  • Motive
  • Opportunity

 

Ethical Hacker’s needs:

  • Good contract
  • Do only what you have permission to do
  • Confidentiality and privacy in mind

Boot Kali linux to console

Get the current session type, text-mode or graphical:

systemctl get-default

Set the current session type to text-mode by disabling gdm autostart:


systemctl set-default multi-user.target

Enable lightdm autostart:

systemctl set-default graphical.target

Is Ace the Case workshop worth it?

KPMG provided several workshops in winter semester in the Czech Republic. One of them focused on real business cases was Ace the Case. It is divided into two days. In the first day you are given presentations from KPMG consultants and directors, whereas in the second day you have the chance to bring all of the first day experience into practice. Continue reading

Why CRM matters

CRM stands for Customer Relationship Management. There are more than 45 definitions of CRM (Zablah, Bellenger and Johnston, 2004), used in academic literature, on main CRM portals or used by top CRM vendors. All in common represent a strategy to reduce costs and  increase profitability by keeping long term relationships with customers (consumers, companies, government, or even other department of the same firm). Continue reading

« Older posts Newer posts »

© 2018 Petr Zak

Theme by Anders NorenUp ↑