Week 6 Lab Encryption - Crypto 101

Answer the questions below

I agree not to complain too much about how theory heavy this room is. • No answer needed

Are SSH keys protected with a passphrase or a password? • When I looked up the question, I found this useful:

https://docs.microsoft.com/en-us/azure/devops/repos/git/gcm-ssh-passphrase?view=azure-devops#:~:text=SSH%20uses%20private%2Fpublic%20key,to%20copy%20your%20private%20key.

Answer: Passphrase

What does SSH stand for? • Secure Shell (https://en.wikipedia.org/wiki/Secure_Shell/)

How do webservers prove their identity? • Authentication by use of certificates proves webservers identity https://www.bu.edu/tech/about/security-resources/bestpractice/auth/#:~:text=In%20authentication%2C%20the%20user%20or,%2C%20voice%20recognition%2C%20and%20fingerprints. And the answer is also found further down the Encryption - Crypto 101 room.

Answer: certificates

What is the main set of standards you need to comply with if you store or process payment card details?

pcicomplianceguide.org states that – A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Answer: PCI-DSS

What’s 30 % 5? • There is no remainder Answer: 0

What’s 25 % 7 • There is a remainder – round up Answer: 4

What’s 118613842 % 9091 • Hints said I should use Python so I just googled it.

Answer: 3565

Should you trust DES? Yea/Nay • DES encryptions are weaker Answer: Nay

What was the result of the attempt to make DES more secure so that it could be used for longer? • Found here: http://www.umsl.edu/~siegelj/information_theory/projects/des.netau.net/des%20history.html

Answer: Triple DES

Is it ok to share your public key? Yea/Nay • Public keys are for the public

Answer: Yea

p = 4391, q = 6659. What is n? • n = p * q Answer: 29239669

I understand enough about RSA to move on, and I know where to look to learn more if I want to. • No answer needed

I understand how keys can be established using Public Key (asymmetric) cryptography.

Cool article:

https://robertheaton.com/2014/03/27/how-does-https-actually-work/

Who is TryHackMe’s HTTPS certificate issued by? • I think it was recently changed to: Avast trusted CA

Answer: R3 (Found on different site.)

I recommend giving this a go yourself. Deploy a VM, like Linux Fundamentals 2 and try to add an SSH key and log in with the private key. • No Answer needed

Download the SSH Private Key attached to this room. • No Answer needed

What algorithm does the key use?

Answer: RSA

Crack the password with John The Ripper and rockyou, what’s the passphrase for the key? )

• Answer: delicious

I understand how Diffie Hellman Key Exchange works at a basic level • No Answer needed

Time to try some GPG. Download the archive attached and extract it somewhere sensible. • No Answer needed

You have the private key, and a file encrypted with the public key. Decrypt the file. What’s the secret word? • Pineapple

I understand that quantum computers affect the future of encryption. I know where to look if I want to learn more. • No Answer needed