Cryptography beginners guide with openssl - Part 2

Learn how to encrypt files with openssl using aes-128-cbc, including listing available ciphers, applying base64 encoding, and using salt to secure the encrypted text.

Derive the key and salt from a password and output them with OpenSSL, showing the derived key, salt, and the iv for aes-128-ecb and aes-128-cbc modes.

Generate a 128-bit key from 32 hexadecimal characters using OpenSSL rand, insert with -K into the cipher, add an initialization vector, and base64 encode.

Explore how salting in OpenSSL encryption prevents dictionary attacks by adding random salt to the key, using AES-128-CBC, and storing the salt in the first eight bytes of the ciphertext.

discover how base64 encodes binary data into ASCII strings to safely transfer encrypted content between different systems, and explore encoding with OpenSSL using aes-128-cbc, salted with a password-derived key.

Understand key space by examining password options: four numeric digits yield 10,000 possibilities, while eight lowercase letters yield 26^8 possibilities. Relate these to binary keys like 2^128, 2^256, and 2^512.

Explore how hex dump visualizes cipher blocks and demonstrate 128-bit ECB encryption with OpenSSL on a sample text.

Explore how block ciphers use xor as a bitwise operation to combine plaintext and key, introducing bit streams, binary digits, and modes of operation.

Demonstrate xor operations on bits, encrypt plaintext with a hex key to form ciphertext, then decrypt with same key, and defend against man-in-the-middle attacks using hashes and hmx for integrity.

Explore how the cryptography key space grows from eight possible keys to 8×7×6×5×4×3×2 = 40320 permutations, making cipher text more confusing for attackers.

Learn how permutation changes the mapping of a bit stream to new values using different keys, showing how eight options can be permuted with key 1 and key 2.

Apply permutation techniques to transform a key using a permutation table, mapping bit values to new positions to produce a different key for the cipher and confuse attackers.

Learn how plain text is permuted through rounds using a permutation table, splitting and expanding bits, swapping halves, shifting bits, and substituting with the key to produce ciphertext.

Explore how DES uses 64-bit blocks and AES uses 128-bit blocks, padding final blocks, and why ECB mode creates repeating ciphertext patterns.

Explore how the electronic code book (ECB) mode encrypts blocks and aggregates them, highlighting repeated blocks and the goal of encrypting with no repetitions.

Learn how cipher block chaining (cbc) uses an initialization vector to xor each plaintext block with the previous ciphertext, then encrypts with the same key and algorithm.

Explore the difference between ECB and CBC by encrypting the same secrets file with the same key and initialization vector in OpenSSL, then hex-dump the outputs to compare repeated blocks.

Demonstrate hashes as one-way, fixed-length outputs and show password hashing with openssl, from simple words to stronger hashes like sha256 and sha512 used in blockchain.

Hashes are not reversible; add salt and additional data to passwords before hashing to strengthen storage and deter attackers with salted hashes.

Select and apply a salt to the hash in OpenSSL practice, using the four x characters as the salt. Construct the hash with the salt to produce a unique result.

Hash passwords from a list by feeding a text file of passwords into openssl, producing corresponding hashes for each entry in the list.

Hash the Hey Jude text file on the desktop using a sha256 256-bit output, showing that changing the file produces completely different hash values to ensure integrity.

Explore fixed-size hash outputs from md5 128-bit to sha-512 using openssl, and learn how certificate authorities sign certificates with these hashes, including sha-256 in Amazon's root certificate.

Explore hash functions and collision resistance by hashing an image with sha-256, demonstrating how any manipulation changes the hash value and why no two messages share a hash.

Explore how MACs provide authentication and integrity for messages using a shared key, defend against tampering by a middleman, and contrast them with classic symmetric encryption.

A Mac, or message authentication code, is a fixed-size output created from a message and a shared key to verify origin and integrity.

Learn how hmac uses a shared symmetric key and a hash function such as sha-256 to authenticate messages, verify integrity, and compare with digital signatures using OpenSSL.