080380116043 6th IT

ASSIGNMENT - 1

1) Explain Brute Force Attack with example.

Brute Force Attack is the most widely known password cracking method. This attack simply
tries to use every possible character combination as a password. To recover a one-character
password it is enough to try 26 combinations (‘a’ to ‘z’). It is guaranteed that you will find the
password.. but when? How long will it take? The two-character password will require
26*26=676 combinations.

The number of possible combinations (and therefore required time) grows rapidly as the length
of the password increases and this method quickly becomes useless. Do you ready to wait for
two months while your 9-character password is cracked? What about one hundred years for an
11-character password. Then you can increase the length of password simultaneously decreasing
the character set to keep the required time good acceptable.If the password is case sensitive (this
is the most common situation), there is another problem with the case.

There are three options:

1) you can assume that the password was typed in lower case (this is most likely). In this case,
the required time will stay the same but if the password contains upper case letters it will not be
recovered.

2) you can try all combinations.

The password is guaranteed to be found, but the process slows down significantly.  A 7-character
lower case password requires about 4 hours to be recovered but if you would like to try all
combinations of upper case and lower case letters, it will require 23 days. 3) The third method is
trade-off. Only the most probable combinations are taken into consideration, for example
"password", "PASSWORD" and "Password". The complicated combinations like "pAssWOrD"
are not. In this particular case the process slows down to one third of original speed but there is
still a possibility to fail.

You can reduce the amount of time required using faster computers (only the CPU speed is
important. The amount of RAM, the performance of the hard drive and other hardware don’t
affect the brute force speed), using several computers, choosing the fastest password crackers or
tuning the brute force parameters wisely and accurately.

The table below shows the time required for Brute Force Attack depending on the password
length and used character set. It is assumed that the attack is carried out on a single computer and
the brute force speed is 500 000 passwords per second.

1
080380116043 6th IT

Character set
Length of the
lowercase lowercase letters Both lowercase and all printable ASCII
password
letters and digits uppercase letters characters
< = 4 Instant 2 min
5 instant 2 min 12 min 4 hours
6 10 min 72 min 10 hours 18 days
7 4 hours 43 hours 23 days 4 years
8 4 days 65 days 3 years 463 years
9 4 months 6 years 178 years 44530 years
10 You should have bought a password manager! :-)

Bear in mind that the time shown above is the worst possible time. Brute Force Attack tries all
password combinations and you don’t know which one of them is correct. If you’re
lucky enough, the first combination will succeed. If not, the correct combination will be tried
last.

EXAMPLE:

With SSL your traffic is being encrypted and cannot be understood or altered by a man in the
middle attack or brute force unless the keys used are weak (which is not likely).

There are ways to fake connections (primarily by proxy servers) so that the user believes
they have an SSL connection to a site but they really do not. The actual SSL connection is
from the proxy server to the site, not the user to the site. The end result is that the proxy may
be able to read the user's information.

2) Explain Rotor Machine with Neat Diagram.

2
080380116043 6th IT

In cryptography, a rotor machine is an electro-mechanical device used for encrypting and

decrypting secret messages. Rotor machines were the cryptographic state-of-the-art for a brief
but prominent period of history; they were in widespread use in the 1930s–1950s. The most
famous example is the Enigma machine.

The primary component is a set of rotors, also termed wheels or drums, which are rotating disks
with an array of electrical contacts on either side. The wiring between the contacts implements a
fixed substitution of letters, replacing them in some complex fashion. On its own, this would
offer little security; however, after encrypting each letter, the rotors advance positions, changing
the substitution. By this means, a rotor machine produces a complex polyalphabetic substitution
cipher.

In classical cryptography, one of the earliest encryption methods was the simple substitution
cipher, where letters in a message were systematically replaced using some secret scheme.
Monoalphabetic substitution ciphers used only a single replacement scheme — sometimes
termed an "alphabet"; this could be easily broken, for example, by using frequency analysis.
Somewhat more secure were schemes involving multiple alphabets, polyalphabetic ciphers.
Because such schemes were implemented by hand, only a handful of different alphabets could be
used; anything more complex would be impractical. However, using only a few alphabets left the
ciphers vulnerable to attack. The invention of rotor machines mechanized polyalphabetic
encryption, providing a practical way to use a much larger number of alphabets.

The earliest cryptanalytic technique was frequency analysis, in which letter patterns unique to
every language could be used to discover information about the substitution alphabet(s) in use in
a mono-alphabetic substitution cipher. For instance, in English, the plaintext letters E, T, A, O, I,
N and S, are usually easy to identify in cipher text on the basis that since they are very frequent
(see ETAOIN SHRDLU) their corresponding cipher text letters will also be as frequent. In
addition, big ram combinations like NG, ST and others are also very frequent, while others are
rare indeed (Q followed by anything other than U for instance). The simplest frequency analysis
relies on one cipher text letter always being substituted for a plain text letter in the cipher: if this
is not the case, deciphering the message is more difficult. For many years, cryptographers
attempted to hide the telltale frequencies by using several different substitutions for common
letters, but this technique was unable to fully hide patterns in the substitutions for plaintext
letters. Such schemes were being widely broken by the 16th century.

Cipher designers tried to get users to use a different substitution for every letter, but this usually
meant a very long key, which was a problem in several ways. A long key takes longer to convey
(securely) to the parties who need it, and so mistakes are more likely in key distribution. Also,
many users do not have the patience to carry out lengthy, letter perfect evolutions, and certainly
not under time pressure or battlefield stress.

3
080380116043 6th IT

Figure:-Three-Rotor Machine

The mechanization of cryptography was seen as a great advance, and most at the time felt these new
Systems were practically unbreakable. A rotor is a small disk with electrical contacts on either side, one
For every letter of the alphabet, which form a permutation on the set of all letters? A rotor machine is
Formed by concatenating rotors to form a new permutation. Rotors rotate after the encasement of each
Letter to yield a new permutation

4
080380116043 6th IT

3) Write a note on fiestal network.

Horst Feistel was one of the first non-military researchers in the field of cryptography and can
be considered the father of modern block ciphers.

In 1973 he published an article with the title 'Cryptography and Computer Privacy' in a

magazine called 'Scientific American', in which he tried to cover the most important aspects of
machine encryption and introduced what is today known as the 'Feistel Network'.

n cryptography, a Feistel cipher is a symmetric structure used in the construction of block

ciphers, named after the German-born physicist and cryptographer Horst Feistl who did
pioneering research while working for IBM (USA); it is also commonly known as a Feistel
network. A large proportion of block ciphers use the scheme, including the Data Encryption
Standard (DES). The Feistel structure has the advantage that encryption and decryption
operations are very similar, even identical in some cases, requiring only a reversal of the key
schedule. Therefore the size of the code or circuitry required to implement such a cipher is nearly
halved.

Let F be the round function and let be the sub-keys for the rounds
respectively.

Then the basic operation is as follows:

Split the plaintext block into two equal pieces, (L0, R0)

For each round , compute

Then the ciphertext is (Rn + 1,Ln + 1).

Decryption of a ciphertext (Rn + 1,Ln + 1) is accomplished by computing for

Then (L0,R0) is the plaintext again.

5
080380116043 6th IT

One advantage of the Feistel model compared to a substitution-permutation network is that the
round function F does not have to be invertible.

The diagram illustrates both encryption and decryption. Note the reversal of the sub key order for
decryption; this is the only difference between encryption and decryption.