|
A word from
the author:
I hope you like my texts and find them useful. If you have
any problem or some suggestion feel free to e-mail me but please
don't send mails like "I want to hack the US government please help
me" or "Tell me how to bind a trojan into a .jpg" Be sure if I can
help you with something I will do it.
Table of
Contents
1.What is this text about?
2.About Encryption and how it works
3.About the Cryptography and PGP
4.Ways of breaking the encryption
-Bad pass phrases
-Not deleted files
-Viruses and trojans
-Fake Version of PGP
=--=--=--=--=--=--=--=--=
1.What is this
text about?
-=-=-=-=-=-=-=-=-=-=-=-=-=
In this text I'll explain you everything about
encryption,what is it,PGP, ways that someone can read your encrypted
files etc.Every hacker or paranoid should use encryption and keep
the other from reading their files.The encryption is very important
thing and I'll explain you how can someone break and decrypt your
files.
2.About
Encryption and how it works
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Encryption is very old.Even Julius Caesar used it when
he was sending messages because he didn't trust to his
messengers.You see encryption is everywhere,when you watch some spy
film you see there's always a computer with encrypted files or some
film about hackers when the feds busted the hacker and they see all
of the hacker's files are encrypted.
When you have simple .txt file that you can read this is
called "plain text". But when you use encryption and encrypt the
file it will become unreadable by the time you don't enter the
password.This text is called cipher text. The process of converting
a cipher text into plain text is called decryption.
Here's a little example:
Plain text
==>Encryption==>Ciphertext==>Descryption==>Plaintext
This example shows you the way when you encrypt and decrypt
a file.
3.About the
Cryptography and PGP
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Cryptography is science that use the mathematics to encrypt
and decrypt data.This science let you keep your files and documents
safe even on insecure networks like the Internet. The cryptography
can be weak and strong.The best is of course the strong one.Even
when you use all the computers in the world and they're doing
billion operations in second you'll just need BILLIONS of years to
decrypt strong encryption.
PGP (Pretty Good Privacy) is maybe the best encryption
program to encrypt your files and documents. It work in this way:
When you encrypt one file with PGP,PGP first compress the
file.This saves you disk space and modem transmition.Then it creates
a session key.This session key works with a very secure and fast
confidential encryption algorithm to encrypt the file.Then the
session key is encrypted with the recipient's public key.
PGP ask you for pass phrase not for password.This is more
secure against the dictionary attacks when someone tries to use all
the words in a dictionary to get your password.When you use pass
phrase you can enter a whole phrase with upper and lowercase letters
with numeric and punctuation characters.
4.Ways of
breaking the encryption
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP has been written for people that want their files
encrypted for people that want privacy. When you send an e-mail it
can be read from other people if you use PGP only the person for who
is the message will be able to read it.
Now you know many things about PGP and the encryption but
you may like to know can someone break it and read your private
texts and files.In fact if you use all the computers in the world to
decrypt a simple PGP message they'll need 12 million times the age
of the universe to break it. You see this is the BEST the encryption
is so strong noone can break it. The people that program it has done
their work now everything depends on you.
-Bad pass
phrases
*****************
The algorithm is unbreakable but they're other ways to
decrypt the text and read it. One of the biggest mistakes when
someone writes his/her pass phrase is that the pass phrase is
something like : "John" "I love you" and such lame phrases.Other one
are the name of some friend or something like that.This is not good
because this is pass phrase not password make it longer put numbers
and other characters in it.The longer your pass phrase is the harder
it will be guessed but put whole sentences even one that doesn't
make sense just think in this way: Someone is brute-forcing
thousands of pass phrases from a dictionary therefore my pass phrase
should be someone that is not there in the dictionary something very
stupid like:
hEllowOrld33IjustwanTtoteLLtoev3ryon3thatI'maLamErandI'mahacKer666
This is easy to remember because it's funny and there are
only a few numbers but you may not use upper and lowercase
characters.I hope you know will put some very good pass phrase and
be sure noone will know it.
Another mistake is that you may write the pass phase on a
paper and if someone find it you'll loose it and he/she will be able
to read your encrypted files.
-Not deleted
files
******************
Another big security problem is how most of the operating
systems delete files.So when you encrypt the file you delete the
plain text and of course leave the encrypted one. But the system
doesn't actually delete the file.It just mark those blocks of the
disk deleted and free. Someone may run a disk recovery program and
still see all the files but in plaintext.Even when you're writing
your text file with a word editor it can create some temporary
copies of it.When you close it these files are deleted but as I told
you they're still somewhere on your computer. PGP has tool called
PGP Secure Wipe that complete removes all deleted files from your
computer by overwriting them.In this way you'll only have the
encrypted files on your computer.
-Viruses and
Trojans
********************
Another dangerous security problem are the viruses and the
trojans.So when you infect with a trojan the attacker may run a key
logger on your system.
*Note
A key logger is a program that captures all keystrokes
pressed by you then saves them on your hard drive or send them to
the attacker
***************************************
So after the attacker run it he/she will be able to see
everything you have written on your computer and of course with your
PGP pass phrase.
There are also a viruses designed to do this.Simpy record
your pass phrase and send it back to the attacker.
-Fake Version
of PGP
********************
Another security problem is the PGP source that is
available so someone can make a fake copy of it that is recording
your pass phase and sending it back to the attacker.The program will
look real and it will work but it may also have functions you even
don't know about. A way of defending of these security problems is
to use a trojan and a virus scanner.You should also be sure your
computer is clean from viruses and trojans when you install PGP and
also be sure you get PGP from Network Associates Inc. not from some
other pages.
So now I hope you understand that PGP can't be braked but
if you use it wisely and be sure your pass phrase is good one,you're
not infected with viruses or trojans and you're using the real
version of PGP you'll be secure.
tHe mAnIaC is a member of Black Sun Research Facility
(BSRF). Get more BSRF tutorials at http://blacksun.box.sk.
Anarchy Rules
This guide is for educational purposes only I do not take
any responsibility about anything
happen after reading the guide. I'm only telling you how to
do this not to do it. It's your decision.
If you want to put this text on your Site/FTP/Newsgroup or
anything else you can do it but don't
change anything without the permission of the author.
Credits
by tHe mAnIaC
contact me at: dancho@mbox.digsys.bg
maniac@forbidden.net-security.org
16.11.1999
|