Cryptography attacks

Archived. Scripts should work, but I'm not planning to refactor or add new attacks.

Requirements:

• Python 2.7 or 3.7
• future
• pycrypto
• gmpy2
• BeautifulSoup4
• requests
• termcolor

Installation:

git clone https://github.com/GrosQuildu/CryptoAttacks
cd CryptoAttacks
python ./setup.py install

Attacks:

(* means Sage script)

• Classic
  • One time pad / xor
    • Guess key size
    • Repeated key
    • Reused key
• Block
  • CBC
    • Bit flipping
    • Padding oracle
      • Decrypt ciphertext
      • Forge ciphertext that will decrypt to given plaintext
    • Key as IV
  • ECB
    • Byte-at-time decryption
    • Known plaintexts
  • GCM
    • auth key recovery with biased nonce
  • Whitebox AES
    • Differential fault analysis*
• Public Key
  • RSA
    • Small e, small plaintext
    • Common primes
    • Wiener's small private exponent
    • Hastad's broadcast
    • Faulty (RSA-CRT)
    • Parity oracle
    • Blinding (signatures/ciphertexts)
    • Bleichenbacher'06 signature forgery
    • Duplicate-Signature Key Selection
    • Bleichenbacher's PKCS1.5 oracle
    • Manger's OAEP oracle
• Elliptic Curves
  • ECDSA
    • Biased nonce (LSB equals to zero)*
    • Duplicate-Signature Key Selection*
  • Pohlig-Hellman*
  • Discrete log on singular curves*
  • Invalid curves attack
• Hash
  • Length extension (sha1, md4)
• PRNG
  • Linear Congruence generator
• Utils
• Math

For docs(strings) check CryptoAttacks/docs/

For example uses check CryptoAttacks/tests/

To change verbosity:

from CryptoAttacks.Utils import log

log.level = 'debug'  # debug, info, success

Most functions takes and returns bytes (not str), to use with python2 do:

from builtings import bytes

arg = bytes(b'some arg')