If Your Want To Be Good At Cyber Security … Go Learn Python and JavaScript

Last week, I gave a presentation on cyber security to college lecturers. It was great fun. The presentation after mines was by someone…

If You Want To Be Good At Cyber Security … Go Learn Python and JavaScript

Last week, I gave a presentation on cybersecurity to college lecturers, and it was great fun. The presentation after mines was by someone from Quorum Cyber, and I enjoyed listening to it. One point that really stuck out was the advice on student education …

“If you want to do Cyber Security, be good at Python and JavaScript”

I smiled at this, because many years ago I predicted the end of JavaScript, as it just couldn’t cope with the strongly typed languages such as C#. I could only see a future of Java, C#, .NET, and so on, and where everything was run within a framework. How wrong was I?

When I first started to use Python, I disliked it. But now virtually all the code I create has Python as my back-end code.

And so it is JavaScript and Python that should be a core element in the education of our next generation of Cybersecurity professionals. You will find JavaScript is involved in creating a modern user interface, and now, with node.js, we see JavaScript at the back-end. The days of technical people avoiding scripting are thus past, and now it has become a standard tool in data analytics, cloud infrastructures, pen testing, crypyoanalysis, and in so many areas.

So let’s look at a simple example of using node.js. The following is some sample code, and where we integration the crypto module [here]. The following is some sample code:

var crypto = require("crypto");
function encryptText(algor, key, iv, text, encoding) {
        var cipher = crypto.createCipheriv(algor, key, iv);
        encoding = encoding || "binary";
        var result = cipher.update(text, "utf8", encoding);
        result += cipher.final(encoding);
        return result;
    }
function decryptText(algor, key, iv, text, encoding) {
        var decipher = crypto.createDecipheriv(algor, key, iv);
        encoding = encoding || "binary";
        var result = decipher.update(text, encoding);
        result += decipher.final();
        return result;
    }

var data = "This is a test";
var password = "hello";
var algorithm = "aes256"
const args = process.argv.slice(3);
data = args[0];
password = args[1];
algorithm = args[2];
console.log("\nText:\t\t" + data);
console.log("Password:\t" + password);
console.log("Type:\t\t" + algorithm);
var hash,key;
if (algorithm.includes("256"))
{
	hash = crypto.createHash('sha256');
        hash.update(password);
	key = new Buffer.alloc(32,hash.digest('hex'),'hex');
}
else if (algorithm.includes("192"))
{
	hash = crypto.createHash('sha192');
        hash.update(password);
	key = new Buffer.alloc(24,hash.digest('hex'),'hex');
}
else if (algorithm.includes("128"))
{
	hash = crypto.createHash('md5');
        hash.update(password);
	key = new Buffer.alloc(16,hash.digest('hex'),'hex');
}

const iv=new Buffer.alloc(16,crypto.pseudoRandomBytes(16));
console.log("Key:\t\t"+key.toString('base64'));
console.log("Salt:\t\t"+iv.toString('base64'));
var encText = encryptText(algorithm, key, iv, data, "base64");
console.log("\n================");
console.log("\nEncrypted:\t" + encText);
var decText = decryptText(algorithm, key, iv, encText, "base64");
console.log("\nDecrypted:\t" + decText);

In this case we take a password, and then convert it into a 256-bit SHA hash, and then use this as the key for the encryption. We also use 16 bytes of salt (IV — Initialisation Vector) for the encryption process. A sample run is [here]:

Text:		This is a test
Password:	qwerty
Type:		aes-256-ofb
Salt:		2WviHpXk70ienaEzImAKfg==
================
Encrypted:	zbfDPCmJgsEA7akp50I=
Decrypted:	This is a test

Conclusions

If you want to get into Cybersecurity, learning Python and JavaScript are great places to start. JavaScript is useful in both understanding front-end system, but also to script advanced code for cryptography.

Here are some more node.js examples:

  • ECDSA with node.js. ECDSA. ECDSA with node.js.
  • EdDSA with node.js. EdDSA. EdDSA with node.js.
  • JSON Web Signatures and JSON Web Tokens. Web Tokens. JSON Web Tokens with node.js.
  • Symmetric encryption with node.js. Crypto. AES with node.js.
  • Hashing with node.js. Hashing. Hashing with node.js.
  • Diffie-Hellman with node.js. DH. DH with node.js.
  • Diffie-Hellman with node.js (random prime). DH. DH with node.js (random prime).
  • ECDH with node.js. ECDH. ECDH with node.js.
  • Ethereum with node.js. Ethereum. Ethereum with node.js.
  • FPE with node.js. FPR. FPE with node.js.
  • Puny with node.js. Puny. Puny character format with node.js.
  • Merkle Tree with node.js. Merkle. Merkle Tree with node.js.

And some JavaScript crypto examples:

  • Random number generator. Rand. Random number generator
  • AES. AES. AES encryption
  • Hash. Hash. Hashing using JavaScript
  • RSA. RSA. RSA using JavaScript
  • Password generation/hashing. Hashing. Password generation/hashing using JavaScript
  • CMS. CMS. Encapsulating with CMS
  • ECDH. ECDH. Elliptic Curve Diffie Hellman
  • PATRICIA trie. PATRICIA. Example of using PATRICIA (and which is used in Ethereum).