If Your Want To Be Good At Cyber Security … Go Learn Python and JavaScript
If You Want To Be Good At Cyber Security … Go Learn Python and JavaScript
Last week, I gave a presentation on cybersecurity to college lecturers, and it was great fun. The presentation after mines was by someone from Quorum Cyber, and I enjoyed listening to it. One point that really stuck out was the advice on student education …
“If you want to do Cyber Security, be good at Python and JavaScript”
I smiled at this, because many years ago I predicted the end of JavaScript, as it just couldn’t cope with the strongly typed languages such as C#. I could only see a future of Java, C#, .NET, and so on, and where everything was run within a framework. How wrong was I?
When I first started to use Python, I disliked it. But now virtually all the code I create has Python as my back-end code.
And so it is JavaScript and Python that should be a core element in the education of our next generation of Cybersecurity professionals. You will find JavaScript is involved in creating a modern user interface, and now, with node.js, we see JavaScript at the back-end. The days of technical people avoiding scripting are thus past, and now it has become a standard tool in data analytics, cloud infrastructures, pen testing, crypyoanalysis, and in so many areas.
So let’s look at a simple example of using node.js. The following is some sample code, and where we integration the crypto module [here]. The following is some sample code:
var crypto = require("crypto");
function encryptText(algor, key, iv, text, encoding) {
var cipher = crypto.createCipheriv(algor, key, iv);
encoding = encoding || "binary";
var result = cipher.update(text, "utf8", encoding);
result += cipher.final(encoding);
return result;
}
function decryptText(algor, key, iv, text, encoding) {
var decipher = crypto.createDecipheriv(algor, key, iv);
encoding = encoding || "binary";
var result = decipher.update(text, encoding);
result += decipher.final();
return result;
}
var data = "This is a test";
var password = "hello";
var algorithm = "aes256"
const args = process.argv.slice(3);
data = args[0];
password = args[1];
algorithm = args[2];
console.log("\nText:\t\t" + data);
console.log("Password:\t" + password);
console.log("Type:\t\t" + algorithm);
var hash,key;
if (algorithm.includes("256"))
{
hash = crypto.createHash('sha256');
hash.update(password);
key = new Buffer.alloc(32,hash.digest('hex'),'hex');
}
else if (algorithm.includes("192"))
{
hash = crypto.createHash('sha192');
hash.update(password);
key = new Buffer.alloc(24,hash.digest('hex'),'hex');
}
else if (algorithm.includes("128"))
{
hash = crypto.createHash('md5');
hash.update(password);
key = new Buffer.alloc(16,hash.digest('hex'),'hex');
}
const iv=new Buffer.alloc(16,crypto.pseudoRandomBytes(16));
console.log("Key:\t\t"+key.toString('base64'));
console.log("Salt:\t\t"+iv.toString('base64'));
var encText = encryptText(algorithm, key, iv, data, "base64");
console.log("\n================");
console.log("\nEncrypted:\t" + encText);
var decText = decryptText(algorithm, key, iv, encText, "base64");
console.log("\nDecrypted:\t" + decText);
In this case we take a password, and then convert it into a 256-bit SHA hash, and then use this as the key for the encryption. We also use 16 bytes of salt (IV — Initialisation Vector) for the encryption process. A sample run is [here]:
Text: This is a test
Password: qwerty
Type: aes-256-ofb
Salt: 2WviHpXk70ienaEzImAKfg==
================
Encrypted: zbfDPCmJgsEA7akp50I=
Decrypted: This is a test
Conclusions
If you want to get into Cybersecurity, learning Python and JavaScript are great places to start. JavaScript is useful in both understanding front-end system, but also to script advanced code for cryptography.
Here are some more node.js examples:
- ECDSA with node.js. ECDSA. ECDSA with node.js.
- EdDSA with node.js. EdDSA. EdDSA with node.js.
- JSON Web Signatures and JSON Web Tokens. Web Tokens. JSON Web Tokens with node.js.
- Symmetric encryption with node.js. Crypto. AES with node.js.
- Hashing with node.js. Hashing. Hashing with node.js.
- Diffie-Hellman with node.js. DH. DH with node.js.
- Diffie-Hellman with node.js (random prime). DH. DH with node.js (random prime).
- ECDH with node.js. ECDH. ECDH with node.js.
- Ethereum with node.js. Ethereum. Ethereum with node.js.
- FPE with node.js. FPR. FPE with node.js.
- Puny with node.js. Puny. Puny character format with node.js.
- Merkle Tree with node.js. Merkle. Merkle Tree with node.js.
And some JavaScript crypto examples:
- Random number generator. Rand. Random number generator
- AES. AES. AES encryption
- Hash. Hash. Hashing using JavaScript
- RSA. RSA. RSA using JavaScript
- Password generation/hashing. Hashing. Password generation/hashing using JavaScript
- CMS. CMS. Encapsulating with CMS
- ECDH. ECDH. Elliptic Curve Diffie Hellman
- PATRICIA trie. PATRICIA. Example of using PATRICIA (and which is used in Ethereum).