Eve The Magician Breaks The Most Secure Encryption on The Planet — 256-bit AES

[These articles are a bit of fun, and only meant to showcase some flaws with cryptography .. in this case, the problem of EBC — Electronic…

Eve The Magician Breaks The Most Secure Encryption on The Planet — 256-bit AES

[These articles are a bit of fun, and only meant to showcase some flaws with cryptography .. in this case, the problem of EBC — Electronic Code Book]

So Eve has managed to crack RSA three times [Trick 1][Trick 2][Trick 3], and the audience is demanding more.

Eve says “Thank you, but the tricks would not be possible without one person … John Napier … so please give a round of applause to the great man!”.

Waves of applause for John Napier, and followed by cries of “We want more! We want more!”

Eve says, “You want more? Well, normally I get at least $500K for each of these tricks from the NSA!”

A couple of guys with red faces, and dressed in black suits, at the back of the hall, touch their ears and talk into their sleeves, and quickly leave.

Eve says, “Now … I’m going to crack the most secure encryption method on the planet …

256-bit AES!

Audible gasps, and even some mock faints from the crowd of computer scientists.

With Bob, Alice, and the rest of the crypto team all sitting in the front row. Eve tells them to “Could the whole of the front row come up on stage. Let’s hear it for Bob, Alice, Trent, Mallory, Carol, Chuck, Trent, and the gang”.

There’s some booing for Mallory, and he casts an evil glance at the dissenters, and they immediately stop. Trent, though, looks rather smug in his judge’s wig and gives a trusting smile and wave to the audience.

So they shuffle up in their computer science-type way, with hands in their pockets. Eve gives each one a piece of paper each.

“Now … Bob … can you write a question on this piece of paper?”.

Bob secretly writes “What is the capital of Scotland?”, and, without looking at it, Eve asks Bob to show the question to the rest of the people on the stage. Alice, Trent, Mallory, and the others nod an acknowledgement of the question.

Eve now says, “Bob I want you to generate a … wait for it … a 256-bit key AES encryption key. You can do it with any password that you want, and then take the SHA-256 hash of it. This will become your encryption key for AES. There’s no way I can guess your encryption, within a trillion years.”

“Okay have you done it?”

Bob say “Yes”.

Eve then says, “Could each of you take a letter each of the answers, and encrypt with Bob’s key?”

They all write their answers, and Eve collects them:

2aeb8b1683f155b4009460ca4dcff462
d272bb15c17b9f21567f0bbc059f442d
11204d4653d3f5f9f9ad032efa706890
5dd5b2a1b5a420c1f0186ec3e58944df
2d63a1efa0160d5dafb90998bc9159d3
504e6d032c4ceaa9c367b8f747d263ba
f2f7719f7b2d38dbe3650e3d59e7eed2
f4c44d30fe5d88fedd259d224c515ca2
734a4b6f540e17ba02845cc529138fc6

The lights go low … and Eve announces that in order to make it even more difficult she will encrypt her answer with Bob’s secret key, and that “Only Bob’s secret key will open the answer”.

So Eve gives her answer to Bob in a ciphertext and asks him to decrypt. She then asks Bob to announce what she has encrypted, and Bob says:

“Edinburgh!”

Eve says, “Now Bob … what was the question?”

Bob looks astonished, “The question was ‘What was the capital of Scotland?’”.

Gasps … real faints … and hurried scrubbing of encrypted data from those in the crowd.

How did she do it?

She did it because she used Electronic Code Book (ECB) which allowed her to paste together all the ciphertext and then use that as her answer, and she didn’t even need to crack the encryption key.

Here is the Python code she used:

from Crypto.Cipher import AES
import hashlib
import sys
import binascii
import Padding
word='edinburgh'
password='napier'
plaintext=''
def encrypt(plaintext,key, mode):
   encobj = AES.new(key,mode)
   return(encobj.encrypt(plaintext))
def decrypt(ciphertext,key, mode):
   encobj = AES.new(key,mode)
   return(encobj.decrypt(ciphertext))
ciphertext=''
key = hashlib.sha256(password).digest()
for ch in word:
   plaintext = Padding.appendPadding(ch,blocksize=Padding.AES_blocksize,mode='CMS')
   ciphertext = ciphertext+ encrypt(plaintext,key,AES.MODE_ECB)
   print ""+binascii.hexlify(encrypt(plaintext,key,AES.MODE_ECB))
plaintext = decrypt(ciphertext,key,AES.MODE_ECB)
plaintext = Padding.removePadding(plaintext,mode='CMS')
print " decrypt: "+plaintext

When she ran it, it gave:

C:\Python27>python cipher01_new.py
2aeb8b1683f155b4009460ca4dcff462
d272bb15c17b9f21567f0bbc059f442d
11204d4653d3f5f9f9ad032efa706890
5dd5b2a1b5a420c1f0186ec3e58944df
2d63a1efa0160d5dafb90998bc9159d3
504e6d032c4ceaa9c367b8f747d263ba
f2f7719f7b2d38dbe3650e3d59e7eed2
f4c44d30fe5d88fedd259d224c515ca2
734a4b6f540e17ba02845cc529138fc6
 decrypt:
e☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
d☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
i☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
n☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
b☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
u☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
r☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
g☼☼☼☼☼☼☼☼☼☼☼☼☼☼☼
h

and she cracked it!

Here is the trick in full:

AES Crack
Back] AES can be susceptible to a copy-and-paste attack if ECB (Electronic Code Book) is used. Enter a passphrase (to…asecuritysite.com

Moral of this trick … ECB is rubbish! Eve basically copied-and-pasted the ciphertexts together and created a valid cipher.