Decrypting Ciphertext

I love puzzles. I love the challenge. I love finding patterns. I suppose it’s the main reason I do Cybersecurity. Basically, it is the way…
Photo by Karla Hernandez on Unsplash

Decrypting Ciphertext

I love puzzles. I love the challenge. I love finding patterns. I suppose it’s the main reason I do Cybersecurity. Basically, it is the way my brain is wired, I think. And doing crypto is a great joy of mines. To encrypt something, and then to be able to decrypt it, is something that I love. Sometimes we know the secret keys, and other times, not. But, it is in our human nature to solve problems, and it is the reason we have been so successful as a species. Our abilities to reason and to find sense in things that do not follow a standard path. So let’s do some ciphertext decrypting.

Overall with our ciphertext, we normally have a Base64 format, as the bytes in our cipher stream will contain non-printing characters. So, we might have [here]:

U2FsdGVkX18kH6hnY7hTQc/oR+6hDdawq9RflrNLWsA=

In this case, I have used 128-bit AES in CBC mode and with the PBKDF2 standard key derivation method in OpenSSL. How do we then decrypt this? Well, we just use OpenSSL with decryption (-d) and with the required password to get [here]:

echo  U2FsdGVkX18kH6hnY7hTQc/oR+6hDdawq9RflrNLWsA= | openssl enc -aes-128-cbc -pass pass:"qwerty" -d -base64 -pbkdf2
hello

We then get a plaintext message of “hello”. If we try the wrong password we get an exception:

echo  U2FsdGVkX18kH6hnY7hTQc/oR+6hDdawq9RflrNLWsA= | openssl enc -aes-128-cbc -pass pass:"qwerty123" -d -base64 -pbkdf2
bad decrypt
8593972736:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:583:

And if we try the wrong encryption mode, we get incorrect plaintext:

echo  U2FsdGVkX18kH6hnY7hTQc/oR+6hDdawq9RflrNLWsA= | openssl enc -aes-128-ecb -pass pass:"qwerty" -d -base64 -pbkdf2
bad decrypt
8598683136:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:583:

You can play with some OpenSSL here:

https://asecuritysite.com/openssl/

So here we go. I am going to give you some ciphertexts, and which have been encrypted with 128-bit CBC and a PBKDF2 derived password related to a fruit (eg “melon”), so if you can crack them to reveal three Scottish places:

U2FsdGVkX18kH6hnY7hTQSk5xrXVDptywbPn0svbQhA=
U2FsdGVkX18kH6hnY7hTQf/ntHL0sfqbCv4pN/c/bDQ=
U2FsdGVkX18kH6hnY7hTQdc8O5J2SwYBimbdhkMict0=