Difference between revisions of "Cybersecurity"

From Wiki - Scioly.org
Jump to: navigation, search
Line 26: Line 26:
 
===MD5===
 
===MD5===
  
The MD5 hashing algorithm produces 16 byte digests (128 bits). It was first created in 1991 by Ronald Rivest. Multiple vulnerabilities have been exposed with the MD5 hashing algorithm, and collisions can be calculated in less than a second on a typical computer. Thus, MD5 is considered extremely cryptographically insecure; however, many programs and applications continue to use it.
+
The MD5 hashing algorithm produces 16 byte digests (128 bits) with block sizes of 64 bytes (512 bits). It was first created in 1991 by Ronald Rivest. Multiple vulnerabilities have been exposed with the MD5 hashing algorithm, and collisions can be calculated in less than a second on a typical computer. Thus, MD5 is considered extremely cryptographically insecure; however, many programs and applications continue to use it.
  
 
===SHA1===
 
===SHA1===
 +
 +
SHA1, which stands for Secure Hash Algorithm 1, was created in 1995. The algorithm produces 20 byte digests (160 bits) of data using block sizes of 512 bits. 80 rounds of hashing is done under this hashing algorithm. Hash collisions can be calculated with 2^60.3 to 2^65.3 operations, and collisions have been calculated. In addition, SHA1 is built using the Merkle-Damgård construction, so it is also prone to length extension attacks.
  
 
===SHA2===
 
===SHA2===

Revision as of 14:07, 29 October 2020

This article is about a replacement event for that might not be run at every tournament. Please refer to instructions from your particular tournament before preparing for this event. For the event it replaces, see Ping Pong Parachute.


Cybersecurity is a Division B and Division C event that was first run as a trial event at the 2021 BEARSO Invitational to replace Ping Pong Parachute. The event consists of two parts: a written test on Cryptography and Web Architecture, and a hands on task on Cryptography and Programming. The event was also run at the November Scilympiad Practice, Yosemite Invitational, and Science Olympiad at Penn State Invitational.

Cryptography

Hash algorithms

A hash algorithm is a one-way function that maps data, such as a string or a file, to a hash, or a "digest" - a string of data that is much shorter in length. Hash functions are always deterministic. If two equal inputs are hashed two separate times, the digest will always be the same. A hash can be used as a checksum to validate that a file has not been altered, since if a single bit of information was changed, the checksum would change. Hash functions are also designed to decrease the risk of hash collisions. Since the hashed digest of an input reduces its size significantly, hash collisions can occur when two inputs map to the same output. Hash functions are used in digital signatures, signing and authentication algorithms, and passwords.

A good hash algorithm has the following characteristics:

  • It is hard to find collisions.
  • It is irreversible.
  • It has to be deterministic.

Passwords are one of the most important applications of hashing algorithms. When a password is inputted, a hash of the password is calculated, and compared to the hashed value of your original password. Thus, no plaintext passwords should be saved server-side, which would reduce the damage in the event of a data breach.

MD5

The MD5 hashing algorithm produces 16 byte digests (128 bits) with block sizes of 64 bytes (512 bits). It was first created in 1991 by Ronald Rivest. Multiple vulnerabilities have been exposed with the MD5 hashing algorithm, and collisions can be calculated in less than a second on a typical computer. Thus, MD5 is considered extremely cryptographically insecure; however, many programs and applications continue to use it.

SHA1

SHA1, which stands for Secure Hash Algorithm 1, was created in 1995. The algorithm produces 20 byte digests (160 bits) of data using block sizes of 512 bits. 80 rounds of hashing is done under this hashing algorithm. Hash collisions can be calculated with 2^60.3 to 2^65.3 operations, and collisions have been calculated. In addition, SHA1 is built using the Merkle-Damgård construction, so it is also prone to length extension attacks.

SHA2

Whirlpool

Hash Length Extension Attack

Hash Collisions

The XOR Operation

Bases

Hexadecimal

Base 64

Classical Cryptography

Substitution Ciphers

Transposition Ciphers

Frequency Analysis and Kaisiski Attack

Attacks on Classical Cryptosystems

  • Chosen Plaintext Attacks
  • Chosen Ciphertext Attacks
  • Known Plaintext Attacks

RSA

Encoding Plaintext and Decoding Ciphertext

RSA Signatures

Certificates

Padding Schemes

Integer Factorization Problem

Small e Attack

Wiener's Attack

Coppersmith Attack

Hastad's Broadcast Attack

Partial Key Exposure Attack

Diffie-Hellman Key Exchange

Block Ciphers

Stream Ciphers

Elliptic Curve Cryptography

Post Quantum Cryptography

Quantum computers can break some cryptographic functions (e.g. prime factorization through Shor's algorithm). Post-quantum cryptography uses properties of quantum mechanics, such as entanglement, to protect against quantum computer attacks.

Web architecture

HTML/CSS/JS

Mozilla's web docs tend to be the most up-to-date repository for web technologies information. W3C Schools and Stack Overflow often don't follow industry best practices.

Protocols

Modern websites use HTTPS, a descendant of the Hypertext Transport Protocol (HTTP) that incorporates encryption through Transport Layer Security (TLS).

Programming

Primality algorithm:

Resources

Cybersecurity Rules - BEARSO 2020 (8.23.2020)
Cybersecurity Rules - Southern California Trial Event (9.30.2020)
USACO
PicoCTF
CyberPatriot