Lecturer: crow
[00:05:13] <crow> All questions tomorrow at the end of the second part
[00:08:44] <crow> Greetings to all at this lecture today, I would like to discuss the pressing issues that many people get stuck in their heads.
[00:09:17] <crow> Since this lecture is an introductory one, or rather, it starts at the beginning of your training, we will smoothly dive into the training sections.
[00:10:02] <crow> If you think this information seems useless (unnecessary) to you - it seems to you, if you think that you know much more about this or the lecturer is wrong - most likely it seems to you.
[00:10:27] <crow> But I am always happy to listen to criticism and correct my mistakes and to reconsider my view of pressing problems.
[00:10:37] <crow> Introduction
[00:11:12] <crow> Now let's talk about encryption, what is it and why you need it, let's start with the definitions.
[00:12:45] <crow> Encryption (https://en.wikipedia.org/wiki/Encryption) is a method of converting data that is readable by a person, they are called plain text in a form that a person cannot read , and this is called ciphertext. This allows you to store or transmit data in an unreadable form, due to which they remain confidential and private.
[00:12:57] <crow> Image: https://i.imgur.com/SsYAeh4.png
[00:14:01] <crow> What we see from this infographic above is that encryption algorithms pass your data through software filters that use unpredictable mathematical processes to convert readable text into long strings of meaningless characters.
[00:14:26] <crow>> This is how encryption works, and the whole problem is solved, you protected the transmitted data with encryption.
[00:14:57] <crow> But in order to read the encrypted data, you need to decrypt it, so let's analyze this definition too.
[00:16:30] <crow> Decryption (http://cryptography.ru/docs/decryption/) is a method of converting encrypted text back to human-readable text. If you perform a simple search on Google, you will see the HTTPS sign and the presence of a green lock icon here, which means that all the contents of web pages are inaccessible to people who monitor data transmission over the network.
[00:17:57] <crow>> That is, for example, your provider writes all your traffic (monitors you on the Internet) about what you are doing, since you use TLS encryption, that is, in other words, HTTPS, the provider can not find out what exactly you are viewing on the site, he can only find out which site you are on, that is, which site is exchanging data with.
[00:18:18] <crow>> But what exactly is not, because the data is transmitted in an encrypted, unreadable form.
[00:18:40] <crow> Now, if briefly about how encryption and decryption work, let's move on.
[00:18:55] <crow> What encryption methods are there?
[00:19:09] <crow> In general, there are only two encryption methods, these are:
[00:19:35] <crow> - Symmetric encryption - uses the same key for both encryption and decryption.
[00:20:20] <crow> - Asymmetric encryption - uses 2 different keys: one for encryption (also called public), the other for decryption (called private) or vice versa.
[00:21:08] <crow> These methods solve certain problems and have both advantages and disadvantages. The specific choice of the method used depends on the purposes for which the information is encrypted.
[00:21:15] <crow> https://youtu.be/89JyxcVn0lE
[00:21:28] <crow> The main goals of encryption
[00:21:58] <crow> The main purpose of encryption is used to store important information in encrypted form.
[00:22:49] <crow> Generally, encryption is used to store important information in unreliable sources and transmit it through insecure communication channels. This data transfer is a 2-mutually inverse process:
[00:23:17] <crow> - Before data is sent over the communication line or before storage, it is encrypted.
[00:23:41] <crow> - To restore the original data from encrypted data, the decryption procedure is applied to them.
[00:25:05] <crow> Encryption was originally used only to transmit confidential information. However, later they began to encrypt information in order to store it in unreliable sources. Information encryption for the purpose of its storage is used now, this avoids the need for a physical secure storage (usb, ssd disks).
[00:25:19] <crow> Symmetric encryption method
[00:25:35] <crow> Let's take a look at the infographic below
[00:25:43] <crow> https://i.imgur.com/RnqOKMN.jpg
[00:26:00] <crow> - The sender sends an encrypted message: `Hello, Marfa`
[00:26:32] <crow> - Attackers intercept this message, but since they do not have a decryption key, they only see the character set: `% # & $!`
[00:27:21] <crow> - The recipient, having the decryption key, can easily read the message that the sender sent in encrypted form, and he already sees the sender's text in its original form: `Hello, Marfa`
[00:27:59] <crow> It will not be an exaggeration to say that encryption is the best tool in our arsenal for protecting against hackers and snooping.
[00:28:18] <crow> Generally speaking, in simple words, there are two main components of encryption
[00:28:53] <crow> - The encryption algorithm - is known publicly and many, many people have carefully studied it in an attempt to determine whether the algorithm is strong.
[00:29:19] <crow> - Secret key - you can imagine that the secret key is a password and it must be kept secret.
[00:29:31] <crow> Image: (https://i.imgur.com/XIYsooA.jpg)
[00:30:03] <crow> See for yourself the infographics above, and based on the video above, you already understand that the secret key is the password.
[00:30:26] <crow>> It turns out the algorithm can be represented as a lock, and the secret key is the key to this lock.
[00:30:51] <crow> In symmetric cryptosystems, the same key is used for encryption and decryption.
[00:31:52] <crow> Based on the infographics above, let's look at an example, I want to send Martha some kind of file, but I don’t want some 3 persons to be able to view it. For clarity and ease of use, I decided to encrypt this file with 7-Zip.
[00:32:22] <crow> Using the same type of encryption (1st key), sectors / disks in VeraCrypt, TrueCrypt are encrypted and also take them as an example.
[00:32:34] <crow> Image: (https://i.imgur.com/X0UMRdW.jpg)
[00:32:49] <crow> Let's take a look at the screenshot above:
[00:33:33] <crow> 1. The encryption algorithm is a mathematical process of converting information into a string of data that looks like a random set of characters and letters.
[00:34:22] <crow> 2. A hash function is a conversion of input data, in our case carder.market, into an output bit string. The objective of the function is to ensure integrity and to detect unintended modifications.
[00:35:04] <crow> 3. AES-256 - indicates which algorithm is used (AES) and what block size (256), as we see in 7-Zip there is no possibility of detailed settings than in VeraCrypt.
[00:36:04] <crow> 4. Using the entered password, your key will be generated for the selected encryption algorithm (in our case AES-256), for decryption you will need to specify the decryption algorithm if available and enter the password in our case again carder.market
[00:36:48] <crow> At the output we get an encrypted archive, which, for unpacking and receiving information that is inside, you need to enter the decryption key, in simple terms, the password.
[00:37:22] <crow> You may have noticed that the symmetric block encryption algorithm - Advanced Encryption Standard (AES) was used for encryption.
[00:37:56] <crow> In this algorithm, only the 1st key is used, the key is created using our password (see paragraph 4 for clarity of conversion)
[00:38:32] <crow> You can also choose what block size will be used for 128/256/512/1024 bits, in our case there were only options for 256 bits and 512 bits.
[00:39:40] <crow>> BTW: Imagine a door and many locks on it. It will take you a long time to open or close this door. Also with algorithms, the higher the bitrate, the stronger the algorithm, but the slower it encrypts and decrypts, you can consider this the strength of the algorithm.
[00:40:30] <crow> 256/512 bits is also the amount of key space, that is, a figure indicating the total number of different keys that you can get using this encryption algorithm.
[00:40:54] <crow>> BTW: To crack a symmetric cipher, it is necessary to enumerate 2 ^ N combinations, where N is the key length.
[00:42:05] <crow> To crack symmetric encryption with a 256-bit key length, you can create the following number of combinations, that is, possible keys: 2 ^ 256 = 1,157920892? 10 ?? or if you decompose 1.157920892? 10 ^ 77 in the calculation, the following number of possible variations is obtained (this is a 78-bit number).
[00:42:16] <crow> Here is the number:
[00:42:44] <crow> 2 ^ 256 = 115792089237316195423570985008687907853269984665640564039457584007913129639936
[00:43:14] <crow> If you can check for yourself this number on any engineering calculator, here's an example (https://web2.0calc.com/).
[00:44:11] <crow> Thus, for everyone who doubts the safety of a chance of a collision of 2 ^ 256, there is a number: there is a chance that the collision will have 1 of more than 1.1579209e * 10 ^ 7 = 78-bit number (the higher number)
[00:44:56] <crow> All this means that the key is extremely difficult to find, even with very powerful computers, but on the condition that you use a long and random password when generating the key.
[00:45:52] <crow>> BTW: We’ll talk about the password separately, which one to use, etc. Together with the programs and why. In order not to clutter up your brain with unnecessary information at this stage, so keep your head busy, now let's talk about everything ..
[00:46:48] <crow> People and governments are constantly trying to crack encryption algorithms. In this article I will give you a list of algorithms that are good and which are not, which of them are crackable, and which today are impossible to crack.
[00:47:04] <crow> Symmetric encryption algorithms:
[00:47:49] <crow> There are quite a lot of them, if you want to familiarize yourself with them, visit this page (https://www.veracrypt.fr/en/Encryption Algorithms.html).
[00:48:13] <crow> If you do not want to understand and you just want to ask me what I would recommend:
[00:49:33] <crow> Advanced Encryption Standard (AES) is a symmetric block encryption algorithm (block size 128 bits, key 128/192/256 bits), adopted as the encryption standard by the US government according to the results of the AES contest. This algorithm is well analyzed and is now widely used, as was the case with its predecessor DES.
[00:49:56] <crow> Advanced Encryption Standard (AES) is a generally accepted standard for symmetric encryption.
[00:50:39] <crow> For maximum protection, use AES-256 or more anywhere where possible, the AES encryption algorithm itself is fast and today it is impossible to crack.
[00:50:53] <crow> Asymmetric encryption method
[00:52:06] <crow> Very smart people invented this encryption using public and private keys and algorithms based on the complexity of certain mathematical problems. I will not go into the mathematical details, because understanding them is not necessary for your protection.
[00:52:53] <crow> For the right choice of security features, you just need to have a basic understanding of the algorithms and the robustness of the algorithms, as well as the cryptographic systems that you are going to use.
[00:54:15] <crow> As we know in the symmetric encryption method, the 1st secret key is used, while in the asymmetric encryption methods (or public key cryptography), one key (public) is used to encrypt information, and for decryption another (secret). These keys are different and cannot be obtained from one another.
[00:54:33] <crow> Let's fix this material right away:
[00:55:09] <crow> - Symmetric encryption method - 1st key, uses the same key for both encryption and decryption.
[00:55:40] <crow> - Asymmetric encryption method - 2 keys public (public from Eng. Public) and private (private from Eng. Private)
[00:56:05] <crow> I would recommend that you watch a short video on how the Asymmetric Encryption Method works
[00:56:12] <crow> https://youtu.be/sGFbM-X6W_4
[00:56:59] <crow> When I talked about symmetric encryption earlier, we encrypted the file for Martha, but since it is symmetric encryption, to open this file you need a key that I used to encrypt the file.
[00:57:26] <crow> The question arises, but how to transfer the key (password) in a safe way so that Martha can decrypt the file?
[00:58:01] <crow>> In the modern world, the best way to transmit something and to be sure of the delivery of information to the specified recipient is personally in your hands.
[00:59:02] <crow>> But this is not a good idea, since we may simply not know where the addressee is located, or it may be so far away that delivering something “personally in hand” becomes problematic, or maybe we just need anonymity.
[00:59:38] <crow> In this case, you can use Martha’s public key, which she previously posted somewhere, so that people can contact her.
[01:00:20] <crow> And here many have the question, why do we need all these troubles, if I can, for example, contact Martha using some kind of encryption in any other messenger?
[01:00:58] <crow> Yes, that's right, but the essence of asymmetric encryption, when you encrypt something using PGP encryption, you do not need to trust a third party.
[01:02:02] <crow> When encrypting the message with the public key of the marfa, you will be sure that the message will be read only by the owner of the private key, that is, the marfa, this guarantees sending to the source, the owner of the private key, which in our example is the marfa.
[01:02:45] <crow> But since anyone can use the public key, you guarantee the anonymity of your message when sending, since anyone can use the public key.
[01:04:26] <crow> The difference is that in asymmetric encryption there is a public key that is created to be known to any person, that is, it is a public key, and there is a private key that should always be kept secret and to be private. These keys are mathematically related and both are generated at the same time. They must be generated simultaneously, because they are mathematically related to each other.
[01:06:11] <crow> Any website that uses HTTPS has public and private keys that are used to exchange a symmetric session key to send you encrypted data. This is a bit like the zip file we saw. They use these public / private keys and then they need to send another key, such as the key that we use for the Zip file, in order to encrypt (we will analyze end-to-end later)
[01:06:28] <crow> REMEMBER, REMEMBER and REMEMBER again:
[01:06:50] <crow> - If you are encrypting using a private key, you need a public key for decryption;
[01:07:12] <crow> - If you are encrypting using a public key, you need a private key for decryption;
[01:08:12] <crow>> In asymmetric encryption, if the message is encrypted with the 1st key, then the 2nd key is needed to decrypt this message. If you are encrypting using a private key, then you need a public key for decryption.
[01:09:13] <crow> If you are encrypting using a public key, then to decrypt you need a private key. It is not possible to encrypt and decrypt with the same key, and this is extremely important. For encryption or decryption, you always need interconnected keys.
[01:09:51] <crow> But why encrypt with a public or private key? What's the difference? What is the point of using them? Why not use only one of them?
[01:10:24] <crow> Especially for you, I drew an infographic to simply and easily explain the usefulness of these keys and how they can be used.
[01:10:43] <crow> Image: (https://i.imgur.com/x5e8urO.jpg)
[01:11:22] <crow>> BTW: In this infographic, 2 encryption methods are considered, first we will deal with the green arrows, and then with the red ones.
[01:11:40] <crow> 1 way (green arrows) on infographics
[01:12:50] <crow> The method with green arrows shows that the sender encrypts with the recipient’s public key, Martha, which means that you need anonymity and confidentiality so that no one can read the message, except the recipient.
[01:13:41] <crow>> IMPORTANT: Suppose you encrypt a file using the recipient’s public key. A message can only be decrypted by a person who has a suitable private key, that is, Martha's private key.
[01:14:06] <crow>> Since we know that these keys are interconnected, we decrypt one with another and decipher it in no other way.
[01:15:08] <crow> The recipient (Martha) cannot identify the sender of this message. Since the public (public) key is then public, that it is usually shared, and anyone can use Martha's public (public) key for encryption.
[01:16:39] <crow> When the sender encrypts using the recipient’s public key, the message is confidential and can only be read by the recipient, who has a private key to decrypt the message, but as I said earlier, there is no way to identify the sender, when provided, of course, if you yourself do not send any data there for your subsequent identificatio
[01:16:57] <crow> 2 way (red arrows) on infographics
[01:17:31] <crow> All of the above translates into the 2nd method of using public (public) and private (private) keys.
[01:19:23] <crow> If you encrypt with your own private key, it means that you are interested in authentication. In this case, it is important for you to let the recipient know that it was you who sent the encrypted message. To do this, you encrypt with your private key. This gives the recipient confidence that the only person who could encrypt this data is the person who owns this private key, your private key.
[01:19:55] <crow>> EXAMPLE: You are the creator of some kind of software, but the government is indignant and impedes your activities in every way.
[01:20:03] <crow>> We will simulate the following situation:
[01:21:22] <crow>> Let's say I want to download this software, the hash of this file is indicated here, however, if the website is compromised, it means that attackers could replace this file for download and add a trojan or something to spy on me to him, and they could also replace the checksum.
[01:22:16] <crow>> So this hash means nothing. It does not help detect intentional file modifications. We need something else to make sure that this site is actually the official software site.
[01:24:21] <crow> And here we come to certificates, digital signatures and other means. All these documents are obtained as a result of cryptographic conversion of information using a private signature key and allowing to verify the absence of distortion of information in an electronic document from the moment the signature was generated (integrity), the signature belongs to the owner of the signature key certificate (authorship), and in case of successful verification, confirm the signing electronic document (non-repudiation)
[01:24:27] <crow> We’ll talk about this later ..
[01:25:22] <crow> Data encryption with the sender’s private key is called the public message format, because anyone who has a copy of the corresponding public (public) key can decrypt the message.
[01:26:48] <crow> You can take it as if you had officially placed something on the Internet for public access, and since you encrypted it with your private key, anyone can make sure that it is you who left this message. Confidentiality or anonymity is not ensured in this case, but authentication of the sender, i.e. you, is ensured.
[01:28:14] <crow> Next. When various encryption technologies are used in combination, such as those that we mentioned earlier, since they can all be used in combination and cannot be used separately, they are called a cryptographic system, and cryptosystems can provide you with a number of security tools.
[01:28:47] <crow> A cryptographic system can provide you with a range of security features. Among these tools:
[01:29:18] <crow> 1. Confidentiality - the need to prevent the leakage (disclosure) of any information;
[01:29:46] <crow> 2. Authentication is an authentication procedure, that is, we know that Martha is real Martha and no one else;
[01:30:20] <crow> 3. Prevention of rejection - which means that if you sent an encrypted message, then you will not be able to begin to deny this fact;
[01:30:43] <crow> 4. Reliability - the authenticity of the fact that the message has not been modified in any way.
[01:31:45] <crow> Examples of cryptosystems are any things that use encryption technology, these are: PGP, BitLocker, TrueCrypt, VeraCrypt, TLS, even BitTorrent, and even the 7-Zip we used to encrypt the file in a symmetrical way encryption.
[01:32:29] <crow>> FOR EXAMPLE: In order for us to send our file to Martha, we can use Martha's public key to encrypt files, or to transfer anything encrypted.
[01:33:30] <crow>> But for starters, of course, we need Martha’s public key, it’s enough to get it 1 time in some secure way, this is important, and after that we can always send encrypted messages available for reading exclusively to Marthe.
[01:34:14] <crow> PGP - This is a system that we can use for these purposes, it uses encryption technology for messages, files and other information presented in electronic form
[01:35:36] <crow>> DEFINITION: PGP (Pretty Good Privacy) - a computer program, also a library of functions that allows you to perform encryption and digital signing of messages, files and other information presented in electronic form, including transparent encryption of data on storage devices, for example, on a hard disk.
[01:35:50] <crow> For these purposes we can use Jabber + PGP or OTR.
[01:36:03] <crow> For the first time I’ll say this toad with OTR you eyes
[01:36:37] <crow> If you do not own suppliers conditionally where you need to have a secure contact and always know that the person is who he claims to be
[01:36:42] <crow> so OTR fuck up
[01:37:28] <crow> But let's get back to encryption. When it comes to cryptography using public and private keys or asymmetric encryption, there are both strengths and weaknesses.
[01:37:48] <crow> Asymmetric encryption - public and private keys:
[01:38:52] <crow> 1. The best distribution of keys is because Martha can put her public key directly in her signature and anyone will be able to send her encrypted messages or data that only she can read.
[01:40:06] <crow> 2. Scalability - if you use symmetric keys and want to send your file to Martha and, say, 10 more people, you will have to transfer your password 10 times. It is completely scalable. Asymmetric algorithms have better scalability than symmetric systems.
[01:41:03] <crow> 3. Authentication, failure prevention - this means that if you sent an encrypted message, then you will not be able to start denying this fact. Since it was encrypted with a private private key, your private key
[01:42:08] <crow> 4. Slow - if you look at the message length in bits (see the screenshot below) after asymmetric algorithms work, you will notice that it is much larger than encryption algorithms with symmetric keys, and this is evidence of how slower they are.
[01:42:45] <crow> 5. Mathematically-intensive - The longer it is in bits, the greater the number of mathematical operations, and, consequently, the greater the load on the system.
[01:43:02] <crow> Symmetric encryption - private key:
[01:44:13] <crow> 1. Fast - if you look at the message length in bits (see screenshot below) after the symmetric algorithms work, you will notice that it is much smaller than encryption algorithms with asymmetric keys, and this is evidence of how fast they are.
[01:44:51] <crow> 2. Reliable - Look at the above about AES-256 where I was calculating the number 2 ^ 256 and see for yourself, and there are 384/512/1024 and more ..
[01:45:13] <crow> For a visual demonstration, look at this infographic below:
[01:45:25] <crow> Image: (https://i.imgur.com/2AznMXl.jpg)
[01:46:59] <crow> In order to fix the material, let's return to the analogy with the number of locks on the door. With public and private keys, many, many locks hang on the door, so encryption and decryption take much longer. For the central processor, this is a large amount of mathematical operations, which is why there are hybrid systems, or hybrid cryptographic systems.
[01:48:11] <crow> Public and private keys are used to exchange negotiation keys, and we use symmetric algorithms such as AES to encrypt data, thereby maximizing the benefits. HTTPS, using the TLS and SSL protocols, is an example of a similar type of hybrid system, like PGP.
[01:49:18] <crow> Next, we will talk in more detail what encryption consists of as a whole short introductory course, we passed advise you to write down all the main points, in the future it will be precisely understanding that will help you in your work. Configuring servers, understanding other aspects of what is safe and what is not.
[01:50:33] <crow> On this, the first part of my lecture on encryption came to its logical conclusion, tomorrow we will analyze in more detail those moments and questions that you may have today after this lecture and will more deeply drop into the encryption niche . We’ll also talk about many aspects of encryption in general.
[01:51:01] <crow> All in all for today
[01:51:17] <crow> If you have any questions, write them down and ask tomorrow after the lecture
[01:51:36] <crow> Have a nice evening everyone
[01:51:45] <crow> And see you tomorrow
--------
Lecturer: Mans77
(19:17:05) Mans: Lahn, chased
(19:26:01) Mans: Now I will give a lecture more quickly so that we can still answer questions normally.
(19:26:06) Mans: And the toad troit
(19:26:13) Mans: Today there will be another HW
(19:26:16) Mans: important
(19:27:02) Mans: Today we’ll talk in more detail what encryption consists of as a whole, a short introductory course, we went through, let's go deep into what the hash itself, etc.
(19:27:30) Mans:
Hashing
(19:27:51) Mans: Hashing is the conversion of an array of input data of arbitrary length into a (output) bit string of a fixed length, performed by a specific algorithm. A function that implements the algorithm and performs the conversion is called a "hash function" or "convolution function." The source data is called an input array, "key" or "message". The result of the conversion (output) is called a "hash", "hash code", "hash sum", "message summary".
(19:28:34) Mans: Image https://i.imgur.com/XOkcgDw.png
(19:28:52) Mans: Let's look at the image, see here:
(19:29:00) Mans: 1. Input
(19:29:11) Mans: 2. Algorithm or hash function
(19:29:47) Mans: 3. Output Resulting output that always has a fixed size.
The hash function accepts input of any size. This can be an e-mail, a file, a word, in our case, the phrase "Hello, carder", and the data is converted using a hash function in the following form
732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
(19:30:18) Mans: https://i.imgur.com/qumM1zD.gif
(19:30:44) Mans: For better assimilation and analysis of the material, let's move away from the dry text and make a visual demonstration
(19:31:40) Mans: As we can see from the animated gif above, our input data is converted using a hashing algorithm, namely SHA-256, into output data of a fixed size.
(19:32:21) Mans: Explanation: As we see, when changing our input data by adding "=)", our output data have a different look, since the multiplier has changed in the bit equivalent. Therefore, the very meaning of the output has changed. When you return to the original input data, the value again had its original form.
(19:32:40) Mans: You can imagine this as an example:
(19:32:46) Mans: 1. "Hello, carder" = 5
(19:32:51) Mans: 2. "Hello, carder =)" = 7
(19:33:07) Mans: 3. "Hello, carder" = 5
(19:33:34) Mans: The hash algorithm itself is the second arbitrary factor, let it be 2, then:
(19:33:47) Mans: analitik99, what do you think?
(19:34:04) Mans: 1. 2 * 5 = 10
(19:34:12) Mans: 2.2 * 7 = 14
(19:34:22) Mans: 3. 2 * 5 = 10
(19:35:00) Mans: So with a hash, only the hashing algorithm has more complex mathematical operations than I mentioned, if you need a specific transformation formula used in the algorithm, see Wikipedia.
(19:35:29) Mans: An important feature of a hash function is that you cannot convert from a hash back to the original input. This is a one-way hash function and does not need keys for it.
(19:36:08) Mans: For an example, again we look at our gif that I gave earlier
(19:36:24) Mans: Hello, carder> SHA-256> 732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
(19:36:44) Mans: As we can see, we used only the input data, which keys we didn’t use, and then we got the resulting output data, which always has a fixed size depending on the type of function that you use.
(19:37:18) Mans: This ensures integrity and allows the detection of unintentional modifications. It does not provide confidentiality, authentication, it does not allow to determine the presence of intentional modification.
(19:38:02) Mans: BTW: There are many examples of hash functions: MD2, MD4, MD5, HAVAL, SHA, SHA-1, SHA-256, SHA-384, SHA-512, Tiger and so on.
(19:38:12) Mans: WHAT TO USE: Nowadays, if you select a cryptographic system, you should use SHA-256 and higher, I mean SHA-384 and SHA-512 and so on.
(19:38:49) Mans: To make it easier to deal with the material, move away from the dry text and simulate the situation
(19:39:01) Mans: Let's say you were given a task to learn to download the Windows 7 Home Premium x64bit operating system
(19:39:35) Mans: We know that this operating system comes from a Microsoft developer, then we go to the search and make the following search request:
site: microsoft.com Windows 7 Home Premium hash
(19:40:32) Mans: https://i.imgur.com/1aluylg.gif
(19:41:14) Mans: operator site: This operator restricts the search to a specific domain or site. That is, if we make a request: site: microsoft.com Windows 7 Home Premium hash, then the results will be obtained from pages containing the words "Windows", "7", "Home", "Premium" and "hash" on the site " microsoft.com ”, not in other parts of the Internet.
(19:42:21) Mans: This information is also key to search for shops using operators in search engines, for more details on how to search using operators in Google, use this article (https://habrahabr.ru/ sandbox / 46956 /).
(19:42:33) Mans: As we can see from GIFs above, I easily found the hash sum of the Windows 7 Home Premium 64bit operating system on the official Microsoft website.
(19:42:55) Mans: Here it is - SHA1 Hash value: 6C9058389C1E2E5122B7C933275F963EDF1C07B9
(19:43:31) Mans: Actually, I would recommend finding hash amounts and searching starting from 256 and higher, but there was only this amount on the off site, so I’ll take what is
(19:43:44) Mans: Next, we need to find a file that matches this hash sum, for this we also use the Google search engine and operators, how to search using operators and what is the link above.
(19:43:58) Mans: inurl: download "6C9058389C1E2E5122B7C933275F963EDF1C07B9"
(19:44:04) Mans: https://i.imgur.com/WYFFiuT.gif
(19:44:55) Mans: After you download this file, using our hash sum you can make sure that this file has not changed, i.e. he has integrity.
(19:45:07) Mans: There are tools you can download to do this. https://en.wikipedia.org/wiki/Comparison_of_file_verification_software
(19:45:36) Mans: One of these tools is Quick Hash (https://quickhash-gui.org), and I will demonstrate how to verify hash sums and verify the integrity of the information received.
(19:45:43) Mans: https://i.imgur.com/6NRRQA6.gif
(19:46:44) Mans: Although in that video in which I threw off yesterday there was a much more perfect example
(19:46:52) Mans: As we can see, the hash amount of the downloaded file corresponds to the hash amount given to us from the official Microsoft website.
(19:47:30) Mans: I will also attach below information on other hashes of this file
(19:47:35) Mans: MD5: DA319B5826162829C436306BEBEA7F0F
(19:47:42) Mans: SHA-1: 6C9058389C1E2E5122B7C933275F963EDF1C07B9
(19:47:48) Mans: SHA-256: C10A9DA74A34E3AB57446CDDD7A0F825D526DA78D9796D442DB5022C33E3CB7F
(19:47:56) Mans: SHA-512: E0CB678BF9577C70F33EDDC0221BC44ACD5ABD4938567B92DC31939B814E72D01FAC882870AB0834395F1A77C2CD5856FD88D2B05FBE1D1D9CCE9713C1AB
(19:48:17) Mans: You may notice that as these digits increase in the hash algorithm, the length of the hash becomes larger as it is the length in bits. SHA-1 is short, 256, 512 and MD5, which is weak and should not be used at all. So this is a way to confirm that the file you downloaded has retained its integrity.
(19:48:32) Mans: Some of you will probably wonder: "What if the file I'm about to download is already compromised?" Let's say we have a website (https://www.veracrypt.fr) of VeraCrypt software (https://ru.wikipedia.org/wiki/VeraCrypt).
(19:48:57) Mans: And I want to download VeraCrypt, the site has hash sums of files encoded in SHA-256 and SHA-512
(19:49:05) Mans: SHA-256: 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e VeraCrypt Setup 1.21.exe
(19:49:12) Mans: SHA-512: 5c68a5a14fa22ee30eb51bc7d3fd35207f58eefb8da492f338c6dac54f68133885c47fa2b172d87836142c75d838dac782b9faca406a2ffb8854cc1d1
(19:50:03) Mans: However, there is one “BUT”, if the website was compromised, it means that the attackers could replace this file for download and add something to it, a trojan or something for surveillance, and they could also replace the checksum.
(19:50:18) Mans: Therefore, the hash means nothing, that is, it cannot detect an intentional modification of the file. And we need something else to make sure that this software really comes from the developer. That the VeraCrypt site is the official VeraCrypt site, etc.
(19:50:39) Mans: And here we come to the certificates, digital signatures and other tools that we will now analyze, but for now let's touch on the not unimportant essence of hashing.
(19:50:58) Mans: I do not want to copy, etc. as it is important here to convey everything in color
(19:51:08) Mans: https://i.imgur.com/d0VpoIU.png
(19:51:16) Mans: https://i.imgur.com/I4LLHNH.png
(19:51:48) Mans: Now let's talk about Digital Signatures
(19:52:10) Mans: Do not forget to open the screenshots above there is text
(19:52:39) Mans: So let's go back again to our VeraCrypt how to find out that the site is truly official and the software comes from the developer.
(19:53:20) Mans: A simple and rather tricky way to find an official site is to find software on Wikipedia and follow the link to the official software site there.
(19:53:29) Mans: However, we can also click on the whole castle and see a certificate there that it was issued
(19:53:51) Mans: https://puu.sh/xQAFM/e687c816ce.png
(19:54:06) Mans: Digital signature is the value of a hash. This is the result of a fixed-size hash function that is encrypted with the sender’s private key to create a digital signature or a signed message.
(19:54:34) Mans: From a technical point of view, a digital signature is a mark confirming the person who signed the message. This is the issuance of a guarantee for an object that was signed with its help.
(19:54:46) Mans: For clarity, what is a digital signature, open a screenshot (https://puu.sh/xQAFM/e687c816ce.png) and look at Signing
(19:54:58) Mans: Signing: What you can see in the infographic above, but based on our file, which we are parsing
(19:55:50) Mans: Hash Algorithm> Hash Value (6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e)> Private Key (see Asymmetric Encryption) = Digital Signature
(19:56:04) Mans: If the encryption object is digitally signed, then authentication is provided, because the object is encrypted using a private key, which only the owner of this private key can encrypt. This is authentication.
(19:56:41) Mans: It ensures the impossibility of non-repudiation, because, again, the sender’s private key was used. And it provides integrity as we have hash.
(19:57:16) Mans: A digital signature can be used, for example, in software. It can be used for drivers inside your operating system. It can be used for certificates and confirm that the signed objects come precisely from the person indicated in the certificate and that the data integrity of these objects has been preserved, that is, they have not undergone any changes.
(19:58:16) Mans: But how to make sure that the file really comes from the developer, in our case VeraCrypt, that is, in case of cheating, etc. you could say with 100% certainty that I used your software, and it was signed with your digital signature.
(19:58:50) Mans: https://puu.sh/xQB20/5166e3d0c8.gif - usually the certificate is checked automatically and you probably
(19:58:59) Mans: After watching the gif, we open the screenshot (https://puu.sh/xQB5Y/c840f4670d.png)
(19:59:28) Mans: What we see here. Certificate issued: to whom - IDRIX SARL, by whom - GlobalSign. So, GlobalSign is a company whose private key was used to digitally sign this program. GlobalSign reports: "This software is legitimate and has not been modified." It says here: "The certificate is intended to certify that the software comes from the software developer, the software is protected from modification after its release."
(20:00:18) Mans: To find out if this is a valid digital signature or not, we need to turn the original process in the opposite direction.
(20:00:30) Mans: That is, we open our screenshot again (https://puu.sh/xQAFM/e687c816ce.png)
(20:01:00) Mans: Check: What you can see in the infographic above, but based on our file, which we are parsing
(20:01:39) Mans: Signed message> Public key (this .asc file usually has the following form - https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc, the private key looks the same too) = Hash value, i.e. it should turn out 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e
(20:02:12) Mans: After that, this hash value will need to be verified with the hash indicated, that is, open the QuickHash program there, run our file and in the algorithm that it is presented to us, everything should match, if the file itself does not match , and there may be a trojan, or something to wiretap for us, or something else bad
(20:02:34) Mans: SHA-256: 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e VeraCrypt Setup 1.21.exe
(20:03:10) Mans: I checked the received hash (https://puu.sh/xQBAz/8905455dd7.png) and as we can see in the screenshot they are identical therefore the files are legitimate and correspond to the digital signature of the developer, and this file is exactly comes from him.
(20:03:41) Mans: And this software in case of infection of your computer with WannaCry or some other bad virus, he will be guilty.
(20:04:27) Mans: For example, it’s like you would have denied as a child that they didn’t gobble up sweets, and your mother pokes evidence in your face, for example, a video recording and says, everything is written down for me, look here. And no matter how you turn away, that's what a digital signature does.
(20:04:53) Mans: Read a few times if you do not understand, and try to delve into this point is really important
(20:05:20) Mans: And what we saw directly on this screenshot (https://puu.sh/xQAFM/e687c816ce.png)
(20:05:58) Mans: This is because Windows verifies the certificate for authenticity, that really such a certificate is registered with such a number is all business.
(20:06:10) Mans: Let's draw an analogy to understand what Windows does when it writes these lines (https://puu.sh/xQBLa/604166ab6c.png) in the certificate
(20:06:38) Mans: You came to the bank with fake money, and they check the money through special solutions or devices, and then the bang and the paint is washed off, or watermarks do not appear and you are told that your bills do not correspond and this fake, so is Windows.
(20:07:27) Mans: That is, if someone else rewrote all the certificate data and made a copy of the certificate for signing, with such data, it would not correspond to reality well - this is a more complicated topic, but I think it’s clear.
(20:07:49) Mans: And if the verification fails, you usually see this warning (https://puu.sh/xQC61/ef80678f6b.png)
(20:08:16) Mans: This means that the file does not have a digital signature or Windows (remember the bank employee) does not trust this digital signature (and in the case of the bank employee, it does not trust in your banknote) you can I’ve described the method above (and the bank employee can also check it on his device or there by applying solutions).
(20:09:19) Mans: In Linux, this is simple, since you just don’t install proprietary software, since all software is usually installed from official repositories, where all the checks go through, you can find out more what a repository is and other things here
(20:09:41) Mans: Write this article as your homework for self study
(20:10:18) Mans: Let’s go through this material again, because I’m sure for some it all may seem rather difficult to understand.
(20:10:25) Mans: https://puu.sh/xQAFM/e687c816ce.png - watch signing
(20:11:00) Mans: So, the value of the hash (of the program itself, that is, if the dude himself drove it through QuciHash), which was encrypted using the private key (his personal key, his personal fingerprint on the network, so to speak) of the sender or software release. This is a digital signature.
(20:11:11) Mans: It provides authentication, non-repudiation, and integrity. And if you encrypt something and in addition provide it with a digital signature, then you can achieve confidentiality along with authentication, non-repudiation and integrity.
(20:11:51) Mans: Digital signatures verify that a program or anything else is received from a specific person or publisher, and they protect the software or messages from modifying them after they have been published or sent.
(20:12:04) Mans: On this I think we figured out the digital signatures.
(20:12:52) Mans: On my own I’ll add you have a great video that I recorded for you there is a certificate and key hash check
(20:12:58) Mans: if you watched it, you should understand what it was about, I tried to drive and show with the mouse there. So I think there should be no difficulties in this aspect
Let's move on to End-to-End Encryption (E2EE)
(20:13:22) Mans: End-to-end encryption is that the data is encrypted by the sender and decrypted only by the recipient. If you want to avoid tracking, mass surveillance, hackers and so on, then you need this type of encryption of the transmitted data.
(20:13:51) Mans: Examples of end-to-end encryption technology are such things as PGP, S / MIME, OTR, which stands for “off the record” (Russian “not for recording”), ZRTP, what stands for Z in the RTP protocol, as well as SSL and TLS, implemented correctly, all of this can be used as end-to-end encryption.
(20:14:37) Mans: Companies that develop software that uses end-to-end encryption and zero-disclosure systems cannot disclose details of the exchange of data to your enemies, even under duress, even if they themselves wanted to. This is the advantage of zero-disclosure end-to-end encryption.
(20:14:52) Mans: End-to-end encryption provides protection during data transfer, but it is obvious that it cannot protect data after receiving it. Next you need another protection mechanism. Use end-to-end encryption wherever possible.
(20:15:37) Mans: Using secure HTTPS on all websites is becoming increasingly necessary, regardless of the type of data transferred.
(20:16:19) Mans: Let me show you what END-TO-END encryption is for example with websites
(20:16:26) Mans: This is a digital certificate, the same as a digital signature, there are a number of differences, there are certification authorities, etc. you usually don’t come across this; I won’t describe who is interested in google “Key Certification Authorities and HTTPS” and “Digital certificates”
(20:16:31) Mans: https://i.imgur.com/vu8CtAA.png
(20:16:35) Mans: https://i.imgur.com/b5keJaP.png
(20:17:28) Mans: A green lock in a URL or HTTPS means that your ISP or, let's say, the government, they can only track the target domain. What does it mean?
(20:18:07) Mans: Let's say an attacker is located between us and Google in the same way as in the case of sending a message in the infographic above. He will not be able to find out exactly what I was looking for, because this is the end (or subscription from English end-to-end) encryption between my browser and server.
(20:18:47) Mans: Let's look at a visual example and see what the provider can find out about us.
(20:18:52) Mans: First, we will use an example of an unencrypted connection using an HTTP connection.
(20:19:21) Mans: HTTP, HyperText Transfer Protocol - a widespread data transfer protocol, originally intended for the transfer of hypertext documents (that is, when you click on a word in an article, go to another web page).
(20:19:30) Mans: By default, the HTTP protocol uses TCP port 80.
(20:19:57) Mans: For the screenshots below, I will use the program for analyzing WireShark network traffic.
(20:20:32) Mans: For the experiment, I took a site based on the uznayvse.ru HTTP protocol after I click on the link, the request from the site will be displayed in the WireShark program window under the number 1-n, but let's look right away for what each program window for better assimilation of material.
(20:20:35) Mans: https://puu.sh/xxprc/f66caaecd9.png
(20:20:45) Mans: 1. This area is called Packet List - in it you can see which server is exchanging data, the protocol that is used and general information about frames.
(20:21:26) Mans: 2. The next area is called Packet Details - it displays the details of the packages that were selected in the Packet List.
(20:21:52) Mans: 3. And the last area is called Packet Bite - it displays the 16th display of this package, also displays an offset in the form of a ask, and also if we right-click on this area we can see how all this will be ironed in bits.
(20:22:12) Mans: This is what happens when you click on a link, all traffic data is immediately filtered
(20:22:19) Mans: https://i.imgur.com/TJvYxzB.gif
(20:22:40) Mans: Let's take a look at the received packets in more detail and learn more about tracking, analysis, etc.
(20:22:48) Mans: https://i.imgur.com/FVVoABb.jpg
(20:23:04) Mans: 1. Forwarded packets by our filter
(20:23:21) Mans: 2. The target domain, that is, the main page of the site without any heresy after the slash "/"
(20:23:30) Mans: 3. User agent, that is, browser settings, operating system version and other parameters ..
(20:23:53) Mans: 4. Referer - indicates from which page we went to this page since we went from a protected page, there were many redirected packages, in the end we referred to ourselves from the same page if For example, I switched from the main page of the site to this one in the referee would be the main page of the site. (see the screenshot below with an explanation to fully understand the meaning).
(20:24:20) Mans: 5. Cookies, or session) Here your password has arrived) You can log into your session as a logged in user and rummage) from a logged in user that is you
(20:24:37) Mans: 6. Well, this is the final page where we are
(20:24:46) Mans: BTW: If you think this is the ceiling that this software can do, then I'm afraid to upset you; this is just the tip of the iceberg
(20:26:09) Mans: https://i.imgur.com/75Zcarg.jpg
(20:26:21) Mans: In order for you to have no doubts after reading, I decided to parse these points by going from one page of the website to another and as we can see:
(20:27:01) Mans: 1. Refer - indicates the previous page that we analyzed from it we came to this page
(20:27:08) Mans: 2. What page are we on now?
(20:27:53) Mans: As we can see on its own, the HTTP protocol does not imply the use of encryption to transmit information. However, for HTTP there is a common extension that implements the packaging of transmitted data in the SSL or TLS cryptographic protocol.
(20:28:23) Mans: The name of this extension is HTTPS (HyperText Transfer Protocol Secure). For HTTPS connections, TCP port 443 is usually used. HTTPS is widely used to protect information from interception, and also, as a rule, provides protection against man-in-the-middle attacks if the certificate is verified on the client, and however, the private key of the certificate was not compromised, the user did not confirm the use of the unsigned certificate, and certificates of the certificate authority of the attacker were not implemented on the user's computer.
(20:29:15) Mans: https://i.imgur.com/IApps4z.jpg
(20:29:35) Mans: 1. Google - has a secure HTTPS connection protocol
(20:29:45) Mans: 2. Data request packet over the secure HTTPS protocol
(20:29:55) Mans: 3. As we see in the package details we only have Encrypted Application Data: 0000000000000016eec0818f25b5eb9bd4690883155a74b6 ...
(20:30:21) Mans: we have no other (additional) information that is contained on web pages or where the person is located
(20:30:31) Mans: 4. Since we have a 2-digit IP address with which server the packet is exchanged, we look at what this IP address is and based on the data we can conclude that the person located on the Google landing page.
(20:31:05) Mans: Essentially, using HTTPS is safe, and as I said earlier, that: Companies that develop software that uses end-to-end encryption and zero-disclosure systems cannot disclose details of the exchange of data to your enemies, even under duress, even if they themselves wanted it. This is the advantage of zero-disclosure end-to-end encryption.
SSLStrip - remove HTTPS
(20:31:27) Mans: But also based on this there are attacks to remove SSL, let's quickly figure out what it is ??
(20:32:27) Mans: Any attacker who can be located between the source and destination of traffic, in our case COMPUTER and SERVER, this attacker can make an attack of the form “Man in the middle” (Russian “Man in the middle”). One of these attacks, which requires very small skills and resources, is called SSL stripping (rus. "Removing SSL"). The attacker acts as a proxy here and replaces the encrypted HTTPS connections with HTTP connections.
(20:32:34) Mans: Let's open a screenshot and see what it is https://puu.sh/xQFWy/edbaf90d7a.png
(20:32:53) Mans: 1. As we can see, we are sending a request with http
(20:33:18) Mans: 2. It goes through SSLStrip and does not change, it also goes further
(20:33:29) Mans: 3. The server sees that you came through an insecure protocol without encryption and changes it to secure using encryption, that is, HTTPS (that is, 301 or 302 redirects are performed - this is configured on the server)
(20:33:57) Mans: 4. SSLStrip sees that the server has sent you a request in HTTPS (see clause 3) and automatically changes it to insecure as well, that is, to HTTP thereby removing TLS encryption
(20:34:28) Mans: SSLStrip here proxies the response from the web server, simulating your browser, and sends you the HTTP version of the site back. The server will never notice the differences.
(20:35:09) Mans: Since the server thinks that you are communicating over the secure HTTPS protocol, since it does not see that the attacker (SSLStrip) has changed the protocol to unsafe for you
(20:36:29) Mans: And what you see is almost indistinguishable from a genuine site. Let me show you what the website should look like.
(20:37:24) Mans: https://puu.sh/xQHeu/014bf0515b.png
(20:38:43) Mans: 1. We see a secure version of carder.market, that is, with end-to-end encryption
(20:38:52) Mans: 2. Now I have done HTTPS-stripping (SSL removal - SSLStrip). And this is the version of the site after the attack.
(20:39:56) Mans: As you can see, the difference is that you now do not have HTTPS and most people will not notice this difference. And as I said, the server will never notice that something is wrong, because it communicates with a proxy that behaves just like you would.
(20:40:02) Mans: https://i.imgur.com/i0Hr9em.png
(20:40:07) Mans: https://i.imgur.com/SHYhxql.png
(20:40:12) Mans: https://i.imgur.com/qLqO8qp.jpg
(20:41:20) Mans: The text above, and I advise you to read it, read it this way, since highlighting with color will help you easier to master the material
(20:41:57) Mans: https://youtu.be/0wpxrPD90a4 - 1 Part MITM. How is the MITM attack carried out.
(20:42:10) Mans: https://youtu.be/quZjKlrmCvQ - 2 Part of MITM. We attack the network with MITM methods
Epilogue
(20:43:40) Mans: Encryption is a fantastic tool for privacy, security and anonymity, it is a tool that really works and attackers (hackers) will try to avoid it.
(20:43:56) Mans: In simple terms .. No fool would ever make a direct attack on encryption.
(20:44:12) Mans: As the saying goes, a smart mountain will not go, a smart mountain will go around. And you should keep that in mind. And all they can do is find weaknesses.
(20:44:23) Mans: Remember the case of Ross Ulbricht, the creator of the Silk Road, he was caught on a captcha. That is, on a simple little thing, since people forget about the most important thing, namely about the simplest things .. Azah so to speak.
(20:44:52) Mans: That is, no one will ever crack your passwords, etc. it is much easier for them to install a keylogger on your system, or send you a link to a site with an infected JS script and perform an attack, or a PDF file, etc. .
(20:45:17) Mans: But as I said encryption, no one will ever want to break. Attackers will simply try to circumvent encryption. You should keep this in mind.
(20:45:31) Mans: Security is the so-called weak link phenomenon. It is as strong as the weakest link in the chain. Strong encryption is often a strong link.
(20:46:00) Mans: We human beings are usually the weakest link. As they say my tongue is my enemy
(20:46:38) Mans: At this, my lecture and my Epilogue came to its logical conclusion!
(20:46:50) Mans: Now set? and drove over
(20:47:22) Valan: "As we can see, the hash amount of the downloaded file corresponds to the hash amount given to us from the official Microsoft website"
But we already downloaded the file on our laptop, could we bring the virus along with the downloaded file?
How to check without downloading a file?
(20:50:06) Mans: Valan, so as not to bring the virus to the PC, we always download files from off sources. We never download files from obscure sites. If we are afraid to download the file to the base, then for a start we download to the virtual machine, everything is checked there, and only then we transfer it to the PC.
(20:50:20) xevious: Can I get these photos in English? It would help a lot more.
(20:51:24) Mans: xevious, of course you can redo it, but it will take some time.
(20:51:45) Mans: let's think about how to make it more convenient for you.
(20:51:50) bloomberg: as I understand it, in the asymmetric sender and the recipient exchange public keys and already decrypt the message with their own private keys? There are no questions as such, because you still need to read and sort through the shelves, the only other question is how much Does this come in handy for us?
(20:52:51) xevious: any method on how? Because I can not copy text from a PNG file. If someone printed this, I could translate it and make photoshop so that we had its English version.
(20:53:14) Mans: There is no one in the hole itself, but understanding how security works and that you don’t need to download all the crap to your PC, this will come in handy. Let me give you an example.
(20:53:49) BruseLee: xevious: try google translator from photo
(20:54:42) Valan: In order to find the original hash, for example, you need to find the offsite via Wikipedia, write a request through the operator in Google with the addition of Hash?
(20:55:57) Mans: Karj brings quick money, that an ordinary person at regular work can earn in a year or two, you can earn in a month. But you keep almost all of the coin in the BTC, and so an understanding of these fundamentals will save you from the fact that you will not get a stilak and your blood grandmothers will not be blown away. We had people. He worked fine, but he knew the dicks of security, and as a result, about 50 cue balls were poured from him when they drove a stylak onto him. And merged in the year 17, when the cue ball was worth it. I think understanding of this will come to you over time.
(20:56:17) Mans: Valan, you wait now for your turn, do not immediately duplicate the question.
(20:56:51) kon_sta_1: What should I do and does it mean that I’m attacked, and my home Internet is compromised if, when I try to access carder.market, I’m already faced with an insecure connection?
(20:57:35) kon_sta_1: At the same time, my Google page is still protected or other https pages
(20:58:46) Mans: kon_sta_1, no, of course. it’s just that when you enter the VVH you find yourself in a mirror that goes without an SSL certificate. there is nothing to worry about. This happens when they tell us and we don’t always have time to throw encryption on the mirror.
(20:59:45) Serrwrtet: In what cases should WireShark be used in our work? Examples?
(21:02:47) Mans: Serrwrtet, it is precisely in the kart that there is no need for this software. It is to monitor traffic. This can come in handy when writing software or parsers / checkers.
(21:03:04) Mans: Valan, that's right.
(21:03:12) Kto-to: Kak ponyat 'chto ya chto-to podcepil. Kak proverit 'i chto delat'
(21:05:22) Mans: Kto-to, you won’t understand it until the grandmas leave the card or the anti-virus starts to sound the alarm. We put an antivirus when a trojan gets into blackout, you will find out about it. What to do, clean the OS completely and do not download anything on the basis.
(21:05:47) Mans: Remember, all files start from TXT and ending with pictures we open only on the virtual.
(21:05:58) Mans: Since all the gluings are small
(21:06:09) Reimon: Can a provider conduct a man attack in the middle? I'm talking about the law of Spring. SORM.
(21:07:57) Mans: Reimon, SORM - I think they can do anything. because of this, we always use vpn.
(21:08:18) xevious: How does this work for people living outside of Russia? Should I always use vpn when entering the forum or does it not matter. Maybe because the Russian site is suspicious
(21:08:32) Devi Johns: Regarding the keylogger, like Neo Spy, how to determine what it costs? Suppose someone puts it and without a special password does not open it. Also encryption in fact.
(21:09:36) Devi Johns: I mean that such programs are often covered by programs from the developer.
(21:11:06) Mans: xevious, for all people who are connected with darknet and no matter where they live! the main rule is to ensure the safety of your workplace. We always use VPN. Starting from surfing on our forums and ending with driving in and working in other directions.
(21:14:01) Reimon: Is it safe to enter tor through browser? Passwords do not steal on the last node?
(21:14:26) Mans: Devi Johns, monitoring the task manager. there should this process be visible.
(21:14:56) BruseLee: Reimon: I advise you to put an authenticator)
(21:15:42) kon_sta_1: Which antivirus do you recommend?
You can ask for a link to a verified source
(21:16:31) Mans: kon_sta_1 https://www.esetnod32.ru/ https://ru.malwarebytes.com/
work out normally
(21:17:56) Rarka_: please remind me which good link you haven’t saved since the first lecture (
(21:20:21) Mans: Rarka_ all the info is in the first posts. https://mullvad.net/en/
(21:20:32) jayall87: 1. po VPN: kak proishodit zashita dannyh? provaider vse ravno vidit paketi kotorie uhodyat v storonniy server i prihodyat iz nego. mozhno nemnogo podrobnee please i 2: pri karzhe kakim inetom polzovat'sya? domashnim wifi ili s levoy sim?
(21:24:43) Mans jayall87 -https: //wifigid.ru/poleznoe-i-interesnoe/vpn read. everything will be clear here.
(21:25:14) Mans: You can use a wire, BUT! do not forget about vpn and socks.
(21:25:43) Mans: So she is completely in English. you need a ru version.
(21:26:22) Mans: XP builds on VBox
Assembly for communication and surfing (RU language)
https://drive.google.com/open?id=0B4_swz4ZHnoja2pPQzVyeF91M0E
(21:26:45) Serrwrtet: Is it safe to have a shared folder between the host and the virtual machine?
(21:27:11) Mans: Serrwrtet, I would not advise. The total buffer for your eyes should be enough.
(21:27:25) Boat: 1.How can I find out if a VPN seller keeps logs? 2. And if you use a wired Internet, from whom can I buy a flashed router?
(21:28:13) Mans: Boat: 1. You won’t know at all, just for conscience or to raise your own VPN, which definitely does not keep logs. 2. Yes, there are enough offers on the forum.
(21:29:05) xevious: Is there a way to delete everything and start all over again? If I used a new provider and after that only used vpn, I would be safe. Would that be my only option again being full anony?
(21:30:22) Mans: xevious, no, so this doesn't work. don't be paranoid! we buy vpn and quietly study \ work.
(21:32:49) Valan: If I’ve connected to my home waffle at least once without VPN, but haven’t done anything illegal yet, only later, is it still necessary to burn the hut and leave?
(21:33:46) Mans: Valan, it’s better to fly to the moon or Mars, they won’t find you there)) And of course not, we live and work as before without panic and fuss.
(21:35:04) Mans: no question
(21:35:09) Mans: Thank you all for sending!
(21:35:12) Mans: Till tomorrow
(21:35:17) Mans: now I’m throwing HW
(21:35:24) Mans: to the main
[00:05:13] <crow> All questions tomorrow at the end of the second part
[00:08:44] <crow> Greetings to all at this lecture today, I would like to discuss the pressing issues that many people get stuck in their heads.
[00:09:17] <crow> Since this lecture is an introductory one, or rather, it starts at the beginning of your training, we will smoothly dive into the training sections.
[00:10:02] <crow> If you think this information seems useless (unnecessary) to you - it seems to you, if you think that you know much more about this or the lecturer is wrong - most likely it seems to you.
[00:10:27] <crow> But I am always happy to listen to criticism and correct my mistakes and to reconsider my view of pressing problems.
[00:10:37] <crow> Introduction
[00:11:12] <crow> Now let's talk about encryption, what is it and why you need it, let's start with the definitions.
[00:12:45] <crow> Encryption (https://en.wikipedia.org/wiki/Encryption) is a method of converting data that is readable by a person, they are called plain text in a form that a person cannot read , and this is called ciphertext. This allows you to store or transmit data in an unreadable form, due to which they remain confidential and private.
[00:12:57] <crow> Image: https://i.imgur.com/SsYAeh4.png
[00:14:01] <crow> What we see from this infographic above is that encryption algorithms pass your data through software filters that use unpredictable mathematical processes to convert readable text into long strings of meaningless characters.
[00:14:26] <crow>> This is how encryption works, and the whole problem is solved, you protected the transmitted data with encryption.
[00:14:57] <crow> But in order to read the encrypted data, you need to decrypt it, so let's analyze this definition too.
[00:16:30] <crow> Decryption (http://cryptography.ru/docs/decryption/) is a method of converting encrypted text back to human-readable text. If you perform a simple search on Google, you will see the HTTPS sign and the presence of a green lock icon here, which means that all the contents of web pages are inaccessible to people who monitor data transmission over the network.
[00:17:57] <crow>> That is, for example, your provider writes all your traffic (monitors you on the Internet) about what you are doing, since you use TLS encryption, that is, in other words, HTTPS, the provider can not find out what exactly you are viewing on the site, he can only find out which site you are on, that is, which site is exchanging data with.
[00:18:18] <crow>> But what exactly is not, because the data is transmitted in an encrypted, unreadable form.
[00:18:40] <crow> Now, if briefly about how encryption and decryption work, let's move on.
[00:18:55] <crow> What encryption methods are there?
[00:19:09] <crow> In general, there are only two encryption methods, these are:
[00:19:35] <crow> - Symmetric encryption - uses the same key for both encryption and decryption.
[00:20:20] <crow> - Asymmetric encryption - uses 2 different keys: one for encryption (also called public), the other for decryption (called private) or vice versa.
[00:21:08] <crow> These methods solve certain problems and have both advantages and disadvantages. The specific choice of the method used depends on the purposes for which the information is encrypted.
[00:21:15] <crow> https://youtu.be/89JyxcVn0lE
[00:21:28] <crow> The main goals of encryption
[00:21:58] <crow> The main purpose of encryption is used to store important information in encrypted form.
[00:22:49] <crow> Generally, encryption is used to store important information in unreliable sources and transmit it through insecure communication channels. This data transfer is a 2-mutually inverse process:
[00:23:17] <crow> - Before data is sent over the communication line or before storage, it is encrypted.
[00:23:41] <crow> - To restore the original data from encrypted data, the decryption procedure is applied to them.
[00:25:05] <crow> Encryption was originally used only to transmit confidential information. However, later they began to encrypt information in order to store it in unreliable sources. Information encryption for the purpose of its storage is used now, this avoids the need for a physical secure storage (usb, ssd disks).
[00:25:19] <crow> Symmetric encryption method
[00:25:35] <crow> Let's take a look at the infographic below
[00:25:43] <crow> https://i.imgur.com/RnqOKMN.jpg
[00:26:00] <crow> - The sender sends an encrypted message: `Hello, Marfa`
[00:26:32] <crow> - Attackers intercept this message, but since they do not have a decryption key, they only see the character set: `% # & $!`
[00:27:21] <crow> - The recipient, having the decryption key, can easily read the message that the sender sent in encrypted form, and he already sees the sender's text in its original form: `Hello, Marfa`
[00:27:59] <crow> It will not be an exaggeration to say that encryption is the best tool in our arsenal for protecting against hackers and snooping.
[00:28:18] <crow> Generally speaking, in simple words, there are two main components of encryption
[00:28:53] <crow> - The encryption algorithm - is known publicly and many, many people have carefully studied it in an attempt to determine whether the algorithm is strong.
[00:29:19] <crow> - Secret key - you can imagine that the secret key is a password and it must be kept secret.
[00:29:31] <crow> Image: (https://i.imgur.com/XIYsooA.jpg)
[00:30:03] <crow> See for yourself the infographics above, and based on the video above, you already understand that the secret key is the password.
[00:30:26] <crow>> It turns out the algorithm can be represented as a lock, and the secret key is the key to this lock.
[00:30:51] <crow> In symmetric cryptosystems, the same key is used for encryption and decryption.
[00:31:52] <crow> Based on the infographics above, let's look at an example, I want to send Martha some kind of file, but I don’t want some 3 persons to be able to view it. For clarity and ease of use, I decided to encrypt this file with 7-Zip.
[00:32:22] <crow> Using the same type of encryption (1st key), sectors / disks in VeraCrypt, TrueCrypt are encrypted and also take them as an example.
[00:32:34] <crow> Image: (https://i.imgur.com/X0UMRdW.jpg)
[00:32:49] <crow> Let's take a look at the screenshot above:
[00:33:33] <crow> 1. The encryption algorithm is a mathematical process of converting information into a string of data that looks like a random set of characters and letters.
[00:34:22] <crow> 2. A hash function is a conversion of input data, in our case carder.market, into an output bit string. The objective of the function is to ensure integrity and to detect unintended modifications.
[00:35:04] <crow> 3. AES-256 - indicates which algorithm is used (AES) and what block size (256), as we see in 7-Zip there is no possibility of detailed settings than in VeraCrypt.
[00:36:04] <crow> 4. Using the entered password, your key will be generated for the selected encryption algorithm (in our case AES-256), for decryption you will need to specify the decryption algorithm if available and enter the password in our case again carder.market
[00:36:48] <crow> At the output we get an encrypted archive, which, for unpacking and receiving information that is inside, you need to enter the decryption key, in simple terms, the password.
[00:37:22] <crow> You may have noticed that the symmetric block encryption algorithm - Advanced Encryption Standard (AES) was used for encryption.
[00:37:56] <crow> In this algorithm, only the 1st key is used, the key is created using our password (see paragraph 4 for clarity of conversion)
[00:38:32] <crow> You can also choose what block size will be used for 128/256/512/1024 bits, in our case there were only options for 256 bits and 512 bits.
[00:39:40] <crow>> BTW: Imagine a door and many locks on it. It will take you a long time to open or close this door. Also with algorithms, the higher the bitrate, the stronger the algorithm, but the slower it encrypts and decrypts, you can consider this the strength of the algorithm.
[00:40:30] <crow> 256/512 bits is also the amount of key space, that is, a figure indicating the total number of different keys that you can get using this encryption algorithm.
[00:40:54] <crow>> BTW: To crack a symmetric cipher, it is necessary to enumerate 2 ^ N combinations, where N is the key length.
[00:42:05] <crow> To crack symmetric encryption with a 256-bit key length, you can create the following number of combinations, that is, possible keys: 2 ^ 256 = 1,157920892? 10 ?? or if you decompose 1.157920892? 10 ^ 77 in the calculation, the following number of possible variations is obtained (this is a 78-bit number).
[00:42:16] <crow> Here is the number:
[00:42:44] <crow> 2 ^ 256 = 115792089237316195423570985008687907853269984665640564039457584007913129639936
[00:43:14] <crow> If you can check for yourself this number on any engineering calculator, here's an example (https://web2.0calc.com/).
[00:44:11] <crow> Thus, for everyone who doubts the safety of a chance of a collision of 2 ^ 256, there is a number: there is a chance that the collision will have 1 of more than 1.1579209e * 10 ^ 7 = 78-bit number (the higher number)
[00:44:56] <crow> All this means that the key is extremely difficult to find, even with very powerful computers, but on the condition that you use a long and random password when generating the key.
[00:45:52] <crow>> BTW: We’ll talk about the password separately, which one to use, etc. Together with the programs and why. In order not to clutter up your brain with unnecessary information at this stage, so keep your head busy, now let's talk about everything ..
[00:46:48] <crow> People and governments are constantly trying to crack encryption algorithms. In this article I will give you a list of algorithms that are good and which are not, which of them are crackable, and which today are impossible to crack.
[00:47:04] <crow> Symmetric encryption algorithms:
[00:47:49] <crow> There are quite a lot of them, if you want to familiarize yourself with them, visit this page (https://www.veracrypt.fr/en/Encryption Algorithms.html).
[00:48:13] <crow> If you do not want to understand and you just want to ask me what I would recommend:
[00:49:33] <crow> Advanced Encryption Standard (AES) is a symmetric block encryption algorithm (block size 128 bits, key 128/192/256 bits), adopted as the encryption standard by the US government according to the results of the AES contest. This algorithm is well analyzed and is now widely used, as was the case with its predecessor DES.
[00:49:56] <crow> Advanced Encryption Standard (AES) is a generally accepted standard for symmetric encryption.
[00:50:39] <crow> For maximum protection, use AES-256 or more anywhere where possible, the AES encryption algorithm itself is fast and today it is impossible to crack.
[00:50:53] <crow> Asymmetric encryption method
[00:52:06] <crow> Very smart people invented this encryption using public and private keys and algorithms based on the complexity of certain mathematical problems. I will not go into the mathematical details, because understanding them is not necessary for your protection.
[00:52:53] <crow> For the right choice of security features, you just need to have a basic understanding of the algorithms and the robustness of the algorithms, as well as the cryptographic systems that you are going to use.
[00:54:15] <crow> As we know in the symmetric encryption method, the 1st secret key is used, while in the asymmetric encryption methods (or public key cryptography), one key (public) is used to encrypt information, and for decryption another (secret). These keys are different and cannot be obtained from one another.
[00:54:33] <crow> Let's fix this material right away:
[00:55:09] <crow> - Symmetric encryption method - 1st key, uses the same key for both encryption and decryption.
[00:55:40] <crow> - Asymmetric encryption method - 2 keys public (public from Eng. Public) and private (private from Eng. Private)
[00:56:05] <crow> I would recommend that you watch a short video on how the Asymmetric Encryption Method works
[00:56:12] <crow> https://youtu.be/sGFbM-X6W_4
[00:56:59] <crow> When I talked about symmetric encryption earlier, we encrypted the file for Martha, but since it is symmetric encryption, to open this file you need a key that I used to encrypt the file.
[00:57:26] <crow> The question arises, but how to transfer the key (password) in a safe way so that Martha can decrypt the file?
[00:58:01] <crow>> In the modern world, the best way to transmit something and to be sure of the delivery of information to the specified recipient is personally in your hands.
[00:59:02] <crow>> But this is not a good idea, since we may simply not know where the addressee is located, or it may be so far away that delivering something “personally in hand” becomes problematic, or maybe we just need anonymity.
[00:59:38] <crow> In this case, you can use Martha’s public key, which she previously posted somewhere, so that people can contact her.
[01:00:20] <crow> And here many have the question, why do we need all these troubles, if I can, for example, contact Martha using some kind of encryption in any other messenger?
[01:00:58] <crow> Yes, that's right, but the essence of asymmetric encryption, when you encrypt something using PGP encryption, you do not need to trust a third party.
[01:02:02] <crow> When encrypting the message with the public key of the marfa, you will be sure that the message will be read only by the owner of the private key, that is, the marfa, this guarantees sending to the source, the owner of the private key, which in our example is the marfa.
[01:02:45] <crow> But since anyone can use the public key, you guarantee the anonymity of your message when sending, since anyone can use the public key.
[01:04:26] <crow> The difference is that in asymmetric encryption there is a public key that is created to be known to any person, that is, it is a public key, and there is a private key that should always be kept secret and to be private. These keys are mathematically related and both are generated at the same time. They must be generated simultaneously, because they are mathematically related to each other.
[01:06:11] <crow> Any website that uses HTTPS has public and private keys that are used to exchange a symmetric session key to send you encrypted data. This is a bit like the zip file we saw. They use these public / private keys and then they need to send another key, such as the key that we use for the Zip file, in order to encrypt (we will analyze end-to-end later)
[01:06:28] <crow> REMEMBER, REMEMBER and REMEMBER again:
[01:06:50] <crow> - If you are encrypting using a private key, you need a public key for decryption;
[01:07:12] <crow> - If you are encrypting using a public key, you need a private key for decryption;
[01:08:12] <crow>> In asymmetric encryption, if the message is encrypted with the 1st key, then the 2nd key is needed to decrypt this message. If you are encrypting using a private key, then you need a public key for decryption.
[01:09:13] <crow> If you are encrypting using a public key, then to decrypt you need a private key. It is not possible to encrypt and decrypt with the same key, and this is extremely important. For encryption or decryption, you always need interconnected keys.
[01:09:51] <crow> But why encrypt with a public or private key? What's the difference? What is the point of using them? Why not use only one of them?
[01:10:24] <crow> Especially for you, I drew an infographic to simply and easily explain the usefulness of these keys and how they can be used.
[01:10:43] <crow> Image: (https://i.imgur.com/x5e8urO.jpg)
[01:11:22] <crow>> BTW: In this infographic, 2 encryption methods are considered, first we will deal with the green arrows, and then with the red ones.
[01:11:40] <crow> 1 way (green arrows) on infographics
[01:12:50] <crow> The method with green arrows shows that the sender encrypts with the recipient’s public key, Martha, which means that you need anonymity and confidentiality so that no one can read the message, except the recipient.
[01:13:41] <crow>> IMPORTANT: Suppose you encrypt a file using the recipient’s public key. A message can only be decrypted by a person who has a suitable private key, that is, Martha's private key.
[01:14:06] <crow>> Since we know that these keys are interconnected, we decrypt one with another and decipher it in no other way.
[01:15:08] <crow> The recipient (Martha) cannot identify the sender of this message. Since the public (public) key is then public, that it is usually shared, and anyone can use Martha's public (public) key for encryption.
[01:16:39] <crow> When the sender encrypts using the recipient’s public key, the message is confidential and can only be read by the recipient, who has a private key to decrypt the message, but as I said earlier, there is no way to identify the sender, when provided, of course, if you yourself do not send any data there for your subsequent identificatio
[01:16:57] <crow> 2 way (red arrows) on infographics
[01:17:31] <crow> All of the above translates into the 2nd method of using public (public) and private (private) keys.
[01:19:23] <crow> If you encrypt with your own private key, it means that you are interested in authentication. In this case, it is important for you to let the recipient know that it was you who sent the encrypted message. To do this, you encrypt with your private key. This gives the recipient confidence that the only person who could encrypt this data is the person who owns this private key, your private key.
[01:19:55] <crow>> EXAMPLE: You are the creator of some kind of software, but the government is indignant and impedes your activities in every way.
[01:20:03] <crow>> We will simulate the following situation:
[01:21:22] <crow>> Let's say I want to download this software, the hash of this file is indicated here, however, if the website is compromised, it means that attackers could replace this file for download and add a trojan or something to spy on me to him, and they could also replace the checksum.
[01:22:16] <crow>> So this hash means nothing. It does not help detect intentional file modifications. We need something else to make sure that this site is actually the official software site.
[01:24:21] <crow> And here we come to certificates, digital signatures and other means. All these documents are obtained as a result of cryptographic conversion of information using a private signature key and allowing to verify the absence of distortion of information in an electronic document from the moment the signature was generated (integrity), the signature belongs to the owner of the signature key certificate (authorship), and in case of successful verification, confirm the signing electronic document (non-repudiation)
[01:24:27] <crow> We’ll talk about this later ..
[01:25:22] <crow> Data encryption with the sender’s private key is called the public message format, because anyone who has a copy of the corresponding public (public) key can decrypt the message.
[01:26:48] <crow> You can take it as if you had officially placed something on the Internet for public access, and since you encrypted it with your private key, anyone can make sure that it is you who left this message. Confidentiality or anonymity is not ensured in this case, but authentication of the sender, i.e. you, is ensured.
[01:28:14] <crow> Next. When various encryption technologies are used in combination, such as those that we mentioned earlier, since they can all be used in combination and cannot be used separately, they are called a cryptographic system, and cryptosystems can provide you with a number of security tools.
[01:28:47] <crow> A cryptographic system can provide you with a range of security features. Among these tools:
[01:29:18] <crow> 1. Confidentiality - the need to prevent the leakage (disclosure) of any information;
[01:29:46] <crow> 2. Authentication is an authentication procedure, that is, we know that Martha is real Martha and no one else;
[01:30:20] <crow> 3. Prevention of rejection - which means that if you sent an encrypted message, then you will not be able to begin to deny this fact;
[01:30:43] <crow> 4. Reliability - the authenticity of the fact that the message has not been modified in any way.
[01:31:45] <crow> Examples of cryptosystems are any things that use encryption technology, these are: PGP, BitLocker, TrueCrypt, VeraCrypt, TLS, even BitTorrent, and even the 7-Zip we used to encrypt the file in a symmetrical way encryption.
[01:32:29] <crow>> FOR EXAMPLE: In order for us to send our file to Martha, we can use Martha's public key to encrypt files, or to transfer anything encrypted.
[01:33:30] <crow>> But for starters, of course, we need Martha’s public key, it’s enough to get it 1 time in some secure way, this is important, and after that we can always send encrypted messages available for reading exclusively to Marthe.
[01:34:14] <crow> PGP - This is a system that we can use for these purposes, it uses encryption technology for messages, files and other information presented in electronic form
[01:35:36] <crow>> DEFINITION: PGP (Pretty Good Privacy) - a computer program, also a library of functions that allows you to perform encryption and digital signing of messages, files and other information presented in electronic form, including transparent encryption of data on storage devices, for example, on a hard disk.
[01:35:50] <crow> For these purposes we can use Jabber + PGP or OTR.
[01:36:03] <crow> For the first time I’ll say this toad with OTR you eyes
[01:36:37] <crow> If you do not own suppliers conditionally where you need to have a secure contact and always know that the person is who he claims to be
[01:36:42] <crow> so OTR fuck up
[01:37:28] <crow> But let's get back to encryption. When it comes to cryptography using public and private keys or asymmetric encryption, there are both strengths and weaknesses.
[01:37:48] <crow> Asymmetric encryption - public and private keys:
[01:38:52] <crow> 1. The best distribution of keys is because Martha can put her public key directly in her signature and anyone will be able to send her encrypted messages or data that only she can read.
[01:40:06] <crow> 2. Scalability - if you use symmetric keys and want to send your file to Martha and, say, 10 more people, you will have to transfer your password 10 times. It is completely scalable. Asymmetric algorithms have better scalability than symmetric systems.
[01:41:03] <crow> 3. Authentication, failure prevention - this means that if you sent an encrypted message, then you will not be able to start denying this fact. Since it was encrypted with a private private key, your private key
[01:42:08] <crow> 4. Slow - if you look at the message length in bits (see the screenshot below) after asymmetric algorithms work, you will notice that it is much larger than encryption algorithms with symmetric keys, and this is evidence of how slower they are.
[01:42:45] <crow> 5. Mathematically-intensive - The longer it is in bits, the greater the number of mathematical operations, and, consequently, the greater the load on the system.
[01:43:02] <crow> Symmetric encryption - private key:
[01:44:13] <crow> 1. Fast - if you look at the message length in bits (see screenshot below) after the symmetric algorithms work, you will notice that it is much smaller than encryption algorithms with asymmetric keys, and this is evidence of how fast they are.
[01:44:51] <crow> 2. Reliable - Look at the above about AES-256 where I was calculating the number 2 ^ 256 and see for yourself, and there are 384/512/1024 and more ..
[01:45:13] <crow> For a visual demonstration, look at this infographic below:
[01:45:25] <crow> Image: (https://i.imgur.com/2AznMXl.jpg)
[01:46:59] <crow> In order to fix the material, let's return to the analogy with the number of locks on the door. With public and private keys, many, many locks hang on the door, so encryption and decryption take much longer. For the central processor, this is a large amount of mathematical operations, which is why there are hybrid systems, or hybrid cryptographic systems.
[01:48:11] <crow> Public and private keys are used to exchange negotiation keys, and we use symmetric algorithms such as AES to encrypt data, thereby maximizing the benefits. HTTPS, using the TLS and SSL protocols, is an example of a similar type of hybrid system, like PGP.
[01:49:18] <crow> Next, we will talk in more detail what encryption consists of as a whole short introductory course, we passed advise you to write down all the main points, in the future it will be precisely understanding that will help you in your work. Configuring servers, understanding other aspects of what is safe and what is not.
[01:50:33] <crow> On this, the first part of my lecture on encryption came to its logical conclusion, tomorrow we will analyze in more detail those moments and questions that you may have today after this lecture and will more deeply drop into the encryption niche . We’ll also talk about many aspects of encryption in general.
[01:51:01] <crow> All in all for today
[01:51:17] <crow> If you have any questions, write them down and ask tomorrow after the lecture
[01:51:36] <crow> Have a nice evening everyone
[01:51:45] <crow> And see you tomorrow
--------
Lecturer: Mans77
(19:17:05) Mans: Lahn, chased
(19:26:01) Mans: Now I will give a lecture more quickly so that we can still answer questions normally.
(19:26:06) Mans: And the toad troit
(19:26:13) Mans: Today there will be another HW
(19:26:16) Mans: important
(19:27:02) Mans: Today we’ll talk in more detail what encryption consists of as a whole, a short introductory course, we went through, let's go deep into what the hash itself, etc.
(19:27:30) Mans:
Hashing
(19:27:51) Mans: Hashing is the conversion of an array of input data of arbitrary length into a (output) bit string of a fixed length, performed by a specific algorithm. A function that implements the algorithm and performs the conversion is called a "hash function" or "convolution function." The source data is called an input array, "key" or "message". The result of the conversion (output) is called a "hash", "hash code", "hash sum", "message summary".
(19:28:34) Mans: Image https://i.imgur.com/XOkcgDw.png
(19:28:52) Mans: Let's look at the image, see here:
(19:29:00) Mans: 1. Input
(19:29:11) Mans: 2. Algorithm or hash function
(19:29:47) Mans: 3. Output Resulting output that always has a fixed size.
The hash function accepts input of any size. This can be an e-mail, a file, a word, in our case, the phrase "Hello, carder", and the data is converted using a hash function in the following form
732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
(19:30:18) Mans: https://i.imgur.com/qumM1zD.gif
(19:30:44) Mans: For better assimilation and analysis of the material, let's move away from the dry text and make a visual demonstration
(19:31:40) Mans: As we can see from the animated gif above, our input data is converted using a hashing algorithm, namely SHA-256, into output data of a fixed size.
(19:32:21) Mans: Explanation: As we see, when changing our input data by adding "=)", our output data have a different look, since the multiplier has changed in the bit equivalent. Therefore, the very meaning of the output has changed. When you return to the original input data, the value again had its original form.
(19:32:40) Mans: You can imagine this as an example:
(19:32:46) Mans: 1. "Hello, carder" = 5
(19:32:51) Mans: 2. "Hello, carder =)" = 7
(19:33:07) Mans: 3. "Hello, carder" = 5
(19:33:34) Mans: The hash algorithm itself is the second arbitrary factor, let it be 2, then:
(19:33:47) Mans: analitik99, what do you think?
(19:34:04) Mans: 1. 2 * 5 = 10
(19:34:12) Mans: 2.2 * 7 = 14
(19:34:22) Mans: 3. 2 * 5 = 10
(19:35:00) Mans: So with a hash, only the hashing algorithm has more complex mathematical operations than I mentioned, if you need a specific transformation formula used in the algorithm, see Wikipedia.
(19:35:29) Mans: An important feature of a hash function is that you cannot convert from a hash back to the original input. This is a one-way hash function and does not need keys for it.
(19:36:08) Mans: For an example, again we look at our gif that I gave earlier
(19:36:24) Mans: Hello, carder> SHA-256> 732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
(19:36:44) Mans: As we can see, we used only the input data, which keys we didn’t use, and then we got the resulting output data, which always has a fixed size depending on the type of function that you use.
(19:37:18) Mans: This ensures integrity and allows the detection of unintentional modifications. It does not provide confidentiality, authentication, it does not allow to determine the presence of intentional modification.
(19:38:02) Mans: BTW: There are many examples of hash functions: MD2, MD4, MD5, HAVAL, SHA, SHA-1, SHA-256, SHA-384, SHA-512, Tiger and so on.
(19:38:12) Mans: WHAT TO USE: Nowadays, if you select a cryptographic system, you should use SHA-256 and higher, I mean SHA-384 and SHA-512 and so on.
(19:38:49) Mans: To make it easier to deal with the material, move away from the dry text and simulate the situation
(19:39:01) Mans: Let's say you were given a task to learn to download the Windows 7 Home Premium x64bit operating system
(19:39:35) Mans: We know that this operating system comes from a Microsoft developer, then we go to the search and make the following search request:
site: microsoft.com Windows 7 Home Premium hash
(19:40:32) Mans: https://i.imgur.com/1aluylg.gif
(19:41:14) Mans: operator site: This operator restricts the search to a specific domain or site. That is, if we make a request: site: microsoft.com Windows 7 Home Premium hash, then the results will be obtained from pages containing the words "Windows", "7", "Home", "Premium" and "hash" on the site " microsoft.com ”, not in other parts of the Internet.
(19:42:21) Mans: This information is also key to search for shops using operators in search engines, for more details on how to search using operators in Google, use this article (https://habrahabr.ru/ sandbox / 46956 /).
(19:42:33) Mans: As we can see from GIFs above, I easily found the hash sum of the Windows 7 Home Premium 64bit operating system on the official Microsoft website.
(19:42:55) Mans: Here it is - SHA1 Hash value: 6C9058389C1E2E5122B7C933275F963EDF1C07B9
(19:43:31) Mans: Actually, I would recommend finding hash amounts and searching starting from 256 and higher, but there was only this amount on the off site, so I’ll take what is
(19:43:44) Mans: Next, we need to find a file that matches this hash sum, for this we also use the Google search engine and operators, how to search using operators and what is the link above.
(19:43:58) Mans: inurl: download "6C9058389C1E2E5122B7C933275F963EDF1C07B9"
(19:44:04) Mans: https://i.imgur.com/WYFFiuT.gif
(19:44:55) Mans: After you download this file, using our hash sum you can make sure that this file has not changed, i.e. he has integrity.
(19:45:07) Mans: There are tools you can download to do this. https://en.wikipedia.org/wiki/Comparison_of_file_verification_software
(19:45:36) Mans: One of these tools is Quick Hash (https://quickhash-gui.org), and I will demonstrate how to verify hash sums and verify the integrity of the information received.
(19:45:43) Mans: https://i.imgur.com/6NRRQA6.gif
(19:46:44) Mans: Although in that video in which I threw off yesterday there was a much more perfect example
(19:46:52) Mans: As we can see, the hash amount of the downloaded file corresponds to the hash amount given to us from the official Microsoft website.
(19:47:30) Mans: I will also attach below information on other hashes of this file
(19:47:35) Mans: MD5: DA319B5826162829C436306BEBEA7F0F
(19:47:42) Mans: SHA-1: 6C9058389C1E2E5122B7C933275F963EDF1C07B9
(19:47:48) Mans: SHA-256: C10A9DA74A34E3AB57446CDDD7A0F825D526DA78D9796D442DB5022C33E3CB7F
(19:47:56) Mans: SHA-512: E0CB678BF9577C70F33EDDC0221BC44ACD5ABD4938567B92DC31939B814E72D01FAC882870AB0834395F1A77C2CD5856FD88D2B05FBE1D1D9CCE9713C1AB
(19:48:17) Mans: You may notice that as these digits increase in the hash algorithm, the length of the hash becomes larger as it is the length in bits. SHA-1 is short, 256, 512 and MD5, which is weak and should not be used at all. So this is a way to confirm that the file you downloaded has retained its integrity.
(19:48:32) Mans: Some of you will probably wonder: "What if the file I'm about to download is already compromised?" Let's say we have a website (https://www.veracrypt.fr) of VeraCrypt software (https://ru.wikipedia.org/wiki/VeraCrypt).
(19:48:57) Mans: And I want to download VeraCrypt, the site has hash sums of files encoded in SHA-256 and SHA-512
(19:49:05) Mans: SHA-256: 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e VeraCrypt Setup 1.21.exe
(19:49:12) Mans: SHA-512: 5c68a5a14fa22ee30eb51bc7d3fd35207f58eefb8da492f338c6dac54f68133885c47fa2b172d87836142c75d838dac782b9faca406a2ffb8854cc1d1
(19:50:03) Mans: However, there is one “BUT”, if the website was compromised, it means that the attackers could replace this file for download and add something to it, a trojan or something for surveillance, and they could also replace the checksum.
(19:50:18) Mans: Therefore, the hash means nothing, that is, it cannot detect an intentional modification of the file. And we need something else to make sure that this software really comes from the developer. That the VeraCrypt site is the official VeraCrypt site, etc.
(19:50:39) Mans: And here we come to the certificates, digital signatures and other tools that we will now analyze, but for now let's touch on the not unimportant essence of hashing.
(19:50:58) Mans: I do not want to copy, etc. as it is important here to convey everything in color
(19:51:08) Mans: https://i.imgur.com/d0VpoIU.png
(19:51:16) Mans: https://i.imgur.com/I4LLHNH.png
(19:51:48) Mans: Now let's talk about Digital Signatures
(19:52:10) Mans: Do not forget to open the screenshots above there is text
(19:52:39) Mans: So let's go back again to our VeraCrypt how to find out that the site is truly official and the software comes from the developer.
(19:53:20) Mans: A simple and rather tricky way to find an official site is to find software on Wikipedia and follow the link to the official software site there.
(19:53:29) Mans: However, we can also click on the whole castle and see a certificate there that it was issued
(19:53:51) Mans: https://puu.sh/xQAFM/e687c816ce.png
(19:54:06) Mans: Digital signature is the value of a hash. This is the result of a fixed-size hash function that is encrypted with the sender’s private key to create a digital signature or a signed message.
(19:54:34) Mans: From a technical point of view, a digital signature is a mark confirming the person who signed the message. This is the issuance of a guarantee for an object that was signed with its help.
(19:54:46) Mans: For clarity, what is a digital signature, open a screenshot (https://puu.sh/xQAFM/e687c816ce.png) and look at Signing
(19:54:58) Mans: Signing: What you can see in the infographic above, but based on our file, which we are parsing
(19:55:50) Mans: Hash Algorithm> Hash Value (6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e)> Private Key (see Asymmetric Encryption) = Digital Signature
(19:56:04) Mans: If the encryption object is digitally signed, then authentication is provided, because the object is encrypted using a private key, which only the owner of this private key can encrypt. This is authentication.
(19:56:41) Mans: It ensures the impossibility of non-repudiation, because, again, the sender’s private key was used. And it provides integrity as we have hash.
(19:57:16) Mans: A digital signature can be used, for example, in software. It can be used for drivers inside your operating system. It can be used for certificates and confirm that the signed objects come precisely from the person indicated in the certificate and that the data integrity of these objects has been preserved, that is, they have not undergone any changes.
(19:58:16) Mans: But how to make sure that the file really comes from the developer, in our case VeraCrypt, that is, in case of cheating, etc. you could say with 100% certainty that I used your software, and it was signed with your digital signature.
(19:58:50) Mans: https://puu.sh/xQB20/5166e3d0c8.gif - usually the certificate is checked automatically and you probably
(19:58:59) Mans: After watching the gif, we open the screenshot (https://puu.sh/xQB5Y/c840f4670d.png)
(19:59:28) Mans: What we see here. Certificate issued: to whom - IDRIX SARL, by whom - GlobalSign. So, GlobalSign is a company whose private key was used to digitally sign this program. GlobalSign reports: "This software is legitimate and has not been modified." It says here: "The certificate is intended to certify that the software comes from the software developer, the software is protected from modification after its release."
(20:00:18) Mans: To find out if this is a valid digital signature or not, we need to turn the original process in the opposite direction.
(20:00:30) Mans: That is, we open our screenshot again (https://puu.sh/xQAFM/e687c816ce.png)
(20:01:00) Mans: Check: What you can see in the infographic above, but based on our file, which we are parsing
(20:01:39) Mans: Signed message> Public key (this .asc file usually has the following form - https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc, the private key looks the same too) = Hash value, i.e. it should turn out 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e
(20:02:12) Mans: After that, this hash value will need to be verified with the hash indicated, that is, open the QuickHash program there, run our file and in the algorithm that it is presented to us, everything should match, if the file itself does not match , and there may be a trojan, or something to wiretap for us, or something else bad
(20:02:34) Mans: SHA-256: 6cff2cce52eb97321b1696f82e9ccefa7c80328d91c49bf10b49e3897677896e VeraCrypt Setup 1.21.exe
(20:03:10) Mans: I checked the received hash (https://puu.sh/xQBAz/8905455dd7.png) and as we can see in the screenshot they are identical therefore the files are legitimate and correspond to the digital signature of the developer, and this file is exactly comes from him.
(20:03:41) Mans: And this software in case of infection of your computer with WannaCry or some other bad virus, he will be guilty.
(20:04:27) Mans: For example, it’s like you would have denied as a child that they didn’t gobble up sweets, and your mother pokes evidence in your face, for example, a video recording and says, everything is written down for me, look here. And no matter how you turn away, that's what a digital signature does.
(20:04:53) Mans: Read a few times if you do not understand, and try to delve into this point is really important
(20:05:20) Mans: And what we saw directly on this screenshot (https://puu.sh/xQAFM/e687c816ce.png)
(20:05:58) Mans: This is because Windows verifies the certificate for authenticity, that really such a certificate is registered with such a number is all business.
(20:06:10) Mans: Let's draw an analogy to understand what Windows does when it writes these lines (https://puu.sh/xQBLa/604166ab6c.png) in the certificate
(20:06:38) Mans: You came to the bank with fake money, and they check the money through special solutions or devices, and then the bang and the paint is washed off, or watermarks do not appear and you are told that your bills do not correspond and this fake, so is Windows.
(20:07:27) Mans: That is, if someone else rewrote all the certificate data and made a copy of the certificate for signing, with such data, it would not correspond to reality well - this is a more complicated topic, but I think it’s clear.
(20:07:49) Mans: And if the verification fails, you usually see this warning (https://puu.sh/xQC61/ef80678f6b.png)
(20:08:16) Mans: This means that the file does not have a digital signature or Windows (remember the bank employee) does not trust this digital signature (and in the case of the bank employee, it does not trust in your banknote) you can I’ve described the method above (and the bank employee can also check it on his device or there by applying solutions).
(20:09:19) Mans: In Linux, this is simple, since you just don’t install proprietary software, since all software is usually installed from official repositories, where all the checks go through, you can find out more what a repository is and other things here
(20:09:41) Mans: Write this article as your homework for self study
(20:10:18) Mans: Let’s go through this material again, because I’m sure for some it all may seem rather difficult to understand.
(20:10:25) Mans: https://puu.sh/xQAFM/e687c816ce.png - watch signing
(20:11:00) Mans: So, the value of the hash (of the program itself, that is, if the dude himself drove it through QuciHash), which was encrypted using the private key (his personal key, his personal fingerprint on the network, so to speak) of the sender or software release. This is a digital signature.
(20:11:11) Mans: It provides authentication, non-repudiation, and integrity. And if you encrypt something and in addition provide it with a digital signature, then you can achieve confidentiality along with authentication, non-repudiation and integrity.
(20:11:51) Mans: Digital signatures verify that a program or anything else is received from a specific person or publisher, and they protect the software or messages from modifying them after they have been published or sent.
(20:12:04) Mans: On this I think we figured out the digital signatures.
(20:12:52) Mans: On my own I’ll add you have a great video that I recorded for you there is a certificate and key hash check
(20:12:58) Mans: if you watched it, you should understand what it was about, I tried to drive and show with the mouse there. So I think there should be no difficulties in this aspect
Let's move on to End-to-End Encryption (E2EE)
(20:13:22) Mans: End-to-end encryption is that the data is encrypted by the sender and decrypted only by the recipient. If you want to avoid tracking, mass surveillance, hackers and so on, then you need this type of encryption of the transmitted data.
(20:13:51) Mans: Examples of end-to-end encryption technology are such things as PGP, S / MIME, OTR, which stands for “off the record” (Russian “not for recording”), ZRTP, what stands for Z in the RTP protocol, as well as SSL and TLS, implemented correctly, all of this can be used as end-to-end encryption.
(20:14:37) Mans: Companies that develop software that uses end-to-end encryption and zero-disclosure systems cannot disclose details of the exchange of data to your enemies, even under duress, even if they themselves wanted to. This is the advantage of zero-disclosure end-to-end encryption.
(20:14:52) Mans: End-to-end encryption provides protection during data transfer, but it is obvious that it cannot protect data after receiving it. Next you need another protection mechanism. Use end-to-end encryption wherever possible.
(20:15:37) Mans: Using secure HTTPS on all websites is becoming increasingly necessary, regardless of the type of data transferred.
(20:16:19) Mans: Let me show you what END-TO-END encryption is for example with websites
(20:16:26) Mans: This is a digital certificate, the same as a digital signature, there are a number of differences, there are certification authorities, etc. you usually don’t come across this; I won’t describe who is interested in google “Key Certification Authorities and HTTPS” and “Digital certificates”
(20:16:31) Mans: https://i.imgur.com/vu8CtAA.png
(20:16:35) Mans: https://i.imgur.com/b5keJaP.png
(20:17:28) Mans: A green lock in a URL or HTTPS means that your ISP or, let's say, the government, they can only track the target domain. What does it mean?
(20:18:07) Mans: Let's say an attacker is located between us and Google in the same way as in the case of sending a message in the infographic above. He will not be able to find out exactly what I was looking for, because this is the end (or subscription from English end-to-end) encryption between my browser and server.
(20:18:47) Mans: Let's look at a visual example and see what the provider can find out about us.
(20:18:52) Mans: First, we will use an example of an unencrypted connection using an HTTP connection.
(20:19:21) Mans: HTTP, HyperText Transfer Protocol - a widespread data transfer protocol, originally intended for the transfer of hypertext documents (that is, when you click on a word in an article, go to another web page).
(20:19:30) Mans: By default, the HTTP protocol uses TCP port 80.
(20:19:57) Mans: For the screenshots below, I will use the program for analyzing WireShark network traffic.
(20:20:32) Mans: For the experiment, I took a site based on the uznayvse.ru HTTP protocol after I click on the link, the request from the site will be displayed in the WireShark program window under the number 1-n, but let's look right away for what each program window for better assimilation of material.
(20:20:35) Mans: https://puu.sh/xxprc/f66caaecd9.png
(20:20:45) Mans: 1. This area is called Packet List - in it you can see which server is exchanging data, the protocol that is used and general information about frames.
(20:21:26) Mans: 2. The next area is called Packet Details - it displays the details of the packages that were selected in the Packet List.
(20:21:52) Mans: 3. And the last area is called Packet Bite - it displays the 16th display of this package, also displays an offset in the form of a ask, and also if we right-click on this area we can see how all this will be ironed in bits.
(20:22:12) Mans: This is what happens when you click on a link, all traffic data is immediately filtered
(20:22:19) Mans: https://i.imgur.com/TJvYxzB.gif
(20:22:40) Mans: Let's take a look at the received packets in more detail and learn more about tracking, analysis, etc.
(20:22:48) Mans: https://i.imgur.com/FVVoABb.jpg
(20:23:04) Mans: 1. Forwarded packets by our filter
(20:23:21) Mans: 2. The target domain, that is, the main page of the site without any heresy after the slash "/"
(20:23:30) Mans: 3. User agent, that is, browser settings, operating system version and other parameters ..
(20:23:53) Mans: 4. Referer - indicates from which page we went to this page since we went from a protected page, there were many redirected packages, in the end we referred to ourselves from the same page if For example, I switched from the main page of the site to this one in the referee would be the main page of the site. (see the screenshot below with an explanation to fully understand the meaning).
(20:24:20) Mans: 5. Cookies, or session) Here your password has arrived) You can log into your session as a logged in user and rummage) from a logged in user that is you
(20:24:37) Mans: 6. Well, this is the final page where we are
(20:24:46) Mans: BTW: If you think this is the ceiling that this software can do, then I'm afraid to upset you; this is just the tip of the iceberg
(20:26:09) Mans: https://i.imgur.com/75Zcarg.jpg
(20:26:21) Mans: In order for you to have no doubts after reading, I decided to parse these points by going from one page of the website to another and as we can see:
(20:27:01) Mans: 1. Refer - indicates the previous page that we analyzed from it we came to this page
(20:27:08) Mans: 2. What page are we on now?
(20:27:53) Mans: As we can see on its own, the HTTP protocol does not imply the use of encryption to transmit information. However, for HTTP there is a common extension that implements the packaging of transmitted data in the SSL or TLS cryptographic protocol.
(20:28:23) Mans: The name of this extension is HTTPS (HyperText Transfer Protocol Secure). For HTTPS connections, TCP port 443 is usually used. HTTPS is widely used to protect information from interception, and also, as a rule, provides protection against man-in-the-middle attacks if the certificate is verified on the client, and however, the private key of the certificate was not compromised, the user did not confirm the use of the unsigned certificate, and certificates of the certificate authority of the attacker were not implemented on the user's computer.
(20:29:15) Mans: https://i.imgur.com/IApps4z.jpg
(20:29:35) Mans: 1. Google - has a secure HTTPS connection protocol
(20:29:45) Mans: 2. Data request packet over the secure HTTPS protocol
(20:29:55) Mans: 3. As we see in the package details we only have Encrypted Application Data: 0000000000000016eec0818f25b5eb9bd4690883155a74b6 ...
(20:30:21) Mans: we have no other (additional) information that is contained on web pages or where the person is located
(20:30:31) Mans: 4. Since we have a 2-digit IP address with which server the packet is exchanged, we look at what this IP address is and based on the data we can conclude that the person located on the Google landing page.
(20:31:05) Mans: Essentially, using HTTPS is safe, and as I said earlier, that: Companies that develop software that uses end-to-end encryption and zero-disclosure systems cannot disclose details of the exchange of data to your enemies, even under duress, even if they themselves wanted it. This is the advantage of zero-disclosure end-to-end encryption.
SSLStrip - remove HTTPS
(20:31:27) Mans: But also based on this there are attacks to remove SSL, let's quickly figure out what it is ??
(20:32:27) Mans: Any attacker who can be located between the source and destination of traffic, in our case COMPUTER and SERVER, this attacker can make an attack of the form “Man in the middle” (Russian “Man in the middle”). One of these attacks, which requires very small skills and resources, is called SSL stripping (rus. "Removing SSL"). The attacker acts as a proxy here and replaces the encrypted HTTPS connections with HTTP connections.
(20:32:34) Mans: Let's open a screenshot and see what it is https://puu.sh/xQFWy/edbaf90d7a.png
(20:32:53) Mans: 1. As we can see, we are sending a request with http
(20:33:18) Mans: 2. It goes through SSLStrip and does not change, it also goes further
(20:33:29) Mans: 3. The server sees that you came through an insecure protocol without encryption and changes it to secure using encryption, that is, HTTPS (that is, 301 or 302 redirects are performed - this is configured on the server)
(20:33:57) Mans: 4. SSLStrip sees that the server has sent you a request in HTTPS (see clause 3) and automatically changes it to insecure as well, that is, to HTTP thereby removing TLS encryption
(20:34:28) Mans: SSLStrip here proxies the response from the web server, simulating your browser, and sends you the HTTP version of the site back. The server will never notice the differences.
(20:35:09) Mans: Since the server thinks that you are communicating over the secure HTTPS protocol, since it does not see that the attacker (SSLStrip) has changed the protocol to unsafe for you
(20:36:29) Mans: And what you see is almost indistinguishable from a genuine site. Let me show you what the website should look like.
(20:37:24) Mans: https://puu.sh/xQHeu/014bf0515b.png
(20:38:43) Mans: 1. We see a secure version of carder.market, that is, with end-to-end encryption
(20:38:52) Mans: 2. Now I have done HTTPS-stripping (SSL removal - SSLStrip). And this is the version of the site after the attack.
(20:39:56) Mans: As you can see, the difference is that you now do not have HTTPS and most people will not notice this difference. And as I said, the server will never notice that something is wrong, because it communicates with a proxy that behaves just like you would.
(20:40:02) Mans: https://i.imgur.com/i0Hr9em.png
(20:40:07) Mans: https://i.imgur.com/SHYhxql.png
(20:40:12) Mans: https://i.imgur.com/qLqO8qp.jpg
(20:41:20) Mans: The text above, and I advise you to read it, read it this way, since highlighting with color will help you easier to master the material
(20:41:57) Mans: https://youtu.be/0wpxrPD90a4 - 1 Part MITM. How is the MITM attack carried out.
(20:42:10) Mans: https://youtu.be/quZjKlrmCvQ - 2 Part of MITM. We attack the network with MITM methods
Epilogue
(20:43:40) Mans: Encryption is a fantastic tool for privacy, security and anonymity, it is a tool that really works and attackers (hackers) will try to avoid it.
(20:43:56) Mans: In simple terms .. No fool would ever make a direct attack on encryption.
(20:44:12) Mans: As the saying goes, a smart mountain will not go, a smart mountain will go around. And you should keep that in mind. And all they can do is find weaknesses.
(20:44:23) Mans: Remember the case of Ross Ulbricht, the creator of the Silk Road, he was caught on a captcha. That is, on a simple little thing, since people forget about the most important thing, namely about the simplest things .. Azah so to speak.
(20:44:52) Mans: That is, no one will ever crack your passwords, etc. it is much easier for them to install a keylogger on your system, or send you a link to a site with an infected JS script and perform an attack, or a PDF file, etc. .
(20:45:17) Mans: But as I said encryption, no one will ever want to break. Attackers will simply try to circumvent encryption. You should keep this in mind.
(20:45:31) Mans: Security is the so-called weak link phenomenon. It is as strong as the weakest link in the chain. Strong encryption is often a strong link.
(20:46:00) Mans: We human beings are usually the weakest link. As they say my tongue is my enemy
(20:46:38) Mans: At this, my lecture and my Epilogue came to its logical conclusion!
(20:46:50) Mans: Now set? and drove over
(20:47:22) Valan: "As we can see, the hash amount of the downloaded file corresponds to the hash amount given to us from the official Microsoft website"
But we already downloaded the file on our laptop, could we bring the virus along with the downloaded file?
How to check without downloading a file?
(20:50:06) Mans: Valan, so as not to bring the virus to the PC, we always download files from off sources. We never download files from obscure sites. If we are afraid to download the file to the base, then for a start we download to the virtual machine, everything is checked there, and only then we transfer it to the PC.
(20:50:20) xevious: Can I get these photos in English? It would help a lot more.
(20:51:24) Mans: xevious, of course you can redo it, but it will take some time.
(20:51:45) Mans: let's think about how to make it more convenient for you.
(20:51:50) bloomberg: as I understand it, in the asymmetric sender and the recipient exchange public keys and already decrypt the message with their own private keys? There are no questions as such, because you still need to read and sort through the shelves, the only other question is how much Does this come in handy for us?
(20:52:51) xevious: any method on how? Because I can not copy text from a PNG file. If someone printed this, I could translate it and make photoshop so that we had its English version.
(20:53:14) Mans: There is no one in the hole itself, but understanding how security works and that you don’t need to download all the crap to your PC, this will come in handy. Let me give you an example.
(20:53:49) BruseLee: xevious: try google translator from photo
(20:54:42) Valan: In order to find the original hash, for example, you need to find the offsite via Wikipedia, write a request through the operator in Google with the addition of Hash?
(20:55:57) Mans: Karj brings quick money, that an ordinary person at regular work can earn in a year or two, you can earn in a month. But you keep almost all of the coin in the BTC, and so an understanding of these fundamentals will save you from the fact that you will not get a stilak and your blood grandmothers will not be blown away. We had people. He worked fine, but he knew the dicks of security, and as a result, about 50 cue balls were poured from him when they drove a stylak onto him. And merged in the year 17, when the cue ball was worth it. I think understanding of this will come to you over time.
(20:56:17) Mans: Valan, you wait now for your turn, do not immediately duplicate the question.
(20:56:51) kon_sta_1: What should I do and does it mean that I’m attacked, and my home Internet is compromised if, when I try to access carder.market, I’m already faced with an insecure connection?
(20:57:35) kon_sta_1: At the same time, my Google page is still protected or other https pages
(20:58:46) Mans: kon_sta_1, no, of course. it’s just that when you enter the VVH you find yourself in a mirror that goes without an SSL certificate. there is nothing to worry about. This happens when they tell us and we don’t always have time to throw encryption on the mirror.
(20:59:45) Serrwrtet: In what cases should WireShark be used in our work? Examples?
(21:02:47) Mans: Serrwrtet, it is precisely in the kart that there is no need for this software. It is to monitor traffic. This can come in handy when writing software or parsers / checkers.
(21:03:04) Mans: Valan, that's right.
(21:03:12) Kto-to: Kak ponyat 'chto ya chto-to podcepil. Kak proverit 'i chto delat'
(21:05:22) Mans: Kto-to, you won’t understand it until the grandmas leave the card or the anti-virus starts to sound the alarm. We put an antivirus when a trojan gets into blackout, you will find out about it. What to do, clean the OS completely and do not download anything on the basis.
(21:05:47) Mans: Remember, all files start from TXT and ending with pictures we open only on the virtual.
(21:05:58) Mans: Since all the gluings are small
(21:06:09) Reimon: Can a provider conduct a man attack in the middle? I'm talking about the law of Spring. SORM.
(21:07:57) Mans: Reimon, SORM - I think they can do anything. because of this, we always use vpn.
(21:08:18) xevious: How does this work for people living outside of Russia? Should I always use vpn when entering the forum or does it not matter. Maybe because the Russian site is suspicious
(21:08:32) Devi Johns: Regarding the keylogger, like Neo Spy, how to determine what it costs? Suppose someone puts it and without a special password does not open it. Also encryption in fact.
(21:09:36) Devi Johns: I mean that such programs are often covered by programs from the developer.
(21:11:06) Mans: xevious, for all people who are connected with darknet and no matter where they live! the main rule is to ensure the safety of your workplace. We always use VPN. Starting from surfing on our forums and ending with driving in and working in other directions.
(21:14:01) Reimon: Is it safe to enter tor through browser? Passwords do not steal on the last node?
(21:14:26) Mans: Devi Johns, monitoring the task manager. there should this process be visible.
(21:14:56) BruseLee: Reimon: I advise you to put an authenticator)
(21:15:42) kon_sta_1: Which antivirus do you recommend?
You can ask for a link to a verified source
(21:16:31) Mans: kon_sta_1 https://www.esetnod32.ru/ https://ru.malwarebytes.com/
work out normally
(21:17:56) Rarka_: please remind me which good link you haven’t saved since the first lecture (
(21:20:21) Mans: Rarka_ all the info is in the first posts. https://mullvad.net/en/
(21:20:32) jayall87: 1. po VPN: kak proishodit zashita dannyh? provaider vse ravno vidit paketi kotorie uhodyat v storonniy server i prihodyat iz nego. mozhno nemnogo podrobnee please
i 2: pri karzhe kakim inetom polzovat'sya? domashnim wifi ili s levoy sim? (21:24:43) Mans
jayall87 -https: //wifigid.ru/poleznoe-i-interesnoe/vpn read. everything will be clear here. (21:25:14) Mans: You can use a wire, BUT! do not forget about vpn and socks.
(21:25:43) Mans: So she is completely in English. you need a ru version.
(21:26:22) Mans: XP builds on VBox
Assembly for communication and surfing (RU language)
https://drive.google.com/open?id=0B4_swz4ZHnoja2pPQzVyeF91M0E
(21:26:45) Serrwrtet: Is it safe to have a shared folder between the host and the virtual machine?
(21:27:11) Mans: Serrwrtet, I would not advise. The total buffer for your eyes should be enough.
(21:27:25) Boat: 1.How can I find out if a VPN seller keeps logs? 2. And if you use a wired Internet, from whom can I buy a flashed router?
(21:28:13) Mans: Boat: 1. You won’t know at all, just for conscience or to raise your own VPN, which definitely does not keep logs. 2. Yes, there are enough offers on the forum.
(21:29:05) xevious: Is there a way to delete everything and start all over again? If I used a new provider and after that only used vpn, I would be safe. Would that be my only option again being full anony?
(21:30:22) Mans: xevious, no, so this doesn't work. don't be paranoid! we buy vpn and quietly study \ work.
(21:32:49) Valan: If I’ve connected to my home waffle at least once without VPN, but haven’t done anything illegal yet, only later, is it still necessary to burn the hut and leave?
(21:33:46) Mans: Valan, it’s better to fly to the moon or Mars, they won’t find you there)) And of course not, we live and work as before without panic and fuss.
(21:35:04) Mans: no question
(21:35:09) Mans: Thank you all for sending!
(21:35:12) Mans: Till tomorrow
(21:35:17) Mans: now I’m throwing HW
(21:35:24) Mans: to the main
Last edited:
