https://beardedmaker.com/wiki/index.php?action=history&feed=atom&title=Encryption
Encryption - Revision history
2026-04-26T16:04:01Z
Revision history for this page on the wiki
MediaWiki 1.27.4
https://beardedmaker.com/wiki/index.php?title=Encryption&diff=165&oldid=prev
Beard: Created page with "<pre> WEP - Wired Equivalent Privacy WPA - Wi-Fi Protected Access RC4 - stream encryption used by WEP. Cycles through 24 bit init vector. TKIP - Temporary Key Integrity Proto..."
2016-02-29T21:45:44Z
<p>Created page with "<pre> WEP - Wired Equivalent Privacy WPA - Wi-Fi Protected Access RC4 - stream encryption used by WEP. Cycles through 24 bit init vector. TKIP - Temporary Key Integrity Proto..."</p>
<p><b>New page</b></p><div><pre><br />
WEP - Wired Equivalent Privacy<br />
WPA - Wi-Fi Protected Access<br />
RC4 - stream encryption used by WEP. Cycles through 24 bit init vector. <br />
TKIP - Temporary Key Integrity Protocol. used in WPA. generates sequence of RC4 keys based on one master key. It changed that key every 10k packets. Also uses Message Integrity Code(MIC) to check if a packet has been tampered with. If so, it changes the key.<br />
DES - Data Encryption Standard. Block cipher using a symmetric-key algorithm using 56 bit key.<br />
DEA - Data Encryption Algorithm. Same as above, but specifically referring to the algorithm.<br />
AES-CCMP - Advanced Encryption Standard with Counter-Mode/CBC-MAC Protocol. 128, 192, and 256 bit.<br />
CBC - Cipher-Block Chaining<br />
TLS - Transport Layer Security. <br />
SHA - Secure Hash Algorithm. <br />
<br />
RSA - Algorithm for encryption and signing.<br />
DSA - Algorithm for signing. Preferable for signing, more secure, but slower.<br />
<br />
<br />
=======<br />
openssl<br />
=======<br />
<br />
openssl <encryption> <args><br />
encryption<br />
passwd - creates password hash<br />
aes-256-cbc - strong aes (good for files)<br />
genrsa <args> <bits>- generate rsa key<br />
-aes256<br />
-des3<br />
-out <file> - key output<br />
2048 - bits<br />
req - generate and manage certificates<br />
-x509 - generate an x509 certificate<br />
-new - use if key is already made<br />
-key - specify premade key<br />
-newkey rsa:1024 - type:bits (also dsa:file)<br />
-keyout key.pem - output private key<br />
-out cert.pem - output certificate<br />
-days <#> - days before cert expires<br />
s_server - listen<br />
-cert <file> - key/cert file<br />
-accept <port> - port number to accept<br />
s_client - connect<br />
-cert <file> - key/cert file<br />
-connect <host>:<port> - connect to server<br />
rand <opt> <#> - generate random bytes<br />
-base64<br />
-hex<br />
ciphers -v - list of ciphers<br />
prime <#> - test if # is prime<br />
-hex<br />
general args:<br />
-e - encrypt (default)<br />
-d - decrypt<br />
-k <passwd> - provide password<br />
-salt <string> - provide salt (not stated while decrypting)<br />
-a - output in base64 (makes viewable in text)<br />
-table - output as table<br />
<br />
<br />
<br />
examples:<br />
openssl passwd <password> <br />
openssl passwd -salt AB <password> -out file.txt<br />
echo 'hello world' | openssl aes-256-cbc -a -salt -k <password> #encrypt<br />
echo '<hash>' | openssl aes-256-cbc -a -d -k <password> #decrypt<br />
openssl aes-256-cbc -salt -in file1 -out file2<br />
<br />
generate certificate:<br />
openssl genrsa -aes256 -out key.pem 2048 #create private key<br />
openssl req -x509 -new -key key.pem >> key.pem #create certificate and append to private key<br />
<br />
encrypted tcp connection:<br />
openssl s_server -cert key.pem -accept <port> #server listen<br />
openssl s_client -cert key.pem -connect <host>:<port> #client connect<br />
<br />
<br />
=========<br />
checksums<br />
=========<br />
<br />
create/check checksum with:<br />
md5sum<br />
shasum<br />
sha1sum<br />
sha224sum<br />
sha256sum<br />
sha384sum<br />
sha512sum<br />
<br />
all of them work like:<br />
md5sum <file> > <checksum.txt> - create checksum<br />
md5sum -c <checksum.txt> - check the checksum (do while in dir of file)<br />
<br />
========<br />
cracking<br />
========<br />
<br />
john the ripper:<br />
<br />
NOTE: sometimes expects hashfile to be formatted as: username:hash. username can be anything.<br />
<br />
john - shows help plus supported algorithms<br />
john hashfile.txt - cracks hashes in file<br />
--single - single crack mode<br />
--wordlist=file - use dictionary attack with file as wordlist<br />
--incremental - use brute force. can use --incremental=mode where mode can be "All" or something else<br />
--test - benchmark system<br />
--users=user,user - users to crack form hashfile<br />
--salts=<#/-#><br />
--format=type - force hash type <br />
DES/BSDI/MD5/BF/AFS/LM/NT/mscash/NETLM/NETNTLM/bfegg/DOMINOSEC/lotus5/raw-MD5/raw-sha1/IPB2/nsldap/openssha/HDAA<br />
example:<br />
john --format=raw-MD5 hashfile.txt<br />
<br />
ophcrack:<br />
ophcrack -d /path/tables -t table1:table2 -w /path/config -l /path/outputfile <br />
-g - use gui<br />
-b - disable brute force<br />
-f /path/file - load hash from file instead of samfile (-w /path/config)<br />
<br />
lcrack:<br />
<br />
NOTE: sometimes expects hashfile to be formatted as: username:hash. username can be anything.<br />
<br />
lcrack <options> <file> - shows help plus supported algorithms<br />
-o <file> - output file<br />
-d <file> - wordlist file<br />
-t <file> - use table file<br />
-s <charset> - charset for incremental<br />
-s# <file> - charset from file<br />
-l <lenset> - length-set for incremental<br />
-x<mode>[+|-] : activate/deactivate specified mode<br />
l - login mode<br />
f - fast word list mode<br />
s - smart word list mode<br />
b - incremental (brute-force) mode<br />
-rand - randomized brute-force mode<br />
-m <method> - hash algorithm. default: null<br />
dom/md4/md5/nt4/null/sha1<br />
example:<br />
lcrack -m md5 -xb+ hashfile.txt<br />
<br />
<br />
</pre></div>
Beard