Cryptool is a program that allows you to play with a bunch of difference methods of encryption from basic to modern. It also has analysis functions that allows you to break old ciphers as well. I've only used version 1 so I'm not sure about the other versions.
I am also seriously interested in cryptography. I'm no expert, but I want to be some day and have taken some steps to get there.
My advice is to go to school if you don't have the math. Find an accredited community college in your area and just go. You'll get through it faster than you think. I started in remedial math about four years ago and now I'm finishing calc III. It's worth it and it went by so fast. I'm studying electrical engineering, but eventually I'll take the mathematics courses which will prepare me to properly analyze modern ciphers. That'll be soon now that I've finished calc.
I think a good approach is to read papers and play with ciphers as you go, to stay interested. You may want to take a look at this: https://www.schneier.com/paper-self-study.pdf
And this: https://www.cryptool.org/en/
Personally, I'm completely fascinated by block ciphers. I performed an AES128 encryption and decryption by hand, which really had an impact on me. It's amazing to see the patterns disappear and reappear, and you get a sense for where the security lies in these algorithms. I then spent some time trying to make toy hand ciphers, studying the mechanisms in the VIC cipher and comparing to techniques used in modern ciphers. I got to think about the reasons for having a key schedule, s-boxes, and various non-linear combination techniques. I read Claude Shannon's papers and became fascinated with information theory. I started to write programs in C to generate and analyze ciphertext as I played with various ideas. All these things have kept me thinking about crypto while taking classes and being surrounded by people who have never even heard of it.
That's a big hurt. It's strange to be so completely obsessed over something most people have never even heard of. You have to have little crypto projects on the side so you don't get lost.
Also another random tip--get access to journals. Either go through a local school or make a friend who has access.
You might also look at different tools (msieve on the command line or in the desktop program CrypTool 2 or in CrypTool-Online (https://www.cryptool.org/en/cto-highlights/msieve); cado-nfs on the commandline in Linix; ...) and methods (quadratic sieve; general number field sieve; ...) and see how good and fast they are for factoring big compound numbers. These compund numbers are used as modul in the asymmetric encryption method RSA. Being able to factoring such a number means breaking the RSA ciphertext which was build using this modul.
Simon Singh -- The Code Book
As far as tools go, you always need some knowledge about how crypto works to interpret their results, otherwise they might be confusing or even misleading.
and last and very much least, you'll have to know about dcode.fr. There are just too many people using it to ignore it.
Edit: thanks for pointing out the error
I would recommend running Kali inside a VM, there's no downside. I make frequent use of snapshots if I fuck something up, I can quickly go back to a good state.
I would have a few decompilers handy, CFR (Java) and ILSpy (.NET) are good.
Check out CrypTool for some basic crypto.
Sometimes challenges supply a .pcap file for analysis, so have Wireshark.
You'll probably have to write some amount of code, so have editors and compilers ready.
Make sure you have various decompression libraries, be ready to decrypt xz, LZMA, etc.
Setup a good way to communicate and send links, info, etc. IRC and slack work. Just go claim some random channel on Freenode.
Fortunately, Kali comes with almost everything you would need, you just have to know it's there! Not everything is listed under the "Applications" menu.
My biggest recommendation would be to split up the problems among everyone. Don't be afraid to bail and move on to something new if you get stuck. Just tell everyone what you're working on and see if they have any useful information.
Stuck it into a monalphabetic substitution cipher brute-force/frequency analysis script, let it run, copied and pasted the output.
https://www.cryptool.org/en/cryptool2-en is good for learning about these things. It's not what I used, but I just tested and it can do the same thing easily. It has some good explanations and tutorials about the logic used.
Cryptool has an archive of older builds, some as old as 2011, if you'd like to find that version that handled Enigma better.
In addition to the written literature there is software used to help the instructors and to help the self-learners. Most widespreaded free elearning software is from the open-source project CrypTool. They offer 4 variants of their software:
According to https://www.cryptool.org/en/documentation/functionvolume these variants offer more than 300 different "function groups" concerning cryptography.
Breaks the algorithms down into functional blocks so you can see how the data changes at each step. Also, has some legacy stuff the last time I used it. Easy way to start looking into how crypto standards work.
I don't speak Spanish. I've tried deciphering it as a monoalphabetic substitution with CrypTool.
Does this make sense?
NÓQUESDEMADEMONESSACIALATIVERÁLOSPRIMER
You might also have a look at www.cryptool.org
- The tools there (CrypTool 1, CrypTool 2, JavaCrypTool) have an exhaustive online help and you can playfully experience a lot of the cryptographic and cryptanalytic methods. The online version called CTO is not as extensive as the downloadable desktop versions.
- The CrypTool book (https://www.cryptool.org/en/documentation/ctbook). however, it's only for beginners and maybe undergraduates, but gives again hints how to apply it in software (CrypTool or SageMath).
An open-source implementation of secret sharing using the Chinese remainder theorem (CRT) is contained in the e-learning program CrypTool 1 (CT1). There you find it by the following menu path: Indiv. Procedures \ Chinese Remainder Theorem Applications \ Secret Sharing by CRT.
The source-code and the application CT1 can be downloaded from here:
https://www.cryptool.org/en/ct1-downloads
Within CT1 there are two other applications of the CRT (all are implemented in C++):
- modular forward and backward transformation
- a planetary motion question
Unlike most resources, the latest chapter of the Cryptool book starts from zero and covers all the linear algebra background required before introducing lattices: https://www.cryptool.org/en/ctp-documentation/ctbook
I believe it's made by educators with the goal of teaching crypto, so yes! https://www.cryptool.org/en/
I have used an old version and assumed the new version was the same, but maybe things changed and I should read the instructions...
I've used other great online enigma crackers over the years, but all of my bookmarks are dead now. I don't get it.
Another amazing tool is Cryptocrack. It doesn't do Enigma, but lots of classical ciphers.
Devising your own cryptosystems can be entertaining but it has little, if any, pedagogical value. If you really want to learn cryptography, you need to start breaking real cryptosystems. No, you won't be able to break AES. So don't bother. However, you can break Vigenere and many other historical cryptosystems, including recent, real-world, computational encryption algorithms like DES. Start by installing cryptool and following any online guide for cracking Vigenere. Then move on to more difficult, historical encryption systems. Bruce Schneier has written an invaluable resource for teaching yourself cryptography -- Self-Study Course in Block Cipher Cryptanalysis. Even after you finish his course, you will not be ready to write the next AES. But you should at least be able to appreciate why writing the next AES is really hard.
If you want to learn about encryption and how to use it you can always just get CrypTool 2 and play around a bit. Its super easy, open source, free and a program developed specifically for both research and teaching people cryptography.
Instead of just reimplementing an algorithm and use it in a new application like a chat you will probably learn more, if you ask yourself some questions about the chosen topic in advance and then prepare your results for others in a didactical way where you also get feedback for your results.
So maybe you make a concrete evaluation of all the security of block cipher modes. You could start reading Phillip Rogaway's 150-page document from 2011 (http://web.cs.ucdavis.edu/~rogaway/papers/modes.pdf) and implement these and show the advantages and disadvantages in detail and with examples. You could ask yourself which application and protocal uses which mode and why. One advantage of this task is, that most of the algorithms and their modes are already available (which saves implementation time), but a complete and easy-to-read and didactically prepared comparison of the block modes is not available.
If you do so, this would be a very good task also for integrating your results into either CrypTool 2 or JavaCrypTool. These are widely used open-source e-learning frameworks for cryptology. The CrypTool project (www.cryptool.org) creates the most widespread free e-learning software for cryptography and cryptanalysis worldwide with more than 10,000 downloads of their frameworks per month. It's used at many schools and universities, and many students and lecturers are participating.
If you like to implement and didactically prepare for CrypTool another task than the block cipher modes you just could contact them (https://www.cryptool.org/en/ctp-contact) and discuss alternatives. My experience with them was good and supportive.
meh, i used to think that too till i actually started studying Cryptography (by myself, no university) The links to those sites will be below, i won't post NPP darkcrypt as most would find it shady and not trustworthy, so i will post the others... https://www.cryptool.org/en/ct2-downloads https://www.openssl.org/source/
I forgot the other good decryption software, i will search for them tomorrow...
> What are the max lengths for a username and password?
The only limitation is the MSSQL Server. This combination of user and password are the credentials that the software use to access it's DB.
Should I create with random chars? any desired length? I've tried with Cryptool but couldn't find anything.
EDIT: Seems that it concatenates the user + password and use part of the user to encode the password maybe?
If you had asked 2 years ago I could give you links to a bunch of great online Enigma crackers, but for whatever reason every one of them has been deleted. WTF? I wonder if the wayback machine saves java applets.
However, Cryptool2 is pretty good. It used to be way better, allowing you to use cribs if you have any, but it could still work.