Lab 3A Cyber Space Security ENGI59116

Sheridan College Institute of Technology and Advanced Learning

Faculty of Applied Science and Technology

Laboratory 3A
Data security using CrypTool
Student Name (s) Vrutti Tanna Student Number 991801664 Date 17th September 2024

Objectives:
This lab covers the fundamentals of the science of cryptography and use CrypTool to protect the
data and maintain the privacy of computer data in addition to protecting the data integrity.
Instructions:
 Download and use the following CrypTool 1.4.42 software package:
https://www.cryptool.org/en/ct1/downloads
To explain the principles of cryptography, there is a free online learning resource called
Cryptool. Information encryption is the subject of cryptography. Mathematics, computer
science, and engineering are just a few of the domains where cryptography is used.
Computer passwords, electronic commerce, and ATM machines are applications of
cryptography.
Encryption is a procedure to encrypt data by converting it from plain text, or information in
its natural form, to cipher text, which cannot be understood.
- Open the application after installation. You will find a description of Cryptool and its use in
the first worksheet. You can work with this opening example worksheet or create a new one
by selecting File, then New.
- Complete the following activities and provide your own answers to the questions:
1. Symmetric algorithms:
- Open a new worksheet and write the following text:
“Never underestimate the determination of a kid who is time-rich and cash-poor” is a
saying that has been printed on many images. The saying comes from the novel Little
Brother (2008) by Cory Doctorow.”
- select Encrypt/Decrypt from the Menu bar.
- Select the Caesar / ROT-13 algorithm by clicking Symmetric
- Enter a number value to set a key entry, then change the zero to a 3.
- Select "Encrypt"

1
Lab 3A Cyber Space Security ENGI59116

2
Lab 3A Cyber Space Security ENGI59116

Answer to the following questions (7 marks):

1. What features of the encrypted text can you figure out?

 The quality of the original text is dropped to three characters in the alphabet. N = Q,
e = h, and so on. It is a fundamental Caesar cipher type that shifts each letter of the
message by given number of their positions.
 This allows an attacker to partially learn the lengths of words and sentence structure
due to punctuation marks and spaces being preserved across encryption.
 The encryption is deterministic: the same plaintext letter will always be encrypted
to the same ciphertext letter repeatable so patterns in the plain text are preserved
(e.g., "kik" becomes "nlg", who" becomes = "zkr").

2. Do you believe it is simple to decrypt?

 Indeed, it is quite simple to break a Caesar cipher without having the key, even by
current computer standards. A brute force attack, which tries each of the 25
possible shifts in turn so as to very quickly reveal the plaintext.
 Even without computing power, a frequency analysis reveals the shifted amount by
analysing common letters (like 'e', 't', and 'a' in English) with their corresponding
counterparts.

3. Can you open the encrypted file without a computer?

 And it is possible to decrypt the file even without a computer by reverting each
letter back to its original letter at key far behind (in this case, 3), But it could get
tedious, especially for longer passages.

 Decryption by hand is of course also feasible for anyone with a basic

understanding of the Caesar cipher.

4. Why, in your opinion, does this algorithm no longer work as well as it did in the past?

 The Caesar cipher is in no way secure by a modern standard, due simply to its
simplicity. It can be very quickly decoded —hackable by brute force, pattern
recognition in a heat beat using computational tools.
 There are only 25 possible shifts that can be applied, which means very weak
protection by frequency analysis or brute-force attack.
 Current cryptographic needs call for more complex algorithms providing very
intricate protection (AES, RSA, etc.)

5. Re-encrypt the plain text using Vigenère classic symmetric technique.

3
Lab 3A Cyber Space Security ENGI59116

6. Re-encrypt the data using a Triple DES (ECB) modern symmetric technique.

7. From step 5 and 6, compare the tested algorithms with the Caesar encryption. Are the
tested encryption methods more/less effective? Which one do you recommend and
why?

4
Lab 3A Cyber Space Security ENGI59116

 Vigenère vs. Caesar

1. Caesar is much less secure than the Vigenère because of it being a

substitution cipher that can be quickly deciphered by checking patterns in
the repetitions whilst the keyword in vigenere helps add complexity
ASCADE. On the other hand, advanced methods such as frequency
analysis would still work for a short keyword in a modern computer.

 Triple DES vs. Caesar

1. Triple DES is much more secure than Caesar. A great plus is that it
employs several keys and encryption layers, which makes it almost
impossible to break without the exact decryption key. As a result, the
ciphertext shows no semblance to the word structure or any patterns —
this is a distinct advantage over more elementary ciphers.

 Vigenère vs. Triple DES

1. Triple DES is more secure than Vigenère. It is true that Vigenère would
be secure with a large, truly random key — but Triple DES provides
standard security level encryption and is more than good enough to keep
important client-data in web applications away from leaking into the
wrong hands.
2. DES has been violated in the past with some eye-boggling plaintext
recovery by Wyker; However, Triple DES is extremely secure at least
when you have access to only ciphertext — decryption without the key is
near impossible especially since this is ECB mode.

 Recommendation:

1. Now, if it were me, I would suggest to use Triple DES (ECB), since it
virtually provided way higher security compared to caesar and vigenère.
This does make Vigenère a bit resistant but it can still be attacked. 3DES
is widely used in numerous industries and offers strong protection
against cryptographic attacks.

2. Asymmetric algorithms (3 marks):

- select Encrypt/Decrypt from the Menu bar.
- Select the Asymmetric RSA encryption
- You must select the recipient (along with his public key) and press the Encrypt button to
begin the encryption. There is no PIN code required for the encryption.
5
Lab 3A Cyber Space Security ENGI59116

Question: Compared to symmetric encryption, how does this encryption look? which one is the
most secure. Describe why you think it is most secure.
Answer:
 The RSA (asymmetric) encrypted text is similar to the random and complex output a
Blowfish symmetric encrypted or Triple DES, but works a little differently:
 Length: RSA ciphertexts will almost always be longer than the original plaintext and
symmetric encryption outputs, because larger keysizes and mathematical operations are
used in RSA.
 Nondeterminism: Neither the symmetric or asymmetric encryption algorithm retains a
data pattern in the binary code of its ciphertext —making it so scrambling and patternless
that inference becomes near impossible without the associated key.
 Non-Reusability: Unlike symmetric encryption which uses a single key for both
encryption and decryption, RSA has two – one called the public and another known as
the private key.
 Public communication is done more securely in the case of RSA encryption against
traditional symmetric encryption, but depending on a host of factors, one cannot
outperform the other completely.
 Its use of two distinct keys (public for encryption, private for decryption) means that you
don't have to distribute the key to decrypt using RSA. So, unlike symmetric encryption
which demands both parties to use identical keys, it takes care of the problem of key
exposure during transmission.

6
Lab 3A Cyber Space Security ENGI59116

 Mathematical Security: The security of RSA relies on the difficulty of factoring large
prime numbers, a problem that is current computing power infeasible to solve. So RSA is
very safe from brute force attacks.
 Larger Key Size: In contrast to symmetric encryption (which typically ranges from 128 to
256 bits), RSA usually uses much larger key sizes like 2048 or 4096 bits. That key length
is what makes this encryption harder to break.