0x01 前言
题目是HTB Cyber Apocalypse 2021的Phase Stream 3,主要为密钥重用导致AES-CTR的安全性问题。
流加密重用攻击,也常称为Stream Cipher Reuse Attack,指多次使用相同的流加密密钥可导致明文泄露。
0x02 解题过程
题目:HTB Cyber Apocalypse 2021 - Phase Stream 3
题目描述:Description: The aliens have learned the stupidity of their misunderstanding of Kerckhoffs’s principle. Now they’re going to use a well-known stream cipher (AES in CTR mode) with a strong key. And they’ll happily give us poor humans the source because they’re so confident it’s secure!
首先查看加密代码:
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
KEY = os.urandom(16)
def encrypt(plaintext):
cipher = AES.new(KEY, AES.MODE_CTR, counter=Counter.new(128))
ciphertext = cipher.encrypt(plaintext)
return ciphertext.hex()
test = b"No right of private conversation was enumerated in the Constitution. I don't suppose it occurred to anyone at the time that it could be prevented."
print(encrypt(test))
with open('flag.txt', 'rb') as f:
flag = f.read().strip()
print(encrypt(flag))
#464851522838603926f4422a4ca6d81b02f351b454e6f968a324fcc77da30cf979eec57c8675de3bb92f6c21730607066226780a8d4539fcf67f9f5589d150a6c7867140b5a63de2971dc209f480c270882194f288167ed910b64cf627ea6392456fa1b648afd0b239b59652baedc595d4f87634cf7ec4262f8c9581d7f56dc6f836cfe696518ce434ef4616431d4d1b361c
#4b6f25623a2d3b3833a8405557e7e83257d360a054c2ea
代码很简单,随机生成16位的key值并对test和flag进行AES-CTR加密,输出两段密文。
CTR模式中,每个分组对应一个逐次累加的计数器,并通过对计数器进行加密来生成密钥流。也就是说,最终的密文分组是通过将计数器加密得到的比特序列,与明文分组进行XOR而得到的。即:
C i p h e r t e x t 1 = P l a i n t e x t 1 ⊕ A E S ( k e y , I V )