# Encryption
## Intro
- From rfc4949:
    - Encryption: cryptographic (mathematical) transformation of data into a 
        different form that conceals the data's original meaning and prevents 
        the original form from being used.
    - Decryption: a transformation that restores encrypted data to its original form.
- In cryptography, we start with the unencrypted data, referred to as `plaintext`. 
    - `Plaintext` is encrypted into `ciphertext`.
    - `Ciphertext` will in turn (usually) be decrypted back into usable `plaintext`. 

## Types of Cryptographic Algorithms
- Symmetric Encryption: Uses a single key for both encryption and decryption.
    - used for privacy and confidentiality.
- Asymmetric Encryption: Uses one key for encryption and another for decryption. 
    - used for authentication, key exchange ...

## Demos: Using Cryptography
### Symmetric Encryption (AES)

### Encryption

In [4]:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

data = b'M7_P@55w04D'

session_key = get_random_bytes(16)
cipher = AES.new(session_key, AES.MODE_EAX)
ciphertext, tag = cipher.encrypt_and_digest(data)
nonce = cipher.nonce
print('Session Key: ', str(session_key))
print('CipherText: ', str(ciphertext))


Session Key:  b'\xae\x83\x11\xc4sx\x83\x15\xb2\xc9<t$\xe4Z\x9d'
CipherText:  b'\x9e\x0b\x82\xb8\xa6Q\x1a}\xae\x0f3'


### Decryption

In [5]:
from Crypto.Cipher import AES

cipher = AES.new(session_key, AES.MODE_EAX, nonce)
data = cipher.decrypt_and_verify(ciphertext, tag)
print('Plaintext: ', data)


Plaintext:  b'M7_P@55w04D'


### Asymmetric Encryption (RSA)

### Key Generation

In [6]:
from Crypto.PublicKey import RSA

key = RSA.generate(2048)
# sender
private_key = key
str_private_key = private_key.export_key()

# recipient
public_key = key.publickey()
str_public_key = public_key.export_key()

print('\n Private Key: ', private_key, str_private_key)
print('\n Public Key: ', public_key, str_public_key)



 Private Key:  Private RSA key at 0x7FA6941BBB80 b'-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA33cNIHuGT97wuZ66nMTbvtNhnkogn1NpkvreVOV9Up50qmlM\n+ATY+6BxRfcluNbb38BMAzwL94J6LmbbdA6SeZVjf8Uu6KWxPs3jz/fNDaNUygBx\n8Tky3O0AfxRW2YiBYcqx81dLNKlnop3FBYqNLJm1mqotrsKugvsKNVd1Y9+BApPn\nwUEJ4o7y2HuUMOKL1e8gX/PL2RzakVIe7Sv2agnOt7csZSFZSGmGz1w4pBz7K1gR\nPu7iWpKvghDGb//3iYn67Wm3cTQfsfBko6AiTGJU8n9cKUD/sd38rXU603KHFkjf\nSlwWcT2cTNZSjoNLAdsJMUICO0L4e6pLi4PEfQIDAQABAoIBADSMNz8DLRNNFohf\npfxFYnMeG99wCPnOUI4qheuqx2yNLFwCRQIxiaCqGtjcBDfR9oRIINfF3/6E5RxS\nPZqt7o2+rlYWVTCJ/gMJwV9fIw3o8YBK2IBj9ezzomE/tCiVK++GDZBuX5XznBYm\nSXVDHm11e7nx+KoWx5ivVbgzZ7xjGtEv1NZSmPAGNQ3d6vIodGWcTVo3+Hq6RhQy\noAvekV+mU+gXKbBUM4SuWKO0Pa1+sGcJ+g/j5Lf9qYHnkTFIIOb3smRc5/QDPtrz\n4ZzXQTV1EFVp3dTD04BlKJllvxqxEedXvH4qQV0g3/SGvrxv+/iaQE4S/ImnL3bA\n6Fhhb0ECgYEA5tgTiGglew6d8Vyu9ePpf/CqpuhJ0YEn+/3ZJfSRU11Qxd4UezCQ\ncv1J3UCrj2wrrTpBjiiNoo6tj2qOaTdgdWk96AsmmsLBenYegt67/vduybadZ5Ky\nbqyujTcZXCYR7lgAOraDgRUC1BNTnNNlB+z2+TkDVBENW/6ndufjD9ECg

### Example: Sending Session Keys

### Encryption (Sender's End)

In [7]:
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
from json import dumps

# Encrypt Key
cipher_rsa = PKCS1_OAEP.new(public_key)
enc_session_key = cipher_rsa.encrypt(session_key)

# Encrypt Message
data = b"Today's lottery winning numbers are: 30,36,4,24,81"
cipher_aes = AES.new(session_key, AES.MODE_EAX)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)
nonce = cipher_aes.nonce

# Print Sent (Encrypted) Message
message_sent = {"Secret": str(ciphertext), "Key": str(
    enc_session_key), "Nonce": str(nonce)}
print(dumps(message_sent, indent=4, sort_keys=True))


{
    "Key": "b'0\\xf9\\x16\\x17\\xa9\\x8e\\xdaY8\\xd4\\xa6\\x0b+\\xa3\\x9f\\x97\\x1b9C\\x0e\\x926\\x8f~\\xe8dB\\xb9\\xa4h\\x83\\x9a\\xf2\\xa96\\xa8\\xde\\x87l\\xc9\\xa7\\xeeG\\xc3\\x1b5\\xe6p\\xc9\\x15`\\xcdc\\xdeM\\xdaz\\xc2W\\xc0\\xd18;\\xdfET#\\xf1R\\x15\\xcf\\x11D\\xed\\xa3c\\\\\\xbf6\\x89\\x88\\x95\\xa7\\x04-\\x194\\xa7\\x8b<\\x9b\\x80:[6\\xc4\\xbc\\xfa.NN\\xa1Z\\x14\\xc9_\\xccT\\xf8A\\x18\\x99\\x03CD\\xbdT\\xc3c\\xfcu[Z\\xee\\xdem\\xaf\\xb3\\xdck\\x1c9\\xd9_P\\x85<\\t6J\\xa8=\\x8c\\xb4\\xe1\\xc0\\xfar>\\x80\\xecN8K\\x004t\\xa4\\xd4U\\xd3T\\x90\\x06\\x17\\xcf\\'\\x16\\x0b\\xbc\\xbe\\xcfrR\\xb3\\xc5\\xadVc\\x9e\\x01Y\\\\\\x04\\xa3\\xda\\xfc}\\xf1\\x88H\\xe5:~O\\xbe\\xd8\\x0e\\xa7\\xad\\xa3e\\xac\\x92\\xb7\\xca\\xf3\\x93TI\\xc4\\xf7F\\x91\\xbd\\x08\\xff\\x9f\"\\x00Y*\\xde\\x15v\\x91\\xb9\\x19\\x91:\\x15\\xf3\\xc7\\x0f\\xcf%%\\xd3b\\xc6b\\xb4\\x83L\\x0b\\xc7\\x96\\xf4\\xfd\\r\\xe8/\\x88o\\x039'",
    "Nonce": "b'\\x04|\\xb8\\x1ay\\xd1\\xed&\\xcc%\\x90\\xab\\xd8\\xb1m;'",
    "Secret

### Decryption (Recipient's End)

In [8]:
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
from json import dumps

# Decrypt Key
cipher_rsa = PKCS1_OAEP.new(private_key)
decrypted_session_key = cipher_rsa.decrypt(enc_session_key)

# Decrypt Message
cipher_aes = AES.new(decrypted_session_key, AES.MODE_EAX, nonce)
plaintext = cipher_aes.decrypt_and_verify(ciphertext, tag)

# Print Message
message_received = {"Secret": str(plaintext), "Key": str(
    decrypted_session_key), "Nonce": str(nonce)}
print(dumps(message_received, indent=4, sort_keys=True))


{
    "Key": "b'\\xae\\x83\\x11\\xc4sx\\x83\\x15\\xb2\\xc9<t$\\xe4Z\\x9d'",
    "Nonce": "b'\\x04|\\xb8\\x1ay\\xd1\\xed&\\xcc%\\x90\\xab\\xd8\\xb1m;'",
    "Secret": "b\"Today's lottery winning numbers are: 30,36,4,24,81\""
}


## Problem: Brute Force Attack

- A brute force attack uses trial-and-error to guess login info.
- It works by cycling through all possible combinations of letters to try and guess the correct password.
- The amount of time it will take to figure out the correct password depends on the length and complexity of the password.
    - Passwords with more characters take longer to figure out.
    - Passwords with a wider variety of characters (alphabet, numerals, symbols ...) take longer to figure out.

## Demo

In [22]:
import string
import itertools
import time

def brute_force(passwd):
    print(f"\nInput: {passwd}")
    start = time.perf_counter()
    stop = start
    end = int("".join(['9' for i in list(str(passwd))]))
    guess = 0
    while guess <= end: 
        if passwd == guess:
            print(f"Found: {passwd}")
        guess += 1
    stop = time.perf_counter()
    print(f"Time Taken: {stop - start:0.4f}")
    
passwds = [0,100,702020,8904710]

for passwd in passwds:
    brute_force(passwd)



Input: 0
Found: 0
Time Taken: 0.0000

Input: 100
Found: 100
Time Taken: 0.0002

Input: 702020
Found: 702020
Time Taken: 0.1099

Input: 8904710
Found: 8904710
Time Taken: 0.8460


In [3]:
import time

chars = ['0','1']
def bruteforce(pin):
    pin_arr = list(pin)
    start = time.perf_counter()
    stop = start
    found = _bruteforce(pin_arr)
    stop = time.perf_counter()
    print(f"Input: {pin}, Time Taken: {stop - start:0.4f} \n")
    return found

def _bruteforce(pin, guess=[]):
    global chars
    if len(guess) > len(pin):
        return None
    else:
        if pin == guess:
            return True
        else:
            for i in range(len(chars)):
                found = _bruteforce(pin, guess + [chars[i]])
                if found:
                    return True
    return False
bruteforce('11')            
bruteforce('1101010101')
bruteforce('11010011010101010')
    

Input: 11, Time Taken: 0.0000 

Input: 1101010101, Time Taken: 0.0030 

Input: 11010011010101010, Time Taken: 0.3050 



True

### Remedy
### FrontEnd
- Rate limit login attempts
- Do not allow simple passwords
- Log and Monitor attacks
- Implement captchas

### BackEnd
- Do not encrypt and store passwords, this leaves the possibility of bad actors decrypting the passwords if they acquire the database.
- Instead, hash the passwords because Hash Algorithms are not reversible.

## Resources
- https://pycryptodome.readthedocs.io/en/latest/src/examples.html
- https://www.kaspersky.com/resource-center/definitions/brute-force-attack
- https://replit.com/talk/share/Actual-Brute-Force-Password-Cracker/85402
- https://developer.mozilla.org/en-US/docs/Glossary/Recursion