What is cryptosploit?
cryptosploit is one of a kind framework aimed to prototype, develop and exploit crypto attacks. I created it specifically for my crypto training, but i plan to release it as an open source tool in the near future (so stay tuned!).
It implements the same concept of metasploit but is specifially conceived for network & crypto attacks. Commands and syntax are similar to metasploit as well in order to reduce the learning curve. Below you can see a demo video:
cryptosploit can be a valuable tool for a wide range of people involved in cyber security:
- sysadmins: can understand the impacts of a crypto vulnerability;
- academics: can prototype crypto attacks, translating ideas from paper to real implementations;
- students: can test, study and understand crypto vulnerabilities;
- pentesters: can show practically to customers the impacts of one or more crypto vulnerabilities (having more stuff to paste into their reports :P)
What does Scytala mean?
Scytala is the name i have given to the core of cryptosploit. So you probably are wondering what it means.
When it comes to cryptography, usually the best example brought to novices in order to let them understand the base principles around the encryption and decryption process is the Caesar cipher.
It operated just by shifting the characters which a message was composed of. Simple but at the same time effective (read more here).
However, almost nobody mentions first about spartans and their ability to encrypt communications during military campaigns more than 4 centuries earlier than Julius Caesar, in the 5th century BC.
The way they did it was by means of the Scytala.
It worked in this way: a strip of parchment was wrapped around a wooden stick and then a message was written horizontally over it. The wooden stick had to be of a shape and diameter known only to generals who needed to communicate each other.
If the message had been catched by enemies, they would not been able to decrypt it. Indeed once it was unrolled from the wooden stick, the horizontal order of letters in the strip of parchment was different and not sequential as when those had been written, so that anyone intercepting the communication was unable to read words that make sense.
The message could be brought back to the original cleartext form only by whom owned the wooden stick having same shape and diameter. Clever Spartans!