Dans cet article, nous allons voir comment craquer une archive chiffrée protégée par un mot de passe en utilisant :

• L’attaque à clair connu de Biham et Kocher sur des archives Zip (PKZIP) basées sur la méthode de chiffrement ZipCrypto Store (peut être étendu à ZipCrypto Deflate).
• Une attaque classique par liste de mots sur d’autres archives chiffrées telle que les archives Zip (WinZip) basées sur la méthode de chiffrement AES (128,192,256), 7-Zip ou encore RAR.

Pour réaliser cette attaque, il faut au moins 12 octets de texte en clair connu et au moins 8 d’entre eux doivent être contigus. Plus le texte connu contigu est grand, plus l’attaque est rapide.

Outils employés : bkcrack, haiti, John the Ripper

FROM: https://sebsauvage.net/links/?rN1X9Q

git-remote-gcrypt is a git remote helper to push and pull from repositories encrypted with GnuPG, using a custom format
Supported backends are local, rsync:// and sftp://, where the repository is stored as a set of files, or instead any where gcrypt will store the same representation in a git repository
The aim is to provide confidential, authenticated git storage and collaboration using typical untrusted file hosts or services.

Tested: it works fine and is very easy to setup:

git remote add gitcrypt gcrypt::git@...
git config user.signingkey ...
git config gcrypt.participants ...
git push gitcrypt master

To encrypt only SOME files in a git repo, better look at git-crypt

Turns out PHP standard crc32 method is non-standard (while crc32b is).
Here is how to implement it in Python:

def php_crc32(a):
    '''
    References:
    - https://www.php.net/manual/en/function.hash-file.php#104836
    - https://stackoverflow.com/a/50843127/636849
    '''
    crc = 0xffffffff
    for x in a:
        crc ^= x << 24;
        for k in range(8):
            crc = (crc << 1) ^ 0x04c11db7 if crc & 0x80000000 else crc << 1
    crc = ~crc
    crc &= 0xffffffff
    # Convert from big endian to little endian:
    return int.from_bytes(crc.to_bytes(4, 'big'), 'little')

He’s also established a dozen roles for participants to assign themselves: from Ministers of Religion and Education, to Island Architect, Mayor, and Chief Technology Officers, in order to jump-start the camaraderie (or anarchy).

For a community keen to “enrich the poor, cure the sick, and liberate humanity,” according to Blue Frontiers’ co-founder Joe Quirk, their operating logic seems to reinforce many of the social stigmas and power structures already responsible for much of the suffering and inequality within contemporary society. Rather than offering any single narrative or conclusion, LARPing underscores these divergent visions of Seasteading’s (failed) utopia just before the ship sets sail.

Auditing software is hard! The most-heavily scrutinized smart contract in history had a small bug that nobody noticed — that is, until someone did notice it, and used it to steal fifty million dollars.

you’re trusting in the software (and your ability to defend yourself in a software-driven world), instead of trusting other people.

Another example: the purported advantages for a voting system in a weakly-governed country. [...] is your Afghan villager going to download the blockchain from a broadcast node and decrypt the Merkle root from his Linux command line to independently verify that his vote has been counted? Or will he rely on the mobile app of a trusted third party — like the nonprofit or open-source consortium administering the election or providing the software?

Blockchain systems are supposed to be more trustworthy, but in fact they are the least trustworthy systems in the world. Today, in less than a decade, three successive top bitcoin exchanges have been hacked

you’ll rely on one of four things [...] : either the author of the smart contract is someone you know of and trust, the seller of the e-book has a reputation to uphold, you or friends of yours have bought e-books from this seller in the past successfully, or you’re just willing to hope that this person will deal fairly. In each case, even if the transaction is effectuated via a smart contract, in practice you’re relying on trust of a counterparty or middleman

Projects based on the elimination of trust have failed to capture customers’ interest because trust is actually so damn valuable.

Instead of directing resources to the elimination of trust, we should direct our resources to the creation of trust—whether we use a long series of sequentially hashed files as our storage medium or not.

editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP

Cryptanalysts in our Laboratory are pros at cracking codes. Try your hand at one.