Demos
Demo | Date |
01/24/2019 | |
This demo demonstrates the pitfalls of key re-use with one time pads. Download the script: pad.py You can invoke the script like this:
NOTE: You will need to install cv2 and numpy. If you have the pip installer for Python, you can install these as follows (note that you may need to install these as root (i.e., using sudo)):
| |
01/24/2019 | |
This demo demonstrates the pitfalls of using biased random number generators for creating one time pads. The program encrypts an image by generating a stream of pseudorandom pixels, and adding it to the image to obtain a ciphertext. You can set the bias of the pseudorandom number generator (PRNG) used to produce this stream using the slider bar. Download the script: stream.py You can invoke the script like this:
Note that this program only works for JPEGs, and the encryption is very slow. Use it only on small images. The –pre-cache flag tells the program to first compute all of the encrypted images it will display before showing the UI so that the UI is more responsive once it loads. NOTE: You will need to install scipy, numpy, and PIL. If you have the pip installer for Python, you can install these as follows (note that you may need to install these as root (i.e., using sudo)):
| |
01/31/2019 | |
This demo shows how you can run cryptography utilities right from the command line! Download the entire toolkit here: openSSL_2019.zip!
| |
02/07/2019 | |
This demo explores different kinds of web technology (HTTP Protocol, JavaScript, and Cookies). This is particularly useful as we transition into the web security part of the course. Click here to review the demo. | |
02/12/2019 | |
This demo shows how an attacker could use a victim’s cookie to gain access to their session, with the help of Burp Suite to intercept HTTP requests. Click here to review the demo. | |
02/26/2019 | |
This demo shows how an attack can use Hashcat, a free, fast password recovery tool, to recover plaintext passwords from insecure hash functions. Click here to review the demo.
| |
03/07/2019 | |
This demo shows the damage an attacker can cause with just 10 seconds of access to your CS account. Watch the video here. To perform the attack, the following commands were run:
Remember to log off your department machines! | |
04/18/2019 | |
This demo shows how we might craft an adversarial sample to fool a classifier. Check out the web app here. | |
04/23/2019 | |
In this demo, Olivia showed how to use Wireshark to sniff network traffic. We also explored using the TOR browser. |