Format of finshed message when the cipher selected is “TLS_ECDH_ECDSA_WITH_NULL_SHA”

i wanted to understand difference in the “Finished message” when different cipher site selected with encryption and with out encryption.

I am able to find the format of Finished message when the selected cipher suite includes encryption as below.

when the selected cipher suite is :-“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA”

Finished message:- Record layer header+Encryption initialization vector+Encrypted data+Handshake header+Verify data

when the selected cipher suite doesn’t have encryption involved :-“TLS_ECDH_ECDSA_WITH_NULL_SHA”. Finished message:- Record layer header+Handshake header+Verify data

please let me know if my understanding is correct ? if not please let me know how the format looks like.

Does adding more letters provide added security compared to a standard substitution cipher?

Let’s say that a substitution cipher had 52 symbols instead of 26. For this, we would include all lower case and upper case letters. This creates a key space of 52! wehere the cipher text can contain both lowercase and uppercase letters. Would this provide more security to a standard substitution cipher?

I would say yes because it’s an extra amount of symbols one would have to use and thus creating more options of how many keys can exist. However, I am doubtful because It’s still just letters being used. Can anyone explain?

How can I distribute highly confidential keys for a symmetric cipher?

Say I want to exchange a key with someone for a symmetric cipher (say AES) without meeting them in person. What would be the most secure way to do this over the Internet? My first instinct would be using a custom RSA channel over HTTPS to provide the most security.
I need the most future-proof method possible. (keep in mind this only needs to be done once, so even an “insane” method can be considered an answer.)

How does the “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256” cipher suite work with RSA Signature Algorithm during TLS communication?

enter image description hereI see that facebook using ECC public key but the CA signed using RSA private key.While connecting to facebook it uses TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. Here the Authentication algorithm is ECDSA.How is ECDSA compatible with RSA? Or can the Signature algorithm be anything as long as the Public key is compatible(in this case ECC).

Ensuring all network services on a device use strong TLS cipher suites

(This is hypothetical, but based on a real-life problem I’ve had)

Context:

I am developing an (embedded) device which includes a few exposed network services. I’m responsible for security, not developing these services, so I don’t know how they’re built.

I do some testing (send targeted Client Hello messages to the device services with specific cipher suites) and find that some of these services accept weak TLS cipher suites.

Problem:

I am now tasked with addressing this problem, preferably by fixing the problem as far back in the stack as possible (e.g. I would prefer to avoid having to look at the code/configuration of each individual application and would instead like to fix it at the system level).

Assumptions:

  1. I know that OpenSSL is the only crypto library/program in use on the system.

Now some questions:

  1. What options do I have for preventing network services from allowing weak TLS ciphers? (e.g. change OpenSSL itself, change OpenSSL configuration files, change OS configuration, etc.)

  2. Which options are reasonably “safe”? e.g. I suppose I could modify the OpenSSL code and remove every mention of these cipher suites, recompile, and integrate. This would prevent applications from sending the suites (even if they ask for them). However, this seems like a dangerous solution and difficult to maintain long term.

  3. Is this even possible, or do I necessarily need to look at each service?

Decode/decrypt Cipher text of unknown custom algorithm

I have a university assignment by the professor to decode unknown encoding schemes but i haven’t able to decode. The message is sample of communication between Indian external affairs to different country’s embassies. The professor hint first few Plain text characters as:

<p align="left"><b>THIS EGRAM WILL NOT BE PHOTOCOPIED OR SCANNED OR DISTRIBUTED  

and also hint the plain text charters length, as Ciphertext hexadecimal charter are 3296, the Plain text characters length will be 2824(hex char)

The Cipher text is(with egm extension):

190320192febbf4c76a000c12888e229ca0944824ffef0d6507ce9952bb29609850d7192a8c181ce1aeb845b939b7f27d4bbd535b61b78cdd5f87c987c559f3c808ff78a1c67fb860d57d287915b20f3c98a212f2780e1bad8ed2676d28fe908f40a69afde0d59869059753eda106bc20b2de95f2495ff4c5f36fac4871563c381f86d0c917f5234f5648599784ff71198ab531cb852ffc1d0ee5bd7384ae7e6ab1386d75fb6da1cefde541a700e8294cf02ce6645424215993419cbe72d9ec05e56014b11e29e7743fe5da332b1f0afd717d34766a00b7d926290e87c632b70672fd8c5712121088a89f8bb7421ba0f0b3cfd7d992766cf40cdd75586d312ef5376a15a332193687a286c0f7ae09355d86179cae0465b0e8d94e4707b4ca0481f0b029a904178b8a093ff710a91e1f9280154df873b445cf35cec13aaeac4c403e45835ecd20df7c1ea6351b778a22aa46b3ce231488ff276097f114271c35bc12089ad713db52fefdc54ddbc78fde20b6ce48dd3f6542f9a3aaab2fbe4b4e0983970671de1bc8a71fa007d2ccff8f9d1d48a03935fb47316a2c5ca38c6c8caf729d287841946883f35a881337fcddb0b3d2c056f5c233c71a40c15f2517d1e01516fc9c917e8714d4de7df48e33569c6290d306111a12228bbf114543b5a361932ad1b17f586950586face6a872204b8a457c33a650e236fa761c997a4f34687bf6414b57179ef44df71f1dbab374c91bd3d85a44f86e5355b6dd648655afc78767522e8dc55b0e69f6fc7a11596f4104ba0aa5f02f5c45161c895999f01723b2d5fb7db06febb78d02866d6852b6f94d0807fbef98f93ffba4798858e0b93cb71b645a5faa608172adc2b6ca87149ca1cbe56f7b2c9252f6242d8bf91eb192e8e28426d49ed8d1b86e973432d335bcd66a4f9d9de77cd08577f02fb392f498c67ef77484dc202b06588c95383525c8df9e05ecefa5af1175359e4bf100b063c536d9d796f180a17b589a4b27a469e59649ca1211ec46ecb25adc916c1fd0856cdbeae3486ae0552b3e63a7f32bc507f4689bada1500057cee61d66de422e6ad3c7b1af2f5cbc8bf9deab87378942289901e03a192ad940b75bfccb445e4bced16117330858a81462490fe86a0176b0a43c5e94e8db52de78bc52f10064139b3477b8b6eb386d25e99db0a0fc9cff71f7dc582cfe51f14e13d65c1fbdcf88f927c3db79059eef219cda28caae08f9324cfd06dcee5d39bf8a1b7f2ccd869028f9387109aa8fb3350ac48d82a21b7a2436b8602f5c3dbbd6b9352bc6e958224290c9034e225345070e49f9c45afa893e971305442c2619a99e3a136ca54ff97b0ab47a5bab6ebae275b07a1b5ba8ff515b54050eb0e6c2564221a34c2b7741b799709dbf9015c09ee9878f2562dcf53fdc4c53ce2f6cff75e4cab3d291b3669e62a848d73fcc92ae80522506a0917f8099c734bf5010d8e3e668921e0b87770fea25adbde7beab81f05a525c18212db69649b63e82adab223c39150f275f1b6dde7a2db0d48dd250aa014b7fd333b82c82d80165fea91aea16996917291668e7c8b1d6ea5cd30fc0fa2e8e2d8f54974175082a34f8d5eae3572e7e6b88a187a0fd50d90f7568a1bffda143ceb4ef3776d33274fc43eb3131078a0a8ad755ddeb9d9f1771cd32c261049e94a54d086bf65f21a512099bd8dca42d1fbd89561ea3e58b035d9a3f0f6c2505929db061af4157037a1bc295d9517fc0f863d2acb67f6ac37d2d8698a978bb10b5aa8f235ee58199b8a0c6a050fd08a07c6b88f03d7fd29ca7093acc9afab41e7a23ba738be095f188be49693a7c84612ebcef74c50cf5649b6f36f45b0a1d5b7a4f0477833bd7f4d061e3676b62bd8f15fec42667b32e21e0ed4f8f744e5610200d5a64a33fffcfb7b689c1b0097dc27ae5ea71a0b1b2deaa0e5972e2c88a96ec97e159d2d9023561ea9848f055a4fa1326a3f4d7481345ca8eea14b2fed52f2f8dc3f8388732c56596792d363e3348a47e01eab466cffd08dfb2eb821dc1995cb6ac1803416a9b574757a0058df2fb2a302304af21e57825b0d78977ce0f594dbe1d187fcb600e043aabd52829b8f8c160bbb0e90c149d8e0fa86d06aa1d86a24b3373785e488e43a67030d552d8add2b3e36d3e6edaf52da1b30df2e1a69463721d9827a6574f20cffb270062229e80f4c99c8cecec66fe3e4749253819acc437c2f2581dac022ed619ea19e1f0fa3f988b6a804c9bf56edbc960c8ac34010fa2629be5ad69415bcb059600400f99e21d5212373fd7bd0c972a9672f973cf46f6919cff24e4dd4cb98108680c262fdce2a082c1026682a12 

Disable support for static key cipher suites

I have a requirement to disable in the windows 7 computers of the company the support for static key cipher suites.

I have searched and found that this registry key, holds the allowed cipher suites, in a value called Functions.

HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL010002 

I have searched about how to identify the static suites in order to remove them from the list. but I haven’t found anything.

My question is what I need to search in the ciphers string, to remove the support for static keys.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25,…..

Caesar Cipher in C++

So I am pretty new to programming, trying to teach myself C++. I thought I would try to create a program based on the Caesar Cipher. The program I have will work fine as long as there are no spaces in the message I enter. So essentially I can encrypt a single word, but not a sentence. The program crashes on me if I try to input more than one word. How would I go about encrypting a sentence? Been working on this for a little while now to try and figure it out myself, but have yet to make progress on encrypting or decrypting more than a single word. Here is my code:

#include <iostream> #include <string> using namespace std; int main() {  string mess; char typ,rep; int rot, s; cout << "Welcome to Caesar Cipher!"; for (int x = 0; x < 1000; x++) {     cout << "Would you like to [E]ncrypt or [D]ecrypt: ";     cin >> typ;     switch(typ) {     case 'E':     case 'e':         cout << "Enter the message you would like to encrypt: ";         cin >> mess;         cout << "Enter rot #: ";         cin >> rot;         s = mess.size();         for (int c = 0; c < s; c++) {             mess[c] = mess[c] + rot;         }         cout << "New message is: " << mess << endl;         break;     case 'D':     case 'd':         cout << "Enter the message you would like to decrypt: ";         cin >> mess;         for (int ct = 0; ct < s; ct++) {             mess[ct] = mess[ct] - rot;         }         cout << "New message is: " << mess << endl;         break;     default:         cout << "Not a valid option!" << endl;         break;     }     cout << "Repeat? [Y]es or [N]o: ";     cin >> rep;     if (rep == 'Y' || rep == 'y')         x += 1;     else         x += 1000; }  return 0; }