Discussion on RSA and how to crack HTTPS

Time:2021-1-28

This article discusses with you a more interesting question: how to crack HTTPS? As we all know, almost the whole Internet now uses HTTPS, and some browsers will give warnings if they are not. In the interview, we often ask about HTTPS. This article will go deep into the principle of HTTPS and talk about the idea of cracking HTTPS.

HTTPS

In order to crack HTTPS, we must first know the principle of HTTPS. Next, let’s talk about the principle of HTTPS.

Public private key

The public and private keys of HTTPS often appear in interviews, and all kinds of interviews will give answers: there are two secret keys, public key and private key. The website holds the private key, and the user holds the public key. The website encrypts the data to the user with its private key, and the user decrypts the data with the public key. Users want to send information on the other hand, users use the public key to encrypt data, and websites use the private key to decrypt data.This encryption and decryption algorithm using different secret keys is called asymmetric encryption. This process is a bit convoluted. Let’s take the following example to illustrate. Suppose that website a has enabled HTTPS, and Xiao Ming will visit this website (the following example is only to explain the use of public and private keys, not the real process of HTTPS. The real process is the section of “HTTP handshake process”):

  1. Website a enables HTTPS. Naturally, it has a pair of secret keys, private keys and public keys. The private key is hidden by itself, and the public key can be obtained by any visiting user
  2. Xiao Ming visits website a and gets a’s public key
  3. Xiao Ming wants to send a message to website a, so he encrypts the information with his public key, and then sends it to website a
  4. Website a gets the ciphertext and decrypts it with its own private key to get the message content
  5. Website a should reply to Xiaoming, encrypt the information with its own private key and send it to Xiaoming
  6. After Xiao Ming gets the ciphertext, he decrypts the information with his own public key

Through the above process, we can see that because the public key is public, all users can unlock the information encrypted by the website’s private key.At this stage, the protection is actually the data sent by the user to the server, because the encrypted data of the user must be decrypted by the private key of the server.Here we want to ask an interesting question: since all users can get the public key, can Xiaohong also solve the information encrypted by Xiaoming, because Xiaohong also has a public key? If Xiaohong can also solve it, as long as Xiaohong intercepts Xiaoming’s traffic, doesn’t she know the content? To simplify the problem,Can public key encrypted information be decrypted with the same public key? The answer is no!To know this reason, we must know RSA algorithm. We will talk about it later, step by step.

digital certificate

In front of Xiaoming visit website a process is hidden danger, can be attacked. Suppose Xiaohong is a man in the middle hacker, and now she wants to attack Xiaoming. She secretly manipulates Xiaoming’s computer and changes the public key of website a into her own:

  1. Xiaoming visits website a, and website a sends Xiaoming the public key, but this step is attacked by Xiaohong
  2. Xiaohong hijacks Xiaoming’s traffic and replaces the public key from website a with her own
  3. Xiao Ming got the wrong public key and used it to encrypt his own information, which may contain his user name, password and other sensitive information
  4. Xiaoming sends encrypted information to website a, and the traffic is intercepted by Xiaohong
  5. Because the ciphertext is encrypted with Xiaohong’s public key, Xiaohong decrypts it with the corresponding private key to get Xiaoming’s password, and the attack is completed

It can be seen that only public and private keys can not cope with the traffic hijacking of middleman, and the information intercepted in the transmission process will still be cracked. The key to the success of this attack is that Xiao Ming got the wrong public key, so we need a mechanism to ensure Xiao Ming got the correct public key of website A. this mechanism is digital certificate. The digital certificate is very simple. There is only one core thing in it, which is the public key of website a. Website a puts its public key into the digital certificate and sends it to Xiaoming. Xiaoming sees that the public key is authenticated by the certificate and is trusted, so he uses it. Even if Xiaohong replaces the public key, because Xiaohong’s public key has no certificate authentication, Xiaoming can identify the fake.

How to guarantee the security of digital certificate? Won’t Xiao Hong forge another digital certificate? This is about Ca (certificate authority). CA is the organization that issues digital certificate. CA has its own private and public key. CA encrypts an information with its private key, which is the public key of website a, and then sends it to the user. The user gets the information and decrypts it with the public key of Ca, and then gets the correct public key of website a. So,The digital certificate is actually the website public key encrypted by CA private key. If Xiaohong doesn’t have the private key of Ca, she can’t forge the digital certificate of the website, and can’t replace the public key Xiao Ming got. So,In fact, the digital certificate ensures the correctness of the public key of the website, and the CA guarantees the security of the digital certificate

Since CA guarantees the security of digital certificate, who will guarantee the security of Ca? Suppose something x guarantees the security of Ca, who will guarantee the security of X? I feel that the chain of trust can be endless… In reality, the security level of Ca is very high, its security is not only technical means, but also legal and physical measures. On the other hand, back to the theme of this article, cracking HTTPS, here we actually have the first idea: hacking CA! You can replace the public key of all the certificates in its name with your own, and decrypt all the websites that use its certificates.

A friend in the comment area mentioned that Charles can decrypt HTTPS, which is the same principle as Xiao Hong attacking Xiao Ming. The premise for Charles to decrypt HTTPS is that you need to install his certificate. If you install his certificate, you actually trust Charles as a fake ca. The attack process changes the front red to Charles.

session key

Encryption and decryption of public and private keys are indeed very safe, but their speed is very slow. If every message is operated in this way, it will affect the whole communication efficiency. Therefore, when we establish a connection with HTTPS, there is only one message exchanged through public and private keys: session secret key. The session secret key is not asymmetric encryption, but symmetric encryption. Symmetric encryption is very common in some film and television works: the protagonist gets a treasure map, but he can’t understand it because the treasure map is written in password. He has no choice but to think of his ancestral book and get a comparison. That book can just decrypt the treasure map password. In fact, this book is a codebook. In World War II, a lot of information was encrypted in the form of codebook, and there were many things to obtain military information from the other side by intercepting the codebook.Encryption and decryption all use the codebook. In fact, they use the same secret key, which is symmetric encryption. In the field of computer, this codebook is a hash function, which maps one character to another. For example, our encrypted hash function is to move the character back three bits, a, B and E. then “hello” becomes:

h -> k

e -> h

l -> o

l -> o

o -> r

“Hello” becomes “Khoor”. The attacker only needs to know your algorithm, calculate it back, move forward three bits and decrypt it. Therefore, symmetric encryption is not relatively safe, but if I can guarantee that his password (that is, the secret key) is secure, symmetric encryption can also be secure. How to ensure the security of symmetric encryption key? Use the public key and private key again!Therefore, after the HTTPS connection, there is only one information exchanged between the public key and the private key, which is the symmetric encryption secret key, that is, the session secret key. Symmetric encryption algorithm is a hash function, encryption and decryption is relatively fast, this design is from the perspective of efficiency.

digital signature

In fact, digital signature is very simple. It is used to ensure the integrity and correctness of information

  1. Xiao Ming first generates a digest of plaintext information by using the digest algorithm, which is similar to MD5, SHA-1, SHA-2, which is a hash function that cannot be inversely solved
  2. Xiao Ming encrypts the digest with a public key
  3. Xiao Ming attached the signature to the content and sent it to the server
  4. After receiving the signature, the server decrypts the digest with the private key
  5. The server performs the same summarization algorithm on the content to get the summary
  6. If the digest calculated by the server is the same as that in the signature, the content is complete and has not been tampered with

HTTP handshake process

In fact, the key points of HTTPS have been mentioned in the previous few knowledge points. Let’s summarize the process of the handshake

  1. Xiao Ming sends a request to website a
  2. Website a returns the CA digital certificate to the client. The certificate contains the public key of website a
  3. Xiao Ming gets the public key of website a through the CA public key decryption certificate built in his computer (the CA public key is built in the browser)
  4. Xiao Ming generates a random symmetric secret key, that is, a session secret key. The session secret key must be generated by the client. As mentioned above, the public key and private key can only ensure the security of the information sent to the website by the client. Only the private key can unlock the information encrypted by the public key. The private key website is hidden, so other people can’t unlock the information. But if a website generates a session secret key and encrypts it with its private key, then everyone has a public key and everyone can unlock it.
  5. Xiaoming sends the session secret key to website a by encrypting the public key of website a
  6. Next, website a and Xiaoming use the session key for HTTP communication

RSA algorithm

Previously, we mentioned that the information encrypted by the public key can not be decrypted with the same public key, and can only be decrypted with the private key. This is actually the core secret of asymmetric encryption. Let’s talk about how this secret is achieved, which is actually RSA algorithm. The calculation process of RSA algorithm is as follows:

  1. Randomly select two prime numbers P and Q
  2. Calculate n = PQ
  3. Calculation of φ (n) = (p-1) (Q-1)
  4. Find a small odd number e coprime with φ (n). Coprime means that the common divisor of two numbers is only 1
  5. For module φ (n), calculate the multiplicative inverse D of E, that is, find a d so that the following equation holds: (E * d) mod φ (n) = 1
  6. Get public key: (E, n), private key: (D, n)
  7. Encryption process: C = (m ^ E) mod n, (C is the encrypted ciphertext, M is the original)
  8. Decryption process: M = (C ^ D) mod n

The seventh step shows that the E power of M, M is the original text that we send, can be text, JSON, pictures, although in various forms, but in the computer are binary 01, so it can be converted into digital power. Let’s try this algorithm with two numbers:

  1. Just pick two prime numbers 23 and 61
  2. Calculation n = 23 * 61 = 1403
  3. Calculation φ (n) = (23-1) * (61-1) = 22 * 60 = 1320
  4. Let’s find a small odd number e coprime with φ (n). Let’s choose 7
  5. Calculate the inverse of multiplication, D. what I calculate here is d = 943. If you are interested in multiplication inverse, you can search online how to calculate it. Because it is not the topic of this paper, I will not start it.
  6. Get public key (7, 1403), private key (943, 1403)
  7. Let’s use the public key to encrypt a random 5, encryption C = (m ^ E) mod n = (5 ^ 7)% 1403 = 78125% 1403 = 960
  8. Private key decryption: M = (C ^ D) mod n = (960 ^ 943)% 1403 = 5, (960 ^ 943) this number is super large, general calculator can’t work out, JS calculation is even worse, I use this website to calculate:https://defuse.ca/big-number-…
  9. Try private key encryption again: C = (m ^ D) mod n = (5 ^ 943)% 1403 = 283
  10. Public key decryption: M = (C ^ E) mod n = (283 ^ 7)% 1403 = 5

Knowing the algorithm, we can answer the previous question. Why can’t the data encrypted by the public key be solved by ourselves? Pay attention to the encryption algorithm(m^e) mod nIt’s a modular operation,Modular operations cannot be reversed. For example, if 5 is modulo 4, 5% 4 = 1, but on the other hand, if you know x% 4 = 1, find X. This x can have infinite numbers, 5, 9, 13, 17… So even if you have a public key (E, n) and a ciphertext C, you don’t know which value (m ^ E) will take. This is the core secret of asymmetric encryption. Similarly, private key encryption can’t solve itself.

RSA solution

The so-called cracking RSA, in fact, is to infer his hidden information from the public information. Specifically, it is to find the private key (D, n) from the known public key (E, n), that is, to find D. Demand D is actually the inverse solution(e*d) mod φ(n) = 1In order to solve this equation inversely, we must know φ (n), because φ (n) = (p-1) (Q-1), so we must know P and Q. We know n = PQ, and N is known, so it is possible to know P and Q. So cracking RSA is actually a sentence:N is known. Just divide n into the product of two prime numbers. Simple to say, very difficult to do! Because in actual use, n is very large. Now in many places, n is 2048 bits or even 4096 bits. When this number is converted to decimal, it is hundreds or thousands of bits long. For comparison, JS integers can support 53 bits at most… So there are two ways to crack RSA in reality:

  1. Find an algorithm that can efficiently split large number n into two prime numbers. Unfortunately, the mathematical community has not yet found this algorithm.
  2. If you don’t have a good way, you can use the stupid method, exhaustive, to traverse P and Q from 2 until their product is n. It is said that someone spent five months to calculate a 512 bit n, and then they changed the secret key, RSA also upgraded to 1024 bits

summary

  1. In fact, HTTPS is HTTP + RSA + digital certificate + session key
  2. RSA implements asymmetric encryption, which allows the public key to be distributed at will. Even if the private key is lost, it can quickly change a pair of public and private keys. The vulnerability of symmetric encrypted codebook is solved.
  3. Digital certificate guarantees that the public key can not be tampered with.
  4. CA guarantees the security of digital certificate.
  5. Who guarantees the security of Ca is a metaphysics
  6. Session secret key is symmetric encryption, the purpose is to speed up the encryption and decryption
  7. The essence of RSA algorithm:

    1. Encryption uses modular operation, which can not be reversed at all
    2. N takes a super large number, which is beyond the theoretical limit of mathematics and the industrial limit of computer
  8. Three ways to crack HTTPS

    1. Black out the Ca and change the public key of the certificate under its name into yours, regardless of the method…
    2. The spirit of mathematics, find efficient large number decomposition algorithm, minute calculate P, Q
    3. Turing appendage, developed a super fast quantum computer, second second calculate P, Q
  9. If you don’t open your own website, go back and open it. Remember to find a reliable CA to buy a certificate

At the end of the article, thank you for spending your precious time reading this article. If this article gives you a little help or inspiration, please don’t be stingy with your praise and GitHub stars. Your support is the driving force of the author’s continuous creation.

Author’s blog GitHub project address:https://github.com/dennis-jiang/Front-End-Knowledges

I also launched a official account [the front end of the attack]. I didn’t advertise, I didn’t write hydrology. I only published high-quality original.
Discussion on RSA and how to crack HTTPS