diff --git a/README.md b/README.md
index 7b07de2..0cccc49 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,133 @@
-# appliedcrypto
-First
+
+
+# e-Security Module
+
+## Outline details
+
+Some of the associated material will be hosted on this site:
+
+https://asecuritysite.com/esecurity
+
+This repository contains the code and labs for the module. Open up your Ubuntu instance, and downloaded from:
+
+
+
+
diff --git a/unit00_introduction/README.md b/unit00_introduction/README.md
new file mode 100644
index 0000000..cb9d926
--- /dev/null
+++ b/unit00_introduction/README.md
@@ -0,0 +1,133 @@
+
+
+# Unit 0: Introduction
+
+## Units
+The units involved in the module are:
+
+* Ciphers and Fundamentals.
+* Symmetric (Secret) Key. AES, ChaCha20.
+* Hashing and MAC. MD5, SHA-1, SHA-256.
+* Asymmetric (Public) Key. RSA and Elliptic Curve.
+* Key Exchange. Diffie-Hellman, ECDH.
+* Trust and Digital Certificates.
+* Tunnelling. Tunnelling, including SSL/TLS.
+* Cryptocurrencies and Blockchain. Outline of cryptocurrencies, Bitcoins, Ethereum and more.
+* Future Cryptography. Outline of areas such as Homomorphic Encryption, Zero-knowledge proofs and Quantum-robust cryptography.
+* Host security.
+
+The module uses Slack as the main communication channel and which can be accessed [here](esecurity2020.slack.com). There is also a WebEx session each Monday at 6:30pm.
+
+## Module outline
+An introduction video is here:
+
+[](http://www.youtube.com/watch?v=z9DaFxDuxxA "")
+
+We will be using a Ubuntu machine for the practical elements of the module. The VM can either be sourced on vSoC or can be downloaded from [here](https://livenapierac-my.sharepoint.com/:u:/g/personal/b_buchanan_napier_ac_uk/Ed074id3TQVNneDepApeUa8B1TMsUw4P7nXtIZTDzFkkig?e=yyElRx). You can download VMWare Workstation or VMWare Fusion from [here](https://softcentre.soc.napier.ac.uk/users.cgi). A demo of using the VM is here:
+
+[](http://www.youtube.com/watch?v=tIQYpjaELcA "")
+
+## Draft Timetable
+
+
+Any questions, contact us on Slack?
+
+
diff --git a/unit00_introduction/esecurity_introduction.pdf b/unit00_introduction/esecurity_introduction.pdf
new file mode 100644
index 0000000..4a8e887
Binary files /dev/null and b/unit00_introduction/esecurity_introduction.pdf differ
diff --git a/unit00_introduction/esecurity_introduction.pptx b/unit00_introduction/esecurity_introduction.pptx
new file mode 100644
index 0000000..2684024
Binary files /dev/null and b/unit00_introduction/esecurity_introduction.pptx differ
diff --git a/unit01_cipher_fundamentals/README.md b/unit01_cipher_fundamentals/README.md
new file mode 100644
index 0000000..443a59f
--- /dev/null
+++ b/unit01_cipher_fundamentals/README.md
@@ -0,0 +1,105 @@
+
+
+# Unit 1: Cipher Fundamentals
+
+The key concepts are:
+
+* Ciphers.
+* Encoding methods (ASCII, UTF-16, Base64, Hex).
+* Prime Numbers.
+* GCD.
+* Large numbers.
+* Random Number Generators.
+* Data Integrity (CRC-32).
+* Frequency Analysis.
+* Key-based encryption.
+* Key sizes.
+
+## What you should know at the end of unit?
+
+* **Understand the conversion of characters between hex, decimal and octal**. Sample question: Convert "hello" into a hex stream. Related material: [here](https://asecuritysite.com/Coding/ascii).
+ * *Why are we studying this?* Encrypted content is converted into a range of different formats, so we need to understand the process of taking plain text and then converting it into other encoding formats. Encryption keys, ciphertext and digital certificates are examples of binary content which must be represented in a text format.
+* **Compute the GCD for values**. Sample question: What is the GCD for 42 and 56? Related material: [here](https://asecuritysite.com/encryption/gcd).
+ * *Why are we studying this?* GCD is a fundamental building block used in public key encryption, where we must find two numbers who do not share a common divisor. When we look at public key encryption we will see how GCD is used.
+* **Compute the MOD for values**. Sample question: What is the result of 13 MOD 7?
+ * *Why are we studying this?* Within many of the public key methods we use the MOD operator with a prime number, and where it is difficult to find the value of x for Y=gx(mod p), even though we know Y, g and p.
+* **Understand how to manually convert from ASCII to Base-64, and vice-versa**. Sample question: What is the Base-64 conversion of “hello”? [here](https://asecuritysite.com/Coding/ascii).
+ * *Why are we studying this?* Base-64 is used extensively in encryption, and many of the keys and cipher text are transported and stored in a Base-64 format.
+* **Calculate the time taken to crack a code given a time to try each key, and for the number of processing elements**. Sample question: If it takes 100 years to crack a cipher code, and computing power doubles each year. How long will it take to crack a code after five years?
+ * *Why are we studying this?* We always need to understand the strengths of your encrypted data, especially in the face of GPU based crackers, so we need to understand how quickly it will take to crack our cipher.
+
+## Presentations
+
+* Week 1 Presentation (PDF): [here](https://github.com/billbuchanan/esecurity/tree/master/unit01_cipher_fundamentals/lecture)
+* Week 1 Presentation (video): [here](https://www.youtube.com/watch?v=zqmjUpJNcJA)
+* Week 1 Class Lecture (video): [here](https://youtu.be/3hkRjzl8B8w)
+
+## Lab
+
+* Week 1 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/tree/master/unit01_cipher_fundamentals/lab) [demo](https://www.youtube.com/watch?v=v6H7lHblKes)
+
+## Sample exam questions
+
+1. Using the table [here](https://asecuritysite.com/public/test_table.pdf), what is the Base-64 encoding for "test"?
+
+1. Using the table [here](https://asecuritysite.com/public/test_table.pdf), is the Base-64 encoding for "help"?
+
+1. If it takes 1ns to test an encryption key. How long will it take to crack a 32-bit key?
+
+1. If it takes 10ns to test an encryption key. How long will it take to crack a 20-bit key?
+
+1. Bob tells Alice that she won't be able to view the cipher text, but when she looks at the messages, they seem to be full of printable characters. What format is Bob likely to be using for the encoding of the cipher text, and what would you ask Alice to look for, in order to confirm your guess?
+
+1. Alice has been reading her crypto books, and she reads that there should be an '=' symbol at the end of the encoding. She observes her encoding of cipher messages to Bob, and sees that some do not have an '=' sign at the end. Is there a problem with her encoder? If not, how often, on average, should she see an '=' sign at the end of her ciphered messages?
+
+1. Bob has two numbers which give a GCD of 1. Trent says that this happens because the numbers are prime. Is Trent correct? Explain your answer.
+
+1. Bob deals in Bitcoins and tells Alice that he has a Base-58 ID? Alice says he is crazy, and has only heard of Base-64. What is Base-58 and how does it differ from Base-64?
+
+1. Bob encrypted a message in 1980, and it took a million years to crack at the time. Assuming that computing power doubles each year, do you think the message will be safe against cracking for existing computer systems?
+
+## Tests
+
+* Take fun cipher code challenge: [here](https://asecuritysite.com/challenges/hex). Go see what score you can achieved. If you can get more than 30, you are doing every well. Something over 90 enters a genius level.
+* Five minute challenge: [here](https://asecuritysite.com/challenges/scramb). See if you can solve a scrambled alphabet cipher in just five minutes.
+* Test 1 (Caesar): [here](https://asecuritysite.com/tests/tests?sortBy=caesar)
+* Test 2 (Hex): [here](https://asecuritysite.com/tests/tests?sortBy=hex01)
+
+Note: There will be no cipher challenges in the assessments, and these tests are just a bit of fun, and for background.
+
+## Answers
+
+Q1
+
+test -> 01110100 01100101 01110011 01110100
+test -> 011101 000110 010101 110011 011101 00
+test -> d G V z d A ==
+
+
+Q2
+
+help -> 01101000 01100101 01101100 01110000
+help -> 011101 000110 010101 110011 011101 00
+help -> a G V s c A ==
+
+
+Q3
+
+Max time to crack = 1e-9 x 2^32
+Max time to crack = 4.3 seconds
+
+
+Q4
+
+Max time to crack = 10e-9 x 2^20
+Max time to crack = 0.01 seconds
+
+
+Q8: Have a look [here](https://asecuritysite.com/encryption/base58)
+
+
+
+
+
+
+
diff --git a/unit01_cipher_fundamentals/lab/README.md b/unit01_cipher_fundamentals/lab/README.md
new file mode 100644
index 0000000..4504558
--- /dev/null
+++ b/unit01_cipher_fundamentals/lab/README.md
@@ -0,0 +1,392 @@
+
+
+# Lab 1: Cipher Fundamentals
+
+Objective: The key objective of this lab is to be introduced to some of the fundamental principles involved in cryptography, including the usage of Base-64, hexadecimal, the modulus operator some basic operators (such as AND, OR, X-OR, Rotate Right and Rotate Left), and prime numbers. This lab also involves cracking puzzles, and which have been added to get you to think about the methods involved in cipher cracking. You can undertake the additional challenges if you want to further develop your cryptography skills.
+
+Go to **vsoc.napier.ac.uk** and find your folder. Run your Ubuntu instance [demo](https://youtu.be/v6H7lHblKes). Lab demo: (Note that you will be using Ubuntu, while the demo shows Kali). A demo of the lab is [here](https://www.youtube.com/watch?v=v6H7lHblKes).
+
+## Introduction
+Note: Some of the code in this example uses Python 2.7. If you are using Python 3, remember and put parenthesis around the print statement string, such as print (hex(val)).
+
+### A.1 Is prime?
+Using: http://asecuritysite.com/Encryption/testprime
+
+
+Test for the following prime numbers:
+91: [Yes] [No]
+
+421: [Yes] [No]
+
+1449: [Yes] [No]
+
+
+### A.2 gcd
+
+Using: http://asecuritysite.com/Encryption/gcd
+
+Determine the GCD for the following:
+88, 46:
+
+105, 35:
+
+### A.3 Base-64 convertor
+
+Using: http://asecuritysite.com/coding/ascii
+
+Determine the Base 64 and Hex values for the following strings:
+
+Hello:
+
+hello:
+
+HELLO:
+
+
+### A.4 Base-64 convertor
+
+Using: http://asecuritysite.com/coding/ascii
+
+Determine the following ASCII strings for these encoded formats:
+
+
+
+### A.5 The mod operatpor
+Using Python, what is the result of 53,431 (mod 453)?
+
+In Python, this is:
+
+```python
+print (53431 % 453)
+```
+
+
+### A.6 Bitwise operations
+Using Python, what is the results of the following:
+
+```python
+print (0x43 | 0x21)
+print (0x43 & 0x21)
+print (0x43 ^ 0x21)
+```
+
+In this case, "|" does a bitwise OR, "&" does a bitwise AND, and "^" does a bitwise X-OR. Using a pen and paper, prove that these results are correct. Results:
+
+
+### A.7 Hex, Oct, Char and Binary
+Using Python, what is the hex, octal, character, and binary equivalents of the value of 93:
+
+```python
+val1=93
+print ("Dec:\t",val1)
+print ("Bin:\t",bin(val1))
+print ("Hex:\t",hex(val1))
+print ("Oct:\t",oct(val1))
+print ("Char:\t",chr(val1))
+```
+
+Results:
+
+### A.8 Node.js
+JavaScript is often used in cryptography. Using node.js, repeat A.7.
+
+```node
+val=93
+console.log(val.toString(2))
+console.log(val.toString(16))
+console.log(val.toString(8))
+console.log(String.fromCharCode(val))
+```
+
+This program will use node.js. Create a file named a_08.js and then run with:
+
+node a_08.js
+
+
+Results:
+
+
+### A.9 Base64
+Using Python, what is the Base-64 conversion for the string of “crypto”?
+
+```python
+import base64
+str="crypto"
+print (base64.b64encode(str))
+```
+
+Result:
+
+
+### A.10 Base64
+If we use a string of "crypto1", what do you observe from the Base64 conversion compared to the result in the previous question (A.9)?
+Observation:
+
+
+### A.11 Bit shift
+Using Python, using a decimal value of 41, determine the result of a shift left by one bit, a shift left by two bits, a right shift by one bit, and a right shift by two bits:
+
+Web link (Bit shift): https://asecuritysite.com/comms/shift
+
+Decimal form: 41
+
+Shift left (1):
+
+Shift left (2):
+
+Shift right(1):
+
+Shift right(2):
+
+Why would a shift left or shift right operator not be used on its own in cryptography?
+
+
+### A.12 Factors
+In several cases in cryptography, we try and factorize a value into its factors. An example is 15, and which has factors of 5 and 3. Using the Python program defined in the following link, determine the factors of 432:
+
+Web link (Factorization): https://asecuritysite.com/encryption/factors
+
+Think of two extremely large values and determine their factors.
+
+
+### A.13 Compression
+Another format we can use for our data is compression, and we can do the compression before or after the encryption process. One of the most popular methods is gzip compress, and which uses the LZ method to reduce the number of bits used. For this we will use node.js. Create a file named a_13.js and determine what the following Base64 conversions are when they are uncompressed (Hint: they are cities of the World):
+
+Web link (Compression): https://asecuritysite.com/encryption/gzip
+
+Take a string of “abc” and compress it, and now keep building up the string with the same sequence (such as “abcabc…”). What do you observe from the length of the compression string if you use a random characters of the same length as an input:
+
+
+
+## B GCD
+GCD is known as the greatest common divisor, or greatest common factor (gcf), and is the largest positive integer that divides into two numbers without a remain-der. For example, the GCD of 9 and 15 is 3. It is used many encryption algorithms, and a sample algorithm to determine the GCD of two values (a and b) is given on:
+
+Web link (GCD): http://asecuritysite.com/encryption/gcd
+
+### B.1 Write a Python program to determine the GCD for the following:
+
+4105 and 10:
+
+4539 and 6:
+
+### B.2 Two numbers are co-prime if they do not share co-factors, apart from 1, which is gcd(a,b)=1.
+
+Determine if the following values are co-prime:
+
+5435 and 634: Yes/No
+
+## C Modulus and Exponentiation
+The mod operator results in the remainder of an integer divide. For example, 31 divided by 8 is 3 remainder 7, thus 31 mod 8 equals 7. Often in cryptography the mod operation uses a prime number, such as:
+
+Result = valuex mod (prime number)
+
+For example, if we have a prime number of 269, and a value of 8 with an x value of 5, the result of this operation will be:
+
+Result = 85 mod 269 = 219
+
+With prime numbers, if we know the result, it is difficult to find the value of x even though we have the other values, as many values of x can produce the same result. It is this feature which makes it difficult to determine a secret value (in this case the secret is x).
+
+Exponentiation ciphers use a form of:
+
+C = Me mod p
+
+to encrypt and decrypt a message (M) using a key of e and a prime number p.
+
+### C.1 What is the result of the following:
+
+
+813 mod 271:
+
+1223 mod 973:
+
+
+### C.2 Implement a Python program which will determine the result of:
+
+Me mod p
+
+The program should check that p is a prime number.Is the result of 85 mod 269 equal to 219?
+
+Yes/No
+
+
+### C.3 Proving
+Now prove the following:
+* message = 5, e=5, p = 53. Ans: 51
+* message = 4, e=11, p = 79. Ans: 36
+* message = 101, e=7, p = 293. Ans: 176
+
+An outline of the Python 2.7 code is:
+
+```python
+message = raw_input('Enter message: ')
+e = raw_input('Enter exponent: ')
+p = raw_input('Enter prime ')
+
+cipher = (int(message) ** int(e)) % int(p)
+print (cipher)
+```
+
+Note: In Python 3.x, we using input() instead of raw_input().
+
+## D Simple prime number test
+A prime number is a value which only has factors of 1 and itself. Prime numbers are used fairly extensively in cryptography, as computers struggle to factorize them when they are multiplied together. The simplest test for a prime number is to divide the value from all the integers from 2 to the value divided by 2. If any of the results leaves no remainder, the value is a prime, otherwise it is composite. We can obviously improve on this by getting rid of even numbers which are greater than 2, and also that the highest value to be tested is the square root of the value.
+
+So, if n = 37, then our maximum value will be , which, when rounded down is 6. So, we can try: 2, 3, and 5, of which of none of these divide exactly into 37, so it is a prime number. Now let’s try 55, we will then be 2, 3, 5 and 7. In this case 5 does divide exactly in 55, so the value is not prime.
+
+Another improvement we can make is that prime numbers (apart from 2 and 3) fit into the equation of:
+
+6k ± 1
+
+where k=0 gives 0 and 1, k=1 gives 5 and 7, k=2 gives 11 and 13, k=3 gives 17 and 19, and so on. Thus we can test if we can divide by 2 and then by 3, and then check all the numbers of 6k ± 1 up to X.
+
+Web link (Prime Numbers): http://asecuritysite.com/encryption/isprime
+
+### D.1 Using the equation of 6k ± 1. Determine the prime numbers up to 100:
+Prime numbers:
+
+
+### D.2 Implement a Python program which will calculate the prime numbers up to 1000:
+ Define the highest prime number generated:
+
+
+A prime sieve creates all the prime numbers up to a given limit. It progressively removes composite numbers until it only has prime numbers left, and it is the most efficient way to generate a range of prime numbers. The following provides a fast method to determine the prime numbers up to a give value (test):
+
+```python
+import sys
+
+test=1000
+
+if (len(sys.argv)>1):
+ test=int(sys.argv[1])
+
+def sieve_for_primes_to(n):
+ size = n//2
+ sieve = [1]*size
+ limit = int(n**0.5)
+ for i in range(1,limit):
+ if sieve[i]:
+ val = 2*i+1
+ tmp = ((size-1) - i)//val
+ sieve[i+val::val] = [0]*tmp
+ return [2] + [i*2+1 for i, v in enumerate(sieve) if v and i>0]
+
+print (sieve_for_primes_to(test))
+```
+
+
+### D.3 Implement the Python code given above and determine the highest prime number possible in the following ranges:
+ Up to 100:
+
+Up to 1,000:
+
+Up to 5,000:
+
+Up to 10,000:
+
+
+The Miller-Rabin Test for Primes is an efficient method in testing for a prime number. Access the following page and download the Python script.
+
+Web link (Miller-Radin): http://asecuritysite.com/encryption/rabin
+
+Using this determine the following:
+
+
+### D.4 Prime numbers
+Which of the following numbers are prime numbers:
+Is 5 prime? Yes/No
+
+Is 7919 prime? Yes/No
+
+Is 858,599,509 prime? Yes/No
+
+Is 982,451,653 prime? Yes/No
+
+Is 982,451,652 prime? Yes/No
+
+
+
+## E Random numbers
+Within cryptography random numbers are used to generate things like encryption keys. If the generation of these keys could be predicted in some way, it may be possible to guess it. The two main types of random number generators are:
+
+* Pseudo-Random Number Generators (PRNGs). Repeats after a given time. Fast. They are also deterministic and periodic, so that the random number generation will eventually repeat.
+* True Random Number Generators (TRNGs). This method is a true random number such as for keystroke analysis. It is generally slow but is non-deterministic and aperiodic.
+
+Normally simulation and modelling use PRNG, so that the values generated can be repeated each time, while cryptography, lotteries, gambling and games use TRNG, as each value which is selected at random should not repeat or be predictable. In the generation of encryption keys for public key encryption, a user is typically asked to generate some random activity with their mouse pointer. The random number is then generated on this activity.
+
+Computer programs often struggle to generate TRNG, and hardware generators are sometimes used. One method is to generate a random number based on low-level, statistically random "noise" signals. This includes things like thermal noise, and a photoelectric effect.
+
+Web link (Random number): http://asecuritysite.com/encryption/random
+
+One method of creating a simple random number generator is to use a sequence generator of the form (Linear Congruential Random Numbers):
+
+
+
+Where a, c and m are integers, and where X0 is the seed value of the series.
+
+If we take the values of a=21, X0=35, c=31 and m=100 we get a series of:
+
+
+(21×35+31) mod 100 gives 66
+(21×66+31) mod 100 gives 17
+(21×17+31) mod 100 gives 88
+
+
+
+Web link (Linear congruential): http://asecuritysite.com/encryption/linear
+
+### E.1
+Implement the Python code given above.
+
+Using: a=21, seed=35, c=31, and m=100, prove that the sequence gives 66 17 88 79 90
+ Does it generate this sequence?
+
+Yes/No
+
+### E.2 Determine the sequence for:
+
+a=22, seed=35, c=31, and m=100.
+
+First four numbers of sequence?
+
+
+
+
+### E.3
+Determine the sequence for:
+
+a=954,365,343, seed=436,241, c=55,119,927, and m=1,000,000.
+
+First four numbers of sequence?
+
+
+### E.4
+Determine the sequence for:
+
+a=2,175,143, seed=3553, c=10,653, and m=1,000,000.
+
+First four numbers of sequence?
+
+
+## F What I should have learnt from this lab?
+The key things learnt:
+
+* Some fundamental principles around number and character formats, including binary, hexadecimal and Base64.
+* How to run a Python program and change some of the parameters.
+* Some fundamentals around prime numbers and mod operations.
+
+
+
+
diff --git a/unit01_cipher_fundamentals/lab/new_lab01.docx b/unit01_cipher_fundamentals/lab/new_lab01.docx
new file mode 100644
index 0000000..222c619
Binary files /dev/null and b/unit01_cipher_fundamentals/lab/new_lab01.docx differ
diff --git a/unit01_cipher_fundamentals/lab/new_lab01.pdf b/unit01_cipher_fundamentals/lab/new_lab01.pdf
new file mode 100644
index 0000000..5ff1d73
Binary files /dev/null and b/unit01_cipher_fundamentals/lab/new_lab01.pdf differ
diff --git a/unit01_cipher_fundamentals/lab/sample_ans.md b/unit01_cipher_fundamentals/lab/sample_ans.md
new file mode 100644
index 0000000..8c958cc
--- /dev/null
+++ b/unit01_cipher_fundamentals/lab/sample_ans.md
@@ -0,0 +1,183 @@
+A.6
+```python
+print 0x43 | 0x21
+print 0x43 & 0x21
+print 0x43 ^ 0x21
+```
+
+A.7
+```python
+val1=93
+print "Dec:\t",val1
+print "Bin:\t",bin(val1)
+print "Hex:\t",hex(val1)
+print "Oct:\t",oct(val1)
+print "Char:\t",chr(val1)
+```
+
+A.8
+```python
+val=93
+console.log(val.toString(2))
+console.log(val.toString(16))
+console.log(val.toString(8))
+console.log(String.fromCharCode(val))
+```
+
+A.9
+```python
+import base64
+str=”crypto”
+print base64.b64encode(val)
+```
+
+A.10
+```python
+import sys
+
+val1="00110101"
+
+if (len(sys.argv)>1):
+ val1=sys.argv[1]
+
+print "Binary form: \t\t",val1
+dec=int(val1,2)
+
+print "Decimal form: \t\t",dec,"\t",bin(dec)[2:10].rjust(8,'0')
+
+res=(dec << 1) & 0xff
+print "Shift left (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+
+res=(dec << 2) & 0xff
+
+print "Shift left (2):\t",res,"\t",bin(res)[2:].rjust(8,'0')
+
+res=(dec >> 1) & 0xff
+print "Shift right (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+
+res=(dec >> 2) & 0xff
+print "Shift right (2):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+```
+
+B.1
+```python
+def gcd(a, b):
+
+ while( b != 0 ):
+ Remainder = a % b;
+ a = b;
+ b = Remainder;
+ return a;
+
+g = gcd(54,8)
+print g
+```
+
+C.3
+```python
+message = raw_input('Enter message: ')
+e = raw_input('Enter exponent: ')
+p = raw_input('Enter prime ')
+
+cipher = (int(message) ** int(e)) % int(p)
+print cipher
+```
+
+D.1
+```python
+import math
+
+def get_if_prime(val):
+
+ max = math.sqrt(val);
+
+ if (val % 2 == 0):
+ return (False);
+
+ if (val % 3 == 0):
+ return (False);
+
+ for k in range(0, 10000):
+ testval = 6 * k + 1;
+ if (testval>max):
+ break
+ if (val % testval == 0):
+ return (False)
+ testval = 6 * k - 1;
+ if (testval>max):
+ break
+
+ if (val % testval == 0):
+ return (False)
+ return (true)
+
+val=93
+
+res = get_if_prime(val)
+if (res==True):
+ print str(val)+" is prime"
+else:
+ print str(val)+" is not prime"
+```
+
+D.2
+```python
+import sys
+
+test=1000
+
+if (len(sys.argv)>1):
+ test=int(sys.argv[1])
+
+def sieve_for_primes_to(n):
+ size = n//2
+ sieve = [1]*size
+ limit = int(n**0.5)
+ for i in range(1,limit):
+ if sieve[i]:
+ val = 2*i+1
+ tmp = ((size-1) - i)//val
+ sieve[i+val::val] = [0]*tmp
+ return [2] + [i*2+1 for i, v in enumerate(sieve) if v and i>0]
+
+print sieve_for_primes_to(test)
+```
+This works because we start with all the odd numbers up to the square root of the limit of the numbers we are looking for. If we have 100, then the size will be 50. We start off with odd numbers (as 2 is the only even prime):
+
+
+
+
diff --git a/unit01_cipher_fundamentals/lecture/README.md b/unit01_cipher_fundamentals/lecture/README.md
new file mode 100644
index 0000000..c040a45
--- /dev/null
+++ b/unit01_cipher_fundamentals/lecture/README.md
@@ -0,0 +1,33 @@
+
+
+# 1. Fundamentals
+
+## Outline
+The key concepts involved in this unit are:
+
+The key concepts are:
+
+* Ciphers.
+* Encoding methods (ASCII, UTF-16, Base64, Hex).
+* Prime Numbers.
+* GCD.
+* Large numbers.
+* Random Number Generators.
+* Data Integrity (CRC-32).
+* Frequency Analysis.
+* Key sizes.
+
+## Presentations
+
+* Week 2 Presentation (PDF) - Symmetric Key Encryption: [here](https://github.com/billbuchanan/esecurity/blob/master/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pdf)
+* Week 2 Presentation (Video) - Symmetric Key Encryption [here](https://www.youtube.com/watch?v=zqmjUpJNcJA)
+* Week 2 Presentation (Lecture - Video) - Symmetric Key Encryption: [here](https://www.youtube.com/watch?v=3hkRjzl8B8w). Recorded on Friday 24 Jan 2020.
+
+## Lectures
+The voice-over lecture is here:
+
+[](https://www.youtube.com/watch?v=zqmjUpJNcJA "")
+
+The classroom lecture recorded on 24 Jan 2020 is here:
+
+[](https://www.youtube.com/watch?v=3hkRjzl8B8w "")
diff --git a/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.key b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.key
new file mode 100644
index 0000000..de2fe21
Binary files /dev/null and b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.key differ
diff --git a/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pdf b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pdf
new file mode 100644
index 0000000..e5ad0ed
Binary files /dev/null and b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pdf differ
diff --git a/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pptx b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pptx
new file mode 100644
index 0000000..97f57b6
Binary files /dev/null and b/unit01_cipher_fundamentals/lecture/chapter01_ciphers_fundamentals.pptx differ
diff --git a/unit01_cipher_fundamentals/src/README.md b/unit01_cipher_fundamentals/src/README.md
new file mode 100644
index 0000000..6e38591
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/README.md
@@ -0,0 +1,140 @@
+
+
+A.6
+```python
+print 0x43 | 0x21
+print 0x43 & 0x21
+print 0x43 ^ 0x21
+```
+
+A.7
+```python
+val1=93
+print "Dec:\t",val1
+print "Bin:\t",bin(val1)
+print "Hex:\t",hex(val1)
+print "Oct:\t",oct(val1)
+print "Char:\t",chr(val1)
+```
+A.8
+```python
+val=93
+console.log(val.toString(2))
+console.log(val.toString(16))
+console.log(val.toString(8))
+console.log(String.fromCharCode(val))
+```
+A.9
+```python
+import base64
+str="crypto"
+print base64.b64encode(val)
+```
+A.10
+```python
+import sys
+
+val1="00110101"
+
+if (len(sys.argv)>1):
+ val1=sys.argv[1]
+
+print "Binary form: \t\t",val1
+dec=int(val1,2)
+
+print "Decimal form: \t\t",dec,"\t",bin(dec)[2:10].rjust(8,'0')
+
+res=(dec << 1) & 0xff
+print "Shift left (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+
+res=(dec << 2) & 0xff
+
+print "Shift left (2):\t",res,"\t",bin(res)[2:].rjust(8,'0')
+
+res=(dec >> 1) & 0xff
+print "Shift right (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+
+res=(dec >> 2) & 0xff
+print "Shift right (2):\t",res,"\t",bin(res)[2:10].rjust(8,'0')
+```
+B.1
+```python
+def gcd(a, b):
+
+ while( b != 0 ):
+ Remainder = a % b;
+ a = b;
+ b = Remainder;
+ return a;
+
+g = gcd(54,8)
+print g
+```
+C.3
+
+```python
+message = raw_input('Enter message: ')
+e = raw_input('Enter exponent: ')
+p = raw_input('Enter prime ')
+
+cipher = (int(message) ** int(e)) % int(p)
+print cipher
+```
+D.1
+```python
+import math
+
+def get_if_prime(val):
+
+ max = math.sqrt(val);
+
+ if (val % 2 == 0):
+ return (False);
+
+ if (val % 3 == 0):
+ return (False);
+
+ for k in range(0, 10000):
+ testval = 6 * k + 1;
+ if (testval>max):
+ break
+ if (val % testval == 0):
+ return (False)
+ testval = 6 * k - 1;
+ if (testval>max):
+ break
+
+ if (val % testval == 0):
+ return (False)
+ return (true)
+
+val=93
+
+res = get_if_prime(val)
+if (res==True):
+ print str(val)+" is prime"
+else:
+ print str(val)+" is not prime"
+```
+D.2
+```python
+import sys
+
+test=1000
+
+if (len(sys.argv)>1):
+ test=int(sys.argv[1])
+
+def sieve_for_primes_to(n):
+ size = n//2
+ sieve = [1]*size
+ limit = int(n**0.5)
+ for i in range(1,limit):
+ if sieve[i]:
+ val = 2*i+1
+ tmp = ((size-1) - i)//val
+ sieve[i+val::val] = [0]*tmp
+ return [2] + [i*2+1 for i, v in enumerate(sieve) if v and i>0]
+
+print sieve_for_primes_to(test)
+```
diff --git a/unit01_cipher_fundamentals/src/a_06.py b/unit01_cipher_fundamentals/src/a_06.py
new file mode 100644
index 0000000..b80228f
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_06.py
@@ -0,0 +1,6 @@
+print (0x43 | 0x21)
+
+print (0x43 & 0x21)
+
+print (0x43 ^ 0x21)
+
diff --git a/unit01_cipher_fundamentals/src/a_07.py b/unit01_cipher_fundamentals/src/a_07.py
new file mode 100644
index 0000000..98b8683
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_07.py
@@ -0,0 +1,11 @@
+val1=93
+
+print ("Dec:\t",val1)
+
+print ("Bin:\t",bin(val1))
+
+print ("Hex:\t",hex(val1))
+
+print ("Oct:\t",oct(val1))
+
+print ("Char:\t",chr(val1))
diff --git a/unit01_cipher_fundamentals/src/a_08.js b/unit01_cipher_fundamentals/src/a_08.js
new file mode 100644
index 0000000..71690ce
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_08.js
@@ -0,0 +1,9 @@
+val=93
+
+console.log(val.toString(2))
+
+console.log(val.toString(16))
+
+console.log(val.toString(8))
+
+console.log(String.fromCharCode(val))
diff --git a/unit01_cipher_fundamentals/src/a_09.py b/unit01_cipher_fundamentals/src/a_09.py
new file mode 100644
index 0000000..fc9e806
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_09.py
@@ -0,0 +1,3 @@
+import base64
+str="crypto"
+print (base64.b64encode(str))
diff --git a/unit01_cipher_fundamentals/src/a_11.py b/unit01_cipher_fundamentals/src/a_11.py
new file mode 100644
index 0000000..da9f2a7
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_11.py
@@ -0,0 +1,26 @@
+# Bit shift
+# https://asecuritysite.com/comms/shift
+import sys
+
+val1="00110101"
+
+if (len(sys.argv)>1):
+ val1=sys.argv[1]
+
+print ("Binary form: \t\t",val1)
+dec=int(val1,2)
+
+print ("Decimal form: \t\t",dec,"\t",bin(dec)[2:10].rjust(8,'0'))
+
+res=(dec << 1) & 0xff
+print ("Shift left (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0'))
+
+res=(dec << 2) & 0xff
+
+print ("Shift left (2):\t",res,"\t",bin(res)[2:].rjust(8,'0'))
+
+res=(dec >> 1) & 0xff
+print ("Shift right (1):\t",res,"\t",bin(res)[2:10].rjust(8,'0'))
+
+res=(dec >> 2) & 0xff
+print ("Shift right (2):\t",res,"\t",bin(res)[2:10].rjust(8,'0'))
diff --git a/unit01_cipher_fundamentals/src/a_13.js b/unit01_cipher_fundamentals/src/a_13.js
new file mode 100644
index 0000000..321c3fa
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/a_13.js
@@ -0,0 +1,38 @@
+// Run as node a_13.js Hello zip
+// Use npm install gzip
+
+var zlib = require('zlib');
+var test="hello";
+
+var flag="zip"
+
+var args = process.argv;
+if (args.length>1) test=args[2];
+if (args.length>2) flag=args[3];
+
+console.log("Input: ",test);
+
+
+if (flag=="zip") {
+ var input = new Buffer.from(test)
+
+ zlib.deflate(input, function(err, buf) {
+ var res=buf.toString('base64');
+
+ console.log("Compressed: " ,res );
+ // console.log("Compressed: " ,buf );
+
+ });
+
+}
+else {
+ var input = new Buffer.from(test,'base64')
+
+
+ zlib.inflate(input, function(err, buf) {
+ if (buf==undefined) console.log("Incorrect format in processing Base64!");
+ else console.log("Uncompressed:", buf.toString("utf8") );
+
+
+ });
+}
diff --git a/unit01_cipher_fundamentals/src/b_01.py b/unit01_cipher_fundamentals/src/b_01.py
new file mode 100644
index 0000000..f14a923
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/b_01.py
@@ -0,0 +1,10 @@
+def gcd(a, b):
+
+ while( b != 0 ):
+ Remainder = a % b;
+ a = b;
+ b = Remainder;
+ return a;
+
+g = gcd(54,8)
+print (g)
diff --git a/unit01_cipher_fundamentals/src/c_01.py b/unit01_cipher_fundamentals/src/c_01.py
new file mode 100644
index 0000000..eb11992
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/c_01.py
@@ -0,0 +1,6 @@
+message = raw_input('Enter message: ')
+e = raw_input('Enter exponent: ')
+p = raw_input('Enter prime ')
+
+cipher = (int(message) ** int(e)) % int(p)
+print (cipher)
diff --git a/unit01_cipher_fundamentals/src/d_01.py b/unit01_cipher_fundamentals/src/d_01.py
new file mode 100644
index 0000000..59b68eb
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/d_01.py
@@ -0,0 +1,33 @@
+import math
+
+def get_if_prime(val):
+
+ max = math.sqrt(val);
+
+ if (val % 2 == 0):
+ return (False);
+
+ if (val % 3 == 0):
+ return (False);
+
+ for k in range(0, 10000):
+ testval = 6 * k + 1;
+ if (testval>max):
+ break
+ if (val % testval == 0):
+ return (False)
+ testval = 6 * k - 1;
+ if (testval>max):
+ break
+
+ if (val % testval == 0):
+ return (False)
+ return (true)
+
+val=93
+
+res = get_if_prime(val)
+if (res==True):
+ print str(val)+" is prime"
+else:
+ print str(val)+" is not prime"
diff --git a/unit01_cipher_fundamentals/src/d_02.py b/unit01_cipher_fundamentals/src/d_02.py
new file mode 100644
index 0000000..810320d
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/d_02.py
@@ -0,0 +1,21 @@
+#
+import sys
+
+test=1000
+
+if (len(sys.argv)>1):
+ test=int(sys.argv[1])
+
+def sieve_for_primes_to(n):
+ size = n//2
+ sieve = [1]*size
+ limit = int(n**0.5)
+ for i in range(1,limit):
+ if sieve[i]:
+ val = 2*i+1
+ tmp = ((size-1) - i)//val
+ sieve[i+val::val] = [0]*tmp
+ return [2] + [i*2+1 for i, v in enumerate(sieve) if v and i>0]
+
+
+print sieve_for_primes_to(test)
diff --git a/unit01_cipher_fundamentals/src/d_04.py b/unit01_cipher_fundamentals/src/d_04.py
new file mode 100644
index 0000000..c6b9e7d
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/d_04.py
@@ -0,0 +1,51 @@
+# http://asecuritysite.com/encryption/rabin
+
+import random
+import sys
+
+_mrpt_num_trials = 5 # number of bases to test
+
+testval=97
+
+def is_probable_prime(n):
+ assert n >= 2
+ # special case 2
+ if n == 2:
+ return True
+ # ensure n is odd
+ if n % 2 == 0:
+ return False
+ # write n-1 as 2**s * d
+ # repeatedly try to divide n-1 by 2
+ s = 0
+ d = n-1
+ while True:
+ quotient, remainder = divmod(d, 2)
+ if remainder == 1:
+ break
+ s += 1
+ d = quotient
+ assert(2**s * d == n-1)
+
+ # test the base a to see whether it is a witness for the compositeness of n
+ def try_composite(a):
+ if pow(a, d, n) == 1:
+ return False
+ for i in range(s):
+ if pow(a, 2**i * d, n) == n-1:
+ return False
+ return True # n is definitely composite
+
+ for i in range(_mrpt_num_trials):
+ a = random.randrange(2, n)
+ if try_composite(a):
+ return False
+
+ return True
+
+
+rtn=is_probable_prime(testval)
+if (rtn==True):
+ print str(testval) + " is a prime"
+else:
+ print str(testval) + " is not a prime"
\ No newline at end of file
diff --git a/unit01_cipher_fundamentals/src/e_01.py b/unit01_cipher_fundamentals/src/e_01.py
new file mode 100644
index 0000000..28b38ea
--- /dev/null
+++ b/unit01_cipher_fundamentals/src/e_01.py
@@ -0,0 +1,17 @@
+import math
+
+def gen_linear(a, seed,c, m):
+ x=seed
+ res=""
+
+ for i in range(0,200):
+ val = (a * x + c) % m
+ res += str(val) + " "
+ x = val;
+ return (res)
+a=21
+X0=35
+c=31
+m=100
+res=gen_linear(a,X0,c,m)
+print (res)
diff --git a/unit02_symmetric/README.md b/unit02_symmetric/README.md
new file mode 100644
index 0000000..30ab479
--- /dev/null
+++ b/unit02_symmetric/README.md
@@ -0,0 +1,84 @@
+
+
+# Unit 2: Symmetric Key
+
+The key concepts involved are defining key entropy; key generators (such as using hashing methods to generate keys based on passphrases); symmetric key methods (AES, Twofish, 3DES, RC4 and ChaCha20); stream or block encryption; symmetric key modes (ECB/CBC/OFB); and salting/IV.
+
+
+
+## What you should know at the end of unit?
+
+* The differences between a stream cipher and a block cipher.
+* How salting is used to change the cipher blocks.
+* Use openssl to perform practical operations.
+* Understand the encoding formats used for cipher text and keys.
+* Define the difference between cipher block modes, such as between ECB and CBC.
+
+## Presentations
+
+* Week 2 Presentation (PPTX) - Symmetric Key Encryption: [here](https://github.com/billbuchanan/esecurity/blob/master/unit02_symmetric/lecture/chapter02_secret.pptx)
+* Week 2 Presentation (Video) - Symmetric Key Encryption [here](https://youtu.be/nLRV34K3xIo)
+* Week 2 Presentation (Lecture - Video) - Symmetric Key Encryption: [here](https://youtu.be/CCOt8Xk3ZVU)
+
+## Lab
+
+* Unit 2 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/blob/master/unit02_symmetric/lab/new_lab02.pdf)
+* Unit 2 Lab (Video): [here](https://youtu.be/N3UADaXmOik)
+
+## Quick demos
+
+* Introduction to AES: [here](https://www.youtube.com/watch?v=rSyvUYbMok8)
+* Padding in ciphers: [here](https://www.youtube.com/watch?v=R3NosHMSi0o)
+* Why EDE in 3DES?: [here](https://www.youtube.com/watch?v=ttayDxqfQkA)
+
+## Sample exam questions
+The following are sample exam questions for symmetric key:
+
+* Explain the differences between stream and block ciphers, and why salt is required within the encryption process.
+ * **Where would I find this info?** Have a look at the penguin in [Unit 2](https://asecuritysite.com/public/chapter02_secret.pdf) (Slide 31), and here's an outline of the problem with ECB in this related [article](https://medium.com/asecuritysite-when-bob-met-alice/when-is-high-grade-encryption-not-high-grade-when-its-ecb-e1509ec56930?source=friends_link&sk=31ec28f1c2be74a81e53c67e71d5b259).
+* What are the possible advantages of using stream ciphers over block ciphers?
+* Bob encrypts his data using secret key encryption and sends it to Alice. Every time he produces the cipher text it changes, and he is worried that Alice will not be able to decipher the cipher text. He encrypts "Hello" and gets a different cipher stream each time. Why does the cipher text change, and why is she still able to decrypt it, even though it changes each time?
+* AES uses an S-box to scramble the bits. How are the S-boxes for the encryption and decryption process linked?
+* Bob is sending encrypted data to Alice, and Eve is listening. After listening for a while, Eve is able to send a valid encrypted message to Alice. By outlining ECB, discuss how this might be possible.
+ * **Where would I find this info?** Have a look at the penguin in [Unit 2](https://asecuritysite.com/public/chapter02_secret.pdf) (Slide 31), and here's an outline of the problem with ECB in this related article.
+* Bob is using a password to generate a 128-bit encryption key. Explain why the key space is unlikely to be 2128, and why key entropy could be used to measure the equivalent key size.
+ * **Where would I find this info?** This is related to key entropy [here](https://asecuritysite.com/encryption/en), and try and understand how key entropy relates to the strength of the encryption.
+* Bob says that the number of bytes used for the cipher text will change directly with the number of bytes used in the plain text. Alice disagrees and says that most encryption methods involve having block sizes. Who is correct? Explain why.
+* With block encryption, how do we know where the ciphered data actually ends? Does it just use an end-of-file character or a NULL character?
+* Alice says she is confused that Bob is sending her the same message as a cipher, but every time the cipher text changes. Apart from using the shared encryption key, what does Alice use to decipher the cipher text?
+* Bob tells Alice that she won't be able to view the cipher text, but when she looks at the messages, they seem to be full of printable characters. What format is Bob likely to be using for the encoding of the cipher text, and what would you ask Alice to look for, in order to confirm your guess?
+* Which of these is correct for CMS padding: "68656c6c6f3132330808080808080808", "68656c6c6f3132330909090909090909", and "68656c6c6f3132330A0A0A0A0A0A0A0A".
+ * **Where would I find information on this?** Look [here](https://asecuritysite.com/encryption/padding).
+* Bob wants to cipher "edinburgh" with the key of "hello123" for a 256-bit AES key, and his encoding gives him "6564696e6275726768". What will be the padding that will be added?
+* Eve says she thinks she can determine the number of characters within some ciphered plain-text. Is she correct? If so, how many plain-text characters were there in this ciphered message: "6920776f756c64206c696b6520746f2074616b65206120627265616b04040404".
+* RC4 is a stream cipher, which is one of the recommended ciphers for IoT devices. Bob says that it has an infinitely long encryption key, and that his devices will not be able to cope with this size of key. How would you convince him that IoT devices will be able to cope with RC4?
+* RC4 is used within Wifi systems. With WEP, a 40-bit encryption key which was shared over the network, and which had a 24-bit IV value. In relation to the key size, the scope of the key, and the size of the IV, what do you think were the fundamental problems with this setup?
+* Bob says that he can creat two ciphers from a file with the word "hello", and which will always create the same cipher. If the cipher is "Z8onq9tXC3CL2oOwqLLWbg==" and the key is "password", which is the missing part of the command he used (find the replacement for [OPTION1] and [OPTION2]):
+
+
+
+The following are encrypted with aes-256-cbc or 3-DES and have a password of "napier", "123456" or "password". Decode them:
+
+* U2FsdGVkX18K9Dy9I/CewpNH2svvjyhNG3Bod77+uYo=
+* U2FsdGVkX18pmUpnI7iopG3gsHVQPT1zyRwjlvAJ+aI=
+* U2FsdGVkX19XlsCN50CFxZlBcCplPs9/
+
+Please note: In the file you create, put one new line after the Base64 text. For example the answer to the first one is:
+
+## Addendum
+In the lecture, the slide at the end of Unit 2 (Symmetric Key) should be (for an eight character password and with [a-z]):
+
+
+
+
+## Tests
+
+* Test (Symmetric Key Encryption): [here](https://asecuritysite.com/tests/tests?sortBy=cryptobook02)
+
+Note: There will be no multiple choice questions in the tests.
diff --git a/unit02_symmetric/lab/README.md b/unit02_symmetric/lab/README.md
new file mode 100644
index 0000000..421ab2a
--- /dev/null
+++ b/unit02_symmetric/lab/README.md
@@ -0,0 +1,671 @@
+
+
+# Lab 2: Symmetric Key
+Objective: The key objective of this lab is to understand the range of symmetric key methods used within symmetric key encryption. We will introduce block ciphers, stream ciphers and padding. The key tools used include OpenSSL, Python and JavaScript. Overall Python 2.7 has been used for the sample examples, but it should be easy to convert these to Python 3.x.
+
+Lab Demo: [here](https://youtu.be/N3UADaXmOik)
+
+## A OpenSSL
+OpenSSL is a standard tool that we used in encryption. It supports many of the standard symmetric key methods, including AES, 3DES and ChaCha20.
+
+
+### A.1
+
+Using:
+
+* openssl list-cipher-commands
+* openssl version
+
+Outline five encryption methods that are supported:
+
+
+
+Outline the version of OpenSSL:
+
+
+### A.2
+Using openssl and the command in the form:
+
+openssl prime –hex 1111
+
+
+Check if the following are prime numbers:
+
+* 42 [Yes][No]
+* 1421 [Yes][No]
+
+### A.3
+Now create a file named myfile.txt (using nano).
+
+Next encrypt with aes-256-cbc
+
+
+Has the output been decrypted correctly?
+
+
+What happens when you use the wrong password?
+
+
+### A.7
+Now encrypt a file with Blowfish and see if you can decrypt it.
+
+
+Did you manage to decrypt the file? [Yes][No]
+
+## B Padding (AES)
+With encryption, we normally use a block cipher, and where we must pad the end blocks to make sure that the data fits into a whole number of block. Some background material is here:
+
+Web link (Padding): http://asecuritysite.com/encryption/padding
+
+In the first part of this tutorial we will investigate padding blocks:
+
+
+### B.1
+With AES which uses a 256-bit key, what is the normal block size (in bytes).
+
+Block size (bytes):
+
+Number of hex characters for block size:
+
+
+### B.2
+Go to: Web link (AES Padding): http://asecuritysite.com/encryption/padding
+
+Using 256-bit AES encryption, and a message of “kettle” and a password of “oxtail”, determine the cipher using the differing padding methods (you only need to show the first six hex characters).
+
+If you like, copy and paste the Python code from the page, and run it on your Ubuntu instance.
+
+CMS:
+
+Null:
+
+Space:
+
+### B.3
+For the following words, estimate how many hex characters will be used for the 256-bit AES encryption:
+
+Number of hex characters:
+
+“fox”:
+
+“foxtrot”:
+
+“foxtrotanteater”:
+
+“foxtrotanteatercastle”:
+
+### B.4
+With 256-bit AES, for n characters in a string, how would you generalise the calculation of the number of hex characters in the cipher text.
+
+How many Base-64 characters would be used (remember 6 bits are used to represent a Base-64 character): Hex characters:
+
+Base-64 characters:
+
+## C Padding (DES)
+In the first part of this lab we will investigate padding blocks.
+
+### C.1
+With DES which uses a 64-bit key, what is the normal block size (in bytes):
+
+Block size (bytes):
+
+Number of hex characters for block size:
+
+
+### C.2
+Go to: Web link (DES Padding): http://asecuritysite.com/encryption/padding_des
+
+Using 64-bit DES key encryption, and a message of “kettle” and a password of “oxtail”, determine the cipher using the differing padding methods.
+
+If you like, copy and paste the Python code from the page, and run it on your Ubuntu instance.
+
+CMS:
+
+Null:
+
+Space:
+
+### C.3
+
+For the following words, estimate how many hex characters will be used for the 64-bit key DES encryption:
+
+Number of hex characters:
+
+“fox”:
+
+“foxtrot”:
+
+“foxtrotanteater”:
+
+“foxtrotanteatercastle”:
+
+### C.4
+With 64-bit DES, for n characters in a string, how would you generalise the calculation of the number of hex characters in the cipher text.
+
+How many Base-64 characters would be used (remember 6 bits are used to represent a Base-64 character): Hex characters:
+
+Base-64 characters:
+
+## D Python Coding (Encrypting)
+In this part of the lab, we will investigate the usage of Python code to perform different padding methods and using AES. First download the code from:
+
+Web link (Cipher code): http://asecuritysite.com/cipher01.zip
+
+The code should be:
+
+```python
+from Crypto.Cipher import AES
+import hashlib
+import sys
+import binascii
+import Padding
+
+val='hello'
+password='hello'
+
+plaintext=val
+
+def encrypt(plaintext,key, mode):
+ encobj = AES.new(key,mode)
+ return(encobj.encrypt(plaintext))
+
+def decrypt(ciphertext,key, mode):
+ encobj = AES.new(key,mode)
+ return(encobj.decrypt(ciphertext))
+
+key = hashlib.sha256(password).digest()
+
+
+plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='CMS')
+print "After padding (CMS): "+binascii.hexlify(bytearray(plaintext))
+
+ciphertext = encrypt(plaintext,key,AES.MODE_ECB)
+print "Cipher (ECB): "+binascii.hexlify(bytearray(ciphertext))
+
+plaintext = decrypt(ciphertext,key,AES.MODE_ECB)
+plaintext = Padding.removePadding(plaintext,mode='CMS')
+print " decrypt: "+plaintext
+
+
+plaintext=val
+```
+
+
+Now update the code so that you can enter a string and the program will show the cipher text. The format will be something like:
+
+
+python cipher01.py hello mykey
+
+
+where “hello” is the plain text, and “mykey” is the key. A possible integration is:
+
+```python
+import sys
+
+if (len(sys.argv)>1):
+ val=sys.argv[1]
+
+if (len(sys.argv)>2):
+ password=sys.argv[2]
+```
+
+Now determine the cipher text for the following (the first example has already been completed):
+
+Message Key CMS Cipher
+“hello” “hello123”
+ 0a7ec77951291795bac6690c9e7f4c0d
+“inkwell” “orange”
+
+“security” “qwerty”
+
+“Africa” “changeme”
+
+
+Now copy your code and modify it so that it implements 64-bit DES and complete the table (Ref to: http://asecuritysite.com/encryption/padding_des):
+
+
+Message Key CMS Cipher
+
+“hello” “hello123” 8f770898ddb9fb38
+
+“inkwell” “orange”
+
+“security” “qwerty”
+
+“Africa” “changeme”
+
+
+Now modify the code so that the user can enter the values from the keyboard, such as with:
+
+```python
+cipher=raw_input('Enter cipher:')
+password=raw_input('Enter password:')
+```
+
+## E Python Coding (Decrypting)
+Now modify your coding for 256-bit AES ECB encryption, so that you can enter the cipher text, and an encryption key, and the code will decrypt to provide the result. You should use CMS for padding. With this, determine the plaintext for the following (note, all the plain text values are countries around the World):
+
+CMS Cipher (256-bit AES ECB) Key Plain text
+
+b436bd84d16db330359edebf49725c62 “hello”
+
+4bb2eb68fccd6187ef8738c40de12a6b “ankle”
+
+029c4dd71cdae632ec33e2be7674cc14 “changeme”
+
+d8f11e13d25771e83898efdbad0e522c “123456”
+
+
+Now modify your coding for 64-bit DES ECB encryption, so that you can enter the cipher text, and an encryption key, and the code will decrypt to provide the result. You should use CMS for padding. With this, determine the plaintext for the following (note, all the plain text values are countries around the World):
+
+CMS Cipher (64-bit DES ECB) Key Plain text
+
+f37ee42f2267458d “hello”
+
+67b7d1162394b868 “ankle”
+
+ac9feb702ba2ecc0 “changeme”
+
+de89513fbd17d0dc “123456”
+
+
+Now update your program, so that it takes a cipher string in Base-64 and converts it to a hex string and then decrypts it. From this now decrypt the following Base-64 encoded cipher streams (which should give countries of the World):
+
+CMS Cipher (256-bit AES ECB) Key Plain text
+
+/vA6BD+ZXu8j6KrTHi1Y+w== “hello”
+
+nitTRpxMhGlaRkuyXWYxtA== “ankle”
+
+irwjGCAu+mmdNeu6Hq6ciw== “changeme”
+
+5I71KpfT6RdM/xhUJ5IKCQ== “123456”
+
+
+
+PS … remember to add "import base64".
+
+## F Catching exceptions
+If we try “1jDmCTD1IfbXbyyHgAyrdg==” with a passphrase of “hello”, we should get a country. What happens when we try the wrong passphrase?
+
+Output when we use “hello”:
+
+
+Output when we use “hello1”:
+
+
+
+Now catch the exception with an exception handler:
+
+```python
+try:
+ plaintext = Padding.removePadding(plaintext,mode='CMS')
+ print " decrypt: "+plaintext
+except:
+ print("Error!")
+```
+
+Now implement a Python program which will try various keys for a cipher text input, and show the decrypted text. The keys tried should be:
+
+["hello","ankle","changeme","123456"]
+
+Run the program and try to crack:
+
+1jDmCTD1IfbXbyyHgAyrdg==
+
+
+What is the password:
+
+
+## G Stream Ciphers
+The Chacha20 cipher is a stream cipher which uses a 256-bit key and a 64-bit nonce (salt value). Currently AES has a virtual monopoly on secret key encryption. There would be major problems, though, if this was cracked. Along with this AES has been shown to be weak around cache-collision attacks. Google thus propose ChaCha20 as an alternative, and actively use it within TLS connections. Currently it is three times faster than software-enabled AES and is not sensitive to timing attacks. It operates by creating a key stream which is then X-ORed with the plaintext. It has been standardised with RFC 7539.
+
+### G.1 We can use node.js to implement ChaCha20:
+
+```javascript
+var chacha20 = require("chacha20");
+var crypto = require('crypto');
+
+var keyname="test";
+var plaintext = "testing";
+
+var args = process.argv;
+if (args.length>2) plaintext=args[2];
+if (args.length>3) keyname=args[3];
+
+var key = crypto.createHash('sha256').update(keyname).digest();
+
+var nonce = new Buffer.alloc(8);
+nonce.fill(0);
+
+console.log( key);
+
+var ciphertext = chacha20.encrypt(key, nonce, new Buffer.from(plaintext));
+console.log("Ciphertext:\t",ciphertext.toString("hex"));
+console.log("Decipher\t",chacha20.decrypt(key,
+nonce, ciphertext).toString());
+```
+
+If we use a key of "qwerty", can you find the well-known fruits (in lower case) of the following ChaCha20 cipher streams:
+
+e47a2bfe646a
+ea783afc66
+e96924f16d6e
+
+
+What are the fruits?
+
+
+What can you say about the length of the cipher stream as related to the plaintext?
+
+
+How are we generating the key and what is the key length?
+
+
+
+What is the first two bytes of the key if we use a pass-phrase of “qwerty”?
+
+
+What is the salt used in the same code?
+
+
+How would you change the program so that the cipher stream was shown in in Base64?
+
+
+How many bits will the salt use? You may have to look at the node.js documentation on the method for this.
+
+
+
+### G.2
+RC4 is a standard stream cipher and can be used for light-weight cryptography. It can have a variable key size. The following is a node.js implementation:
+
+```javascript
+// RC4
+
+var crypto = require('crypto');
+
+var keyname="test";
+var plaintext = "testing";
+
+var args = process.argv;
+if (args.length>2) plaintext=args[2];
+if (args.length>3) keyname=args[3];
+
+var key = crypto.createHash('sha256').update(keyname).digest();
+
+var cipher = crypto.createCipheriv('rc4', key,'' );
+var ciphertext = cipher.update( plaintext, 'utf8', 'hex');
+console.log("Ciphertext:\t",ciphertext);
+
+
+var decipher = crypto.createDecipheriv('rc4', key,'' );
+var text = decipher.update( ciphertext, 'hex','utf8');
+console.log("Decipher:\t",text);
+```
+
+For a password of "napier", find out the fruits used for these RC4 cipher streams:
+
+
+8d1cc8bdf6da
+911adbb2e6dda57cdaad
+8907deba
+
+
+What are the fruits?
+
+
+What happens to the cipher when you add an IV (salt) string?
+
+
+
+For light-weight cryptography, what is the advantage of having a variable key size:
+
+
+
+How might we change the program to implement RC4 with a 128-bit key?
+
+
+
+
+
+## H Node.js for encryption
+Node.js can be used as a back-end encryption method. In the following we use the crypto module (which can be installed with “npm crypto”, if it has not been installed). The following defines a message, a passphrase and the encryption method.
+
+```javascript
+var crypto = require("crypto");
+
+
+function encryptText(algor, key, iv, text, encoding) {
+
+ var cipher = crypto.createCipheriv(algor, key, iv);
+
+ encoding = encoding || "binary";
+
+ var result = cipher.update(text, "utf8", encoding);
+ result += cipher.final(encoding);
+
+ return result;
+ }
+
+function decryptText(algor, key, iv, text, encoding) {
+
+ var decipher = crypto.createDecipheriv(algor, key, iv);
+
+ encoding = encoding || "binary";
+
+ var result = decipher.update(text, encoding);
+ result += decipher.final();
+
+ return result;
+ }
+
+
+var data = "This is a test";
+var password = "hello";
+var algorithm = "aes256"
+
+#const args = process.argv.slice(3);
+
+#data = args[0];
+#password = args[1];
+#algorithm = args[2];
+
+console.log("\nText:\t\t" + data);
+console.log("Password:\t" + password);
+console.log("Type:\t\t" + algorithm);
+
+var hash,key;
+
+if (algorithm.includes("256"))
+{
+ hash = crypto.createHash('sha256');
+ hash.update(password);
+
+
+
+ key = new Buffer.alloc(32,hash.digest('hex'),'hex');
+}
+else if (algorithm.includes("192"))
+{
+ hash = crypto.createHash('sha192');
+ hash.update(password);
+
+ key = new Buffer.alloc(24,hash.digest('hex'),'hex');
+}
+
+else if (algorithm.includes("128"))
+{
+ hash = crypto.createHash('md5');
+ hash.update(password);
+
+ key = new Buffer.alloc(16,hash.digest('hex'),'hex');
+}
+
+
+const iv=new Buffer.alloc(16,crypto.pseudoRandomBytes(16));
+
+console.log("Key:\t\t"+key.toString('base64'));
+console.log("Salt:\t\t"+iv.toString('base64'));
+
+var encText = encryptText(algorithm, key, iv, data, "base64");
+
+console.log("\n================");
+
+console.log("\nEncrypted:\t" + encText);
+
+var decText = decryptText(algorithm, key, iv, encText, "base64");
+
+console.log("\nDecrypted:\t" + decText);
+```
+
+Save the file as "h_01.js" and run the program with:
+
+
+node h_01.js
+
+
+Now complete the following table:
+
+Text Pass phrase Type Ciphertext and salt (just define first four characters of each)
+
+This is a test hello Aes128
+
+France Qwerty123 Aes192
+
+Germany Testing123 Aes256
+
+
+
+Now reset the IV (the salt value) to an empty string (“”), and complete the table:
+
+Text Pass phrase Type Ciphertext
+
+This is a test hello Aes128
+
+France Qwerty123 Aes192
+
+Germany Testing123 Aes256
+
+
+Does the ciphertext change when we have a fixed IV value?
+
+
+Using an Internet search, list ten other encryption algorithms which can be used with createCipheriv:
+
+
+
+
+
+## I Reflective questions
+1. If we have five ‘a’ values (“aaaaa”). What will be the padding value used for 256-bit AES with CMS:
+
+
+
+
+
+2. If we have six ‘a’ values (“aaaaaa”). What will be the hex values used for the plain text:
+
+
+
+
+
+3. The following cipher text is 256-bit AES ECB for a number of spaces (0x20):
+
+
+
+What can you observe from the cipher text:
+
+
+
+What is the range that is possible for the number of spaces which have been used:
+
+
+
+How might you crack a byte stream sequence like this:
+
+
+
+
+
+4. For ChaCha20, we only generate a key stream. How is the ciphertext then created:
+
+
+
+
+
+## J What I should have learnt from this lab?
+The key things learnt:
+
+• How to encrypt and decrypt with symmetric key encryption, and where we use a passphrase to generate the encryption key.
+• How padding is used within the encryption and decryption processes.
+• The core difference between a block cipher and a stream cipher.
+
+## Notes
+The code can be downloaded from:
+
+git clone https://github.com/billbuchanan/esecurity
+
+If you need to update the code, go into the esecurity folder, and run:
+
+git pull
+
+To install a Python library use:
+
+pip install libname
+
+To install a Node.js package, use:
+
+npm install libname
+
+## Possible solutions
+Have a look at: https://github.com/billbuchanan/esecurity/blob/master/unit02_symmetric/lab/possible_ans.md
+
diff --git a/unit02_symmetric/lab/new_lab02.docx b/unit02_symmetric/lab/new_lab02.docx
new file mode 100644
index 0000000..fab9ca2
Binary files /dev/null and b/unit02_symmetric/lab/new_lab02.docx differ
diff --git a/unit02_symmetric/lab/new_lab02.pdf b/unit02_symmetric/lab/new_lab02.pdf
new file mode 100644
index 0000000..df4ec89
Binary files /dev/null and b/unit02_symmetric/lab/new_lab02.pdf differ
diff --git a/unit02_symmetric/lab/possible_ans.md b/unit02_symmetric/lab/possible_ans.md
new file mode 100644
index 0000000..3da258d
--- /dev/null
+++ b/unit02_symmetric/lab/possible_ans.md
@@ -0,0 +1,674 @@
+
+
+
+Commands in Section A:
+
+* openssl list-cipher-commands
+* openssl version
+* openssl prime –hex 1111
+* openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin
+* openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin –base64
+* openssl enc -d -aes-256-cbc -in encrypted.bin -pass pass:napier -base64
+## A.1
+
diff --git a/unit02_symmetric/lecture/README.md b/unit02_symmetric/lecture/README.md
new file mode 100644
index 0000000..5dbcbda
--- /dev/null
+++ b/unit02_symmetric/lecture/README.md
@@ -0,0 +1,31 @@
+
+# 2. Symmetric Key Encryption
+
+## Outline
+The key concepts involved in this unit are:
+
+* Defining key entropy;
+* Key generators (such as using hashing methods to generate keys based on passphrases);
+* Symmetric key methods (AES, Twofish, 3DES, RC4 and ChaCha20);
+* Stream or block encryption;
+* Symmetric key modes (ECB/CBC/OFB);
+* Salting/IV.
+
+
+## Presentations
+
+* Week 2 Presentation (PDF) - Symmetric Key Encryption: [here](https://asecuritysite.com/public/chapter02_secret.pdf)
+* Week 2 Presentation (Video) - Symmetric Key Encryption [here](https://youtu.be/nLRV34K3xIo)
+* Week 2 Presentation (Lecture - Video) - Symmetric Key Encryption: [here](https://youtu.be/CCOt8Xk3ZVU). Recorded on Friday 24 Jan 2020.
+
+
+## Videos
+The voice over lecture is here:
+
+[](https://www.youtube.com/watch?v=nLRV34K3xIo "")
+
+And the classroom lecture from 24 Jan 2020 is here:
+
+[](https://www.youtube.com/watch?v=CCOt8Xk3ZVU "")
+
+
diff --git a/unit02_symmetric/lecture/chapter02_secret.key b/unit02_symmetric/lecture/chapter02_secret.key
new file mode 100644
index 0000000..9ac4656
Binary files /dev/null and b/unit02_symmetric/lecture/chapter02_secret.key differ
diff --git a/unit02_symmetric/lecture/chapter02_secret.pdf b/unit02_symmetric/lecture/chapter02_secret.pdf
new file mode 100644
index 0000000..bb846c6
Binary files /dev/null and b/unit02_symmetric/lecture/chapter02_secret.pdf differ
diff --git a/unit02_symmetric/lecture/chapter02_secret.pptx b/unit02_symmetric/lecture/chapter02_secret.pptx
new file mode 100644
index 0000000..1ed86f0
Binary files /dev/null and b/unit02_symmetric/lecture/chapter02_secret.pptx differ
diff --git a/unit02_symmetric/src/README.md b/unit02_symmetric/src/README.md
new file mode 100644
index 0000000..e0efa3d
--- /dev/null
+++ b/unit02_symmetric/src/README.md
@@ -0,0 +1 @@
+
diff --git a/unit02_symmetric/src/a_01.txt b/unit02_symmetric/src/a_01.txt
new file mode 100644
index 0000000..d2e167c
--- /dev/null
+++ b/unit02_symmetric/src/a_01.txt
@@ -0,0 +1,2 @@
+openssl list-cipher-commands
+openssl version
diff --git a/unit02_symmetric/src/a_02.txt b/unit02_symmetric/src/a_02.txt
new file mode 100644
index 0000000..083c85a
--- /dev/null
+++ b/unit02_symmetric/src/a_02.txt
@@ -0,0 +1 @@
+openssl prime -hex 1111
diff --git a/unit02_symmetric/src/a_03.txt b/unit02_symmetric/src/a_03.txt
new file mode 100644
index 0000000..2d45960
--- /dev/null
+++ b/unit02_symmetric/src/a_03.txt
@@ -0,0 +1 @@
+openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin
\ No newline at end of file
diff --git a/unit02_symmetric/src/a_04.txt b/unit02_symmetric/src/a_04.txt
new file mode 100644
index 0000000..a10e87f
--- /dev/null
+++ b/unit02_symmetric/src/a_04.txt
@@ -0,0 +1 @@
+openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin base64
\ No newline at end of file
diff --git a/unit02_symmetric/src/a_05.txt b/unit02_symmetric/src/a_05.txt
new file mode 100644
index 0000000..a10e87f
--- /dev/null
+++ b/unit02_symmetric/src/a_05.txt
@@ -0,0 +1 @@
+openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin base64
\ No newline at end of file
diff --git a/unit02_symmetric/src/a_06.txt b/unit02_symmetric/src/a_06.txt
new file mode 100644
index 0000000..7d4b2c9
--- /dev/null
+++ b/unit02_symmetric/src/a_06.txt
@@ -0,0 +1 @@
+openssl enc -d -aes-256-cbc -in encrypted.bin -pass pass:napier -base64
\ No newline at end of file
diff --git a/unit02_symmetric/src/d_01.py b/unit02_symmetric/src/d_01.py
new file mode 100644
index 0000000..25989f2
--- /dev/null
+++ b/unit02_symmetric/src/d_01.py
@@ -0,0 +1,5 @@
+import passlib.hash;
+string="hello"
+print ("LM Hash:"+passlib.hash.lmhash.encrypt(string))
+print ("NT Hash:"+passlib.hash.nthash.encrypt(string))
+
diff --git a/unit02_symmetric/src/f_01.py b/unit02_symmetric/src/f_01.py
new file mode 100644
index 0000000..fec9894
--- /dev/null
+++ b/unit02_symmetric/src/f_01.py
@@ -0,0 +1,36 @@
+from Crypto.Cipher import AES
+import hashlib
+import sys
+import binascii
+import Padding
+
+val='hello'
+password='hello'
+
+plaintext=val
+
+def encrypt(plaintext,key, mode):
+ encobj = AES.new(key,mode)
+ return(encobj.encrypt(plaintext))
+
+def decrypt(ciphertext,key, mode):
+ encobj = AES.new(key,mode)
+ return(encobj.decrypt(ciphertext))
+
+key = hashlib.sha256(password.encode()).digest()
+
+
+plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='CMS')
+
+print("After padding (CMS): ",binascii.hexlify(bytearray(plaintext.encode())))
+
+ciphertext = encrypt(plaintext.encode(),key,AES.MODE_ECB)
+print("Cipher (ECB): ",binascii.hexlify(bytearray(ciphertext)))
+
+plaintext = decrypt(ciphertext,key,AES.MODE_ECB)
+
+plaintext = Padding.removePadding(plaintext.decode(),mode='CMS')
+print(" decrypt: ",plaintext)
+
+plaintext=val
+
diff --git a/unit02_symmetric/src/g_01.js b/unit02_symmetric/src/g_01.js
new file mode 100644
index 0000000..1c6c5e5
--- /dev/null
+++ b/unit02_symmetric/src/g_01.js
@@ -0,0 +1,20 @@
+var chacha20 = require("chacha20");
+var crypto = require('crypto');
+
+var keyname="test";
+var plaintext = "testing";
+
+var args = process.argv;
+if (args.length>2) plaintext=args[2];
+if (args.length>3) keyname=args[3];
+
+var key = crypto.createHash('sha256').update(keyname).digest();
+
+var nonce = new Buffer.alloc(8);
+nonce.fill(0);
+
+console.log( key);
+
+var ciphertext = chacha20.encrypt(key, nonce, new Buffer.from(plaintext));
+console.log("Ciphertext:\t",ciphertext.toString("hex"));
+console.log("Decipher\t",chacha20.decrypt(key, nonce, ciphertext).toString());
diff --git a/unit02_symmetric/src/g_02.js b/unit02_symmetric/src/g_02.js
new file mode 100644
index 0000000..3223676
--- /dev/null
+++ b/unit02_symmetric/src/g_02.js
@@ -0,0 +1,21 @@
+// RC4
+
+var crypto = require('crypto');
+
+var keyname="test";
+var plaintext = "testing";
+
+var args = process.argv;
+if (args.length>1) plaintext=args[2];
+if (args.length>2) keyname=args[3];
+
+var key = crypto.createHash('sha256').update(keyname).digest();
+
+var cipher = crypto.createCipheriv('rc4', key,'' );
+var ciphertext = cipher.update( plaintext, 'utf8', 'hex');
+console.log("Ciphertext:\t",ciphertext);
+
+
+var decipher = crypto.createDecipheriv('rc4', key,'' );
+var text = decipher.update( ciphertext, 'hex','utf8');
+console.log("Decipher:\t",text);
diff --git a/unit02_symmetric/src/g_03.js b/unit02_symmetric/src/g_03.js
new file mode 100644
index 0000000..8d8229c
--- /dev/null
+++ b/unit02_symmetric/src/g_03.js
@@ -0,0 +1,155 @@
+ var Chacha20KeySize = 32;
+ var Chacha20NonceSize = 8;
+
+
+ key = '0000000000000000000000000000000000000000000000000000000000000000';
+
+ nce = '0000000000000000';
+
+ document.getElementById("val1").innerHTML = nce;
+ document.getElementById("key").innerHTML = key;
+
+ go();
+
+
+ function go() {
+
+ n = document.getElementById('val1').value;
+ k = document.getElementById('key').value;
+
+ document.getElementById("encrypted").innerHTML = "Key:\t" + k;
+ document.getElementById("encrypted").innerHTML += "\nNouce:\t" + n;
+
+ n = from_Hex(n);
+ k = from_Hex(k);
+
+
+ var ctx, out;
+
+ out = new Array(k.length);
+
+ ctx = chacha20_init(k, n);
+
+ chacha20_keystream(ctx, out, out, k.length);
+
+ document.getElementById("encrypted").innerHTML += "\n---\nKey generation: " + bytes2hex(out);
+
+
+ }
+
+
+
+
+ var Chacha20Ctx = function () {
+ this.input = new Array(16);
+ };
+
+ function load32(x, i) {
+ return x[i] | (x[i + 1] << 8) | (x[i + 2] << 16) | (x[i + 3] << 24);
+ }
+
+ function store32(x, i, u) {
+ x[i] = u & 0xff; u >>>= 8;
+ x[i + 1] = u & 0xff; u >>>= 8;
+ x[i + 2] = u & 0xff; u >>>= 8;
+ x[i + 3] = u & 0xff;
+ }
+
+ function rotl32(v, c) {
+ return (v << c) | (v >>> (32 - c));
+ }
+
+ function chacha20_round(x, a, b, c, d) {
+ x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16);
+ x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12);
+ x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 8);
+ x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 7);
+ }
+
+ function chacha20_init(key, nonce) {
+ var x = new Chacha20Ctx();
+
+ x.input[0] = 1634760805;
+ x.input[1] = 857760878;
+ x.input[2] = 2036477234;
+ x.input[3] = 1797285236;
+ x.input[12] = 0;
+ x.input[13] = 0;
+ x.input[14] = load32(nonce, 0);
+ x.input[15] = load32(nonce, 4);
+
+ for (var i = 0; i < 8; i++) {
+ x.input[i + 4] = load32(key, i * 4);
+ }
+ return x;
+ }
+
+ function chacha20_keystream(ctx, dst, src, len) {
+ var x = new Array(16);
+ var buf = new Array(64);
+ var i = 0, dpos = 0, spos = 0;
+
+ while (len > 0) {
+ for (i = 16; i--;) x[i] = ctx.input[i];
+ for (i = 20; i > 0; i -= 2) {
+ chacha20_round(x, 0, 4, 8, 12);
+ chacha20_round(x, 1, 5, 9, 13);
+ chacha20_round(x, 2, 6, 10, 14);
+ chacha20_round(x, 3, 7, 11, 15);
+ chacha20_round(x, 0, 5, 10, 15);
+ chacha20_round(x, 1, 6, 11, 12);
+ chacha20_round(x, 2, 7, 8, 13);
+ chacha20_round(x, 3, 4, 9, 14);
+ }
+ for (i = 16; i--;) x[i] += ctx.input[i];
+ for (i = 16; i--;) store32(buf, 4 * i, x[i]);
+
+ ctx.input[12] += 1;
+ if (!ctx.input[12]) {
+ ctx.input[13] += 1;
+ }
+ if (len <= 64) {
+ for (i = len; i--;) {
+ dst[i + dpos] = src[i + spos] ^ buf[i];
+ }
+ return;
+ }
+ for (i = 64; i--;) {
+ dst[i + dpos] = src[i + spos] ^ buf[i];
+ }
+ len -= 64;
+ spos += 64;
+ dpos += 64;
+ }
+ }
+
+ //--------------------------- test -----------------------------//
+ function bytes2hex(blk, dlm) {
+ return Array.prototype.map.call(new Uint8Array(blk.buffer || blk),
+ function (s) { return ('00' + s.toString(16)).slice(-2); }).join(dlm || '');
+ }
+ function from_Hex(h) {
+
+ h.replace(' ', '');
+ var out = [], len = h.length, w = '';
+ for (var i = 0; i < len; i += 2) {
+ w = h[i];
+ if (((i + 1) >= len) || typeof h[i + 1] === 'undefined') {
+ w += '0';
+ } else {
+ w += h[i + 1];
+ }
+ out.push(parseInt(w, 16));
+ }
+ return out;
+ }
+
+ function bytesEqual(a, b) {
+ var dif = 0;
+ if (a.length !== b.length) return 0;
+ for (var i = 0; i < a.length; i++) {
+ dif |= (a[i] ^ b[i]);
+ }
+ dif = (dif - 1) >>> 31;
+ return (dif & 1);
+ }
\ No newline at end of file
diff --git a/unit02_symmetric/src/h_01.js b/unit02_symmetric/src/h_01.js
new file mode 100644
index 0000000..5d5579d
--- /dev/null
+++ b/unit02_symmetric/src/h_01.js
@@ -0,0 +1,84 @@
+var crypto = require("crypto");
+
+
+function encryptText(algor, key, iv, text, encoding) {
+
+ var cipher = crypto.createCipheriv(algor, key, iv);
+
+ encoding = encoding || "binary";
+
+ var result = cipher.update(text, "utf8", encoding);
+ result += cipher.final(encoding);
+
+ return result;
+ }
+
+function decryptText(algor, key, iv, text, encoding) {
+
+ var decipher = crypto.createDecipheriv(algor, key, iv);
+
+ encoding = encoding || "binary";
+
+ var result = decipher.update(text, encoding);
+ result += decipher.final();
+
+ return result;
+ }
+
+
+var data = "This is a test";
+var password = "hello";
+var algorithm = "aes256"
+
+//const args = process.argv.slice(3);
+
+//data = args[0];
+//password = args[1];
+//algorithm = args[2];
+
+console.log("\nText:\t\t" + data);
+console.log("Password:\t" + password);
+console.log("Type:\t\t" + algorithm);
+
+var hash,key;
+
+if (algorithm.includes("256"))
+{
+ hash = crypto.createHash('sha256');
+ hash.update(password);
+
+
+
+ key = new Buffer.alloc(32,hash.digest('hex'),'hex');
+}
+else if (algorithm.includes("192"))
+{
+ hash = crypto.createHash('sha192');
+ hash.update(password);
+
+ key = new Buffer.alloc(24,hash.digest('hex'),'hex');
+}
+
+else if (algorithm.includes("128"))
+{
+ hash = crypto.createHash('md5');
+ hash.update(password);
+
+ key = new Buffer.alloc(16,hash.digest('hex'),'hex');
+}
+
+
+const iv=new Buffer.alloc(16,crypto.pseudoRandomBytes(16));
+
+console.log("Key:\t\t"+key.toString('base64'));
+console.log("Salt:\t\t"+iv.toString('base64'));
+
+var encText = encryptText(algorithm, key, iv, data, "base64");
+
+console.log("\n================");
+
+console.log("\nEncrypted:\t" + encText);
+
+var decText = decryptText(algorithm, key, iv, encText, "base64");
+
+console.log("\nDecrypted:\t" + decText);
diff --git a/unit02_symmetric/src/node_modules/chacha20/.npmignore b/unit02_symmetric/src/node_modules/chacha20/.npmignore
new file mode 100644
index 0000000..3c3629e
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/.npmignore
@@ -0,0 +1 @@
+node_modules
diff --git a/unit02_symmetric/src/node_modules/chacha20/.travis.yml b/unit02_symmetric/src/node_modules/chacha20/.travis.yml
new file mode 100644
index 0000000..be5fc7c
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+ - "0.10"
+ - "0.12"
+ - "4"
+
diff --git a/unit02_symmetric/src/node_modules/chacha20/Makefile b/unit02_symmetric/src/node_modules/chacha20/Makefile
new file mode 100644
index 0000000..459b1d3
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/Makefile
@@ -0,0 +1,4 @@
+test:
+ ./node_modules/.bin/mocha --reporter list
+
+.PHONY: test
\ No newline at end of file
diff --git a/unit02_symmetric/src/node_modules/chacha20/README.md b/unit02_symmetric/src/node_modules/chacha20/README.md
new file mode 100644
index 0000000..97fddab
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/README.md
@@ -0,0 +1,24 @@
+Pure javascript implementation of [ChaCha20](http://cr.yp.to/chacha.html) originally written by [@devi](https://github.com/devi/chacha20poly1305) supporting [draft-irtf-cfrg-chacha20-poly1305-01](https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-01).
+
+Being packaged here as a simple node.js and browserify module.
+
+## Usage
+
+````
+var chacha20 = require("chacha20");
+
+var key = new Buffer(32);
+key.fill(0);
+var nonce = new Buffer(8);
+nonce.fill(0);
+
+var plaintext = "testing";
+// pass in buffers, returns a buffer
+var ciphertext = chacha20.encrypt(key, nonce, new Buffer(plaintext));
+console.log(ciphertext.toString("hex")); // prints "02dd93d9c99f5a"
+console.log(chacha20.decrypt(key, nonce, ciphertext).toString()); // prints "testing"
+````
+
+## Nonce Size
+
+The handling of the nonce differs between the [reference](http://cr.yp.to/chacha.html) and [IETF Draft](https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-01#section-2.3), where the reference uses an 8-byte nonce and the draft uses a 12-byte one with the first 4 bytes being a `sender` unique identifier. Passing a difference nonce buffer size will choose either mode.
\ No newline at end of file
diff --git a/unit02_symmetric/src/node_modules/chacha20/chacha20.js b/unit02_symmetric/src/node_modules/chacha20/chacha20.js
new file mode 100644
index 0000000..e9247bd
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/chacha20.js
@@ -0,0 +1,116 @@
+/* chacha20 - 256 bits */
+
+// Written in 2014 by Devi Mandiri. Public domain.
+//
+// Implementation derived from chacha-ref.c version 20080118
+// See for details: http://cr.yp.to/chacha/chacha-20080128.pdf
+
+function U8TO32_LE(x, i) {
+ return x[i] | (x[i+1]<<8) | (x[i+2]<<16) | (x[i+3]<<24);
+}
+
+function U32TO8_LE(x, i, u) {
+ x[i] = u; u >>>= 8;
+ x[i+1] = u; u >>>= 8;
+ x[i+2] = u; u >>>= 8;
+ x[i+3] = u;
+}
+
+function ROTATE(v, c) {
+ return (v << c) | (v >>> (32 - c));
+}
+
+var Chacha20 = function(key, nonce, counter) {
+ this.input = new Uint32Array(16);
+
+ // https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-01#section-2.3
+ this.input[0] = 1634760805;
+ this.input[1] = 857760878;
+ this.input[2] = 2036477234;
+ this.input[3] = 1797285236;
+ this.input[4] = U8TO32_LE(key, 0);
+ this.input[5] = U8TO32_LE(key, 4);
+ this.input[6] = U8TO32_LE(key, 8);
+ this.input[7] = U8TO32_LE(key, 12);
+ this.input[8] = U8TO32_LE(key, 16);
+ this.input[9] = U8TO32_LE(key, 20);
+ this.input[10] = U8TO32_LE(key, 24);
+ this.input[11] = U8TO32_LE(key, 28);
+ // be compatible with the reference ChaCha depending on the nonce size
+ if(nonce.length == 12)
+ {
+ this.input[12] = counter;
+ this.input[13] = U8TO32_LE(nonce, 0);
+ this.input[14] = U8TO32_LE(nonce, 4);
+ this.input[15] = U8TO32_LE(nonce, 8);
+ }else{
+ this.input[12] = counter;
+ this.input[13] = 0;
+ this.input[14] = U8TO32_LE(nonce, 0);
+ this.input[15] = U8TO32_LE(nonce, 4);
+
+ }
+};
+
+Chacha20.prototype.quarterRound = function(x, a, b, c, d) {
+ x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16);
+ x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12);
+ x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 8);
+ x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 7);
+};
+
+Chacha20.prototype.encrypt = function(dst, src, len) {
+ var x = new Uint32Array(16);
+ var output = new Uint8Array(64);
+ var i, dpos = 0, spos = 0;
+
+ while (len > 0 ) {
+ for (i = 16; i--;) x[i] = this.input[i];
+ for (i = 20; i > 0; i -= 2) {
+ this.quarterRound(x, 0, 4, 8,12);
+ this.quarterRound(x, 1, 5, 9,13);
+ this.quarterRound(x, 2, 6,10,14);
+ this.quarterRound(x, 3, 7,11,15);
+ this.quarterRound(x, 0, 5,10,15);
+ this.quarterRound(x, 1, 6,11,12);
+ this.quarterRound(x, 2, 7, 8,13);
+ this.quarterRound(x, 3, 4, 9,14);
+ }
+ for (i = 16; i--;) x[i] += this.input[i];
+ for (i = 16; i--;) U32TO8_LE(output, 4*i, x[i]);
+
+ this.input[12] += 1;
+ if (!this.input[12]) {
+ this.input[13] += 1;
+ }
+ if (len <= 64) {
+ for (i = len; i--;) {
+ dst[i+dpos] = src[i+spos] ^ output[i];
+ }
+ return;
+ }
+ for (i = 64; i--;) {
+ dst[i+dpos] = src[i+spos] ^ output[i];
+ }
+ len -= 64;
+ spos += 64;
+ dpos += 64;
+ }
+};
+
+Chacha20.prototype.keystream = function(dst, len) {
+ for (var i = 0; i < len; ++i) dst[i] = 0;
+ this.encrypt(dst, dst, len);
+};
+
+// additions to make it easier and export it as a module
+
+exports.Cipher = Chacha20;
+
+exports.encrypt = exports.decrypt = function(key, nonce, data)
+{
+ var cipher = new Chacha20(key, nonce);
+ var ret = new Buffer(data.length);
+ cipher.encrypt(ret, data, data.length);
+ return ret;
+}
\ No newline at end of file
diff --git a/unit02_symmetric/src/node_modules/chacha20/package.json b/unit02_symmetric/src/node_modules/chacha20/package.json
new file mode 100644
index 0000000..eb42b9a
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/package.json
@@ -0,0 +1,71 @@
+{
+ "_from": "chacha20",
+ "_id": "chacha20@0.1.4",
+ "_inBundle": false,
+ "_integrity": "sha1-CuFHSawjxESRL9xIKWhGFkn2nhg=",
+ "_location": "/chacha20",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "tag",
+ "registry": true,
+ "raw": "chacha20",
+ "name": "chacha20",
+ "escapedName": "chacha20",
+ "rawSpec": "",
+ "saveSpec": null,
+ "fetchSpec": "latest"
+ },
+ "_requiredBy": [
+ "#USER",
+ "/"
+ ],
+ "_resolved": "https://registry.npmjs.org/chacha20/-/chacha20-0.1.4.tgz",
+ "_shasum": "0ae14749ac23c444912fdc482968461649f69e18",
+ "_spec": "chacha20",
+ "_where": "/Users/billbuchanan/Dropbox/csn11117/2020/unit02_symmetric/src",
+ "author": {
+ "name": "Devi Mandiri",
+ "email": "me@devi.web.id",
+ "url": "https://github.com/devi"
+ },
+ "bugs": {
+ "url": "https://github.com/quartzjer/chacha20/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {},
+ "deprecated": false,
+ "description": "A pure JavaScript implementation of the ChaCha20 cipher",
+ "devDependencies": {
+ "chai": "*",
+ "mocha": "*"
+ },
+ "engines": {
+ "node": ">=0.10.x",
+ "npm": ">=1.2.x"
+ },
+ "homepage": "https://github.com/quartzjer/chacha20",
+ "keywords": [
+ "chacha",
+ "chacha20",
+ "salsa20",
+ "browserify"
+ ],
+ "license": "CC0-1.0",
+ "main": "chacha20.js",
+ "maintainers": [
+ {
+ "name": "Jeremie Miller",
+ "email": "jeremie@jabber.org",
+ "url": "http://jeremie.com/"
+ }
+ ],
+ "name": "chacha20",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/quartzjer/chacha20.git"
+ },
+ "scripts": {
+ "test": "mocha"
+ },
+ "version": "0.1.4"
+}
diff --git a/unit02_symmetric/src/node_modules/chacha20/test/chacha20.js b/unit02_symmetric/src/node_modules/chacha20/test/chacha20.js
new file mode 100644
index 0000000..7a4686f
--- /dev/null
+++ b/unit02_symmetric/src/node_modules/chacha20/test/chacha20.js
@@ -0,0 +1,263 @@
+var expect = require('chai').expect;
+var chacha20 = require('..');
+
+
+describe('chacha20', function(){
+
+ it('exports an object', function(){
+ expect(chacha20).to.be.a('object');
+ });
+
+ it('reference tests', function(){
+ var key = new Buffer(32);
+ key.fill(0);
+ var nonce = new Buffer(8);
+ nonce.fill(0);
+ var data = "\0\0\0\0\0\0\0\0\0"; // 9
+ var out = chacha20.encrypt(key, nonce, new Buffer(data));
+ expect(out.toString('hex')).to.be.equal("76b8e0ada0f13d9040");
+ expect(chacha20.decrypt(key, nonce, out).toString()).to.be.equal(data);
+
+ key.fill(0xff);
+ nonce.fill(0xff);
+ var ff = new Buffer(9);
+ ff.fill(0xff);
+ var out = chacha20.encrypt(key, nonce, ff);
+ expect(out.toString('hex')).to.be.equal("2640c09431912f4abd");
+ expect(chacha20.decrypt(key, nonce, out).toString("hex")).to.be.equal(ff.toString("hex"));
+ });
+
+ it('draft tests', function(){
+ var key = new Buffer(32);
+ key.fill(0);
+ var nonce = new Buffer(12);
+ nonce.fill(0);
+ var data = "\0\0\0\0\0\0\0\0\0"; // 9
+ var out = chacha20.encrypt(key, nonce, new Buffer(data));
+ expect(out.toString('hex')).to.be.equal("76b8e0ada0f13d9040");
+ expect(chacha20.decrypt(key, nonce, out).toString()).to.be.equal(data);
+
+ key.fill(0xff);
+ nonce.fill(0xff);
+ var ff = new Buffer(9);
+ ff.fill(0xff);
+ var out = chacha20.encrypt(key, nonce, ff);
+ expect(out.toString('hex')).to.be.equal("2919cb6a15012803c4");
+ expect(chacha20.decrypt(key, nonce, out).toString("hex")).to.be.equal(ff.toString("hex"));
+ });
+
+ it('original tests', function(){
+ var Chacha20 = chacha20.Cipher;
+
+ //--------------------------- test -----------------------------//
+ function fromHex(h) {
+ h = h.replace(/([^0-9a-f])/g, '');
+ var out = [], len = h.length, w = '';
+ for (var i = 0; i < len; i += 2) {
+ w = h[i];
+ if (((i+1) >= len) || typeof h[i+1] === 'undefined') {
+ w += '0';
+ } else {
+ w += h[i+1];
+ }
+ out.push(parseInt(w, 16));
+ }
+ return out;
+ }
+
+ function bytesEqual(a, b) {
+ var dif = 0;
+ if (a.length !== b.length) return 0;
+ for (var i = 0; i < a.length; i++) {
+ dif |= (a[i] ^ b[i]);
+ }
+ dif = (dif - 1) >>> 31;
+ return (dif & 1);
+ }
+
+ function printHex(num, len, padlen, block) {
+ var ret = '', pad = '', i;
+ for (i=0; i
+03CF54D8CE19777B12732B8C50B3B66F
+D586293D554981ED611AB7B01316D2D5
+48E935332AADEC763F2C82CDB4601A25
+EE19033300A54DF2FA41DB9881B4B723
+
+
+03CF5: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+D5862: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+48E93: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+EE190: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+### A.2
+Repeat Part 1, but now use openssl, such as:
+
+
+echo -n 'Falkirk' | openssl md5
+
+
+03CF5: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+D5862: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+48E93: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+EE190: Is it [Falkirk][Edinburgh][Glasgow][Stirling]?
+
+
+### A.3
+
+Using:
+
+Web link (Hashing): http://asecuritysite.com/encryption/md5
+
+Determine the number of hex characters in the following hash signatures.
+
+MD5 hex chars:
+
+SHA-1 hex chars:
+
+SHA-256 hex chars:
+
+SHA-384 hex chars:
+
+SHA-512 hex chars:
+
+How does the number of hex characters relate to the length of the hash signature:
+
+
+### A.4
+For the following /etc/shadow file, determine the matching password:
+
+
+Which file(s) have been modified?
+
+### A.6
+From Ubuntu, download the following ZIP file:
+
+Web link (PS Files): http://asecuritysite.com/letters.zip
+
+On your Ubuntu instance, you should be able to view the files by double clicking on them in the file explorer (as you should have a PostScript viewer installed).
+
+Do the files have different contents?
+
+
+
+Now determine the MD5 signature for them. What can you observe from the result?
+
+
+
+## B Hash Cracking (Hashcat)
+
+### B.1
+Run the hashcat benchmark (eg hashcat –b -m 0), and complete the following:
+
+Hash rate for MD5:
+
+Hash rate for SHA-1:
+
+Hash rate for SHA-256:
+
+Hash rate for APR1:
+
+### B.2
+On Ubuntu, next create a word file (words) with the words of “napier”, “password” “Ankle123” and “inkwell”
+
+Using hashcat crack the following MD5 signatures (hash1):
+
+
+
+232DD...634C Is it [napier][password][Ankle123][inkwell]?
+
+5F4DC...CF99 Is it [napier][password][Ankle123][inkwell]?
+
+6D587...5FF5 Is it [napier][password][Ankle123][inkwell]?
+
+04013...698D Is it [napier][password][Ankle123][inkwell]?
+
+### B.3
+Using the method used in the first part of this tutorial, find crack the following for names of fruits (the fruits are all in lowercase):
+
+
+FE01D:
+
+1F387:
+
+72B30:
+
+8893D:
+
+88956:
+
+### B.4
+We have hashed a SHA-256 value of the following and put it into a file named
+file.txt:
+
+
+By adding a word of “help” in a word file of words.txt, prove that the following cracks the hash (where file.txt contains the hashed value):
+
+hashcat -m 1400 file.txt words.txt
+
+### B.5
+The following is an NTLM hash, for “help”:
+
+
+0333c27eb4b9401d91fef02a9f74840e
+
+
+Prove that the following can crack the hash (where file.txt contains the hashed value):
+
+hashcat -m 1000 file.txt words.txt
+
+
+### B.6
+Now crack the following Scottish football teams (all are single words):
+
+
+
+Words:
+
+Number of tests for each sequence tried:
+
+
+What happens when you take the “--increment” flag away?
+
+
+
+## B.8
+We can focus on given letters, such as where we add a letter or a digit at the end:
+
+hashcat -a 3 -m 1000 file.txt password?l
+hashcat -a 3 -m 1000 file.txt password?u
+hashcat -a 3 -m 1000 file.txt password?d
+
+
+Note: Remember to try both MD5 (0) and NTLM hash (1000).
+
+Words:
+
+
+Number of tests for each:
+
+
+
+## C Hashing Cracking (John The Ripper)
+All of the passwords in this section are in lowercase.
+
+
+### C.1
+On Ubuntu, and using John the Ripper, and using a word list with the names of fruits, crack the following pwdump passwords:
+
+
+Fred:
+
+Bert:
+
+Admin:
+
+## D LM Hash
+The LM Hash is used in Microsoft Windows. For example, for LM Hash:
+
+hashme gives: FA-91-C4-FD-28-A2-D2-57-AA-D3-B4-35-B5-14-04-EE
+
+network gives: D7-5A-34-5D-5D-20-7A-00-AA-D3-B4-35-B5-14-04-EE
+
+napier gives: 12-B9-C5-4F-6F-E0-EC-80-AA-D3-B4-35-B5-14-04-EE
+
+Notice that the right-most element of the hash are always the same, if the password is less than eight characters. With more than eight characters we get:
+
+networksims gives: D7-5A-34-5D-5D-20-7A-00-38-32-A0-DB-BA-51-68-07
+
+napier123 gives: 67-82-2A-34-ED-C7-48-92-B7-5E-0C-8D-76-95-4A-50
+
+For “hello” we get:
+
+
+We can check these with a Python script:
+```python
+import passlib.hash;
+string="hello"
+print "LM Hash:"+passlib.hash.lmhash.encrypt(string)
+print "NT Hash:"+passlib.hash.nthash.encrypt(string)
+```
+
+which gives:
+
+LM Hash:fda95fbeca288d44aad3b435b51404ee
+NT Hash:066ddfd4ef0e9cd7c256fe77191ef43c
+
+Web link (LM Hash): http://asecuritysite.com/encryption/lmhash
+
+
+### D.1
+
+Create a Python script to determine the LM hash and NTLM hash of the following words:
+
+“Napier”
+
+“Foxtrot”
+
+
+## E APR1
+The Apache-defined APR1 format addresses the problems of brute forcing an MD5 hash, and basically iterates over the hash value 1,000 times. This considerably slows an intruder as they try to crack the hashed value. The resulting hashed string contains “$apr1$” to identify it and uses a 32-bit salt value. We can use both htpassword and Openssl to compute the hashed string (where “bill” is the user and “hello” is the password):
+
+
+
+We can also create a simple Python program with the passlib library, and add the same salt as the example above:
+```python
+import passlib.hash;
+
+salt="PkWj6gM4"
+string="hello"
+print "APR1:"+passlib.hash.apr_md5_crypt.encrypt(string, salt=salt)
+```
+
+We can created a simple Python program with the passlib library, and add the same salt as the example above:
+
+APR1:$apr1$PkWj6gM4$XGWpADBVPyypjL/cL0XMc1
+
+
+Refer to: http://asecuritysite.com/encryption/apr1
+
+### E.1
+Create a Python script to create the APR1 hash for the following:
+
+Prove them against on-line APR1 generator (or from the page given above).
+
+“changeme”:
+
+“123456”:
+
+“password”
+
+## F SHA
+While APR1 has a salted value, the SHA-1 hash does not have a salted value. It produces a 160-bit signature, thus can contain a larger set of hashed value than MD5, but because there is no salt it can be cracked to rainbow tables, and also brute force. The format for the storage of the hashed password on Linux systems is:
+
+
+# htpasswd -nbs bill hello
+bill:{SHA}qvTGHdzF6KLavt4PO0gs2a6pQ00=
+
+
+We can also generate salted passwords with crypt, and can use the Python script of:
+```python
+import passlib.hash;
+salt="8sFt66rZ"
+string="hello"
+print "SHA1:"+passlib.hash.sha1_crypt.encrypt(string, salt=salt)
+print "SHA256:"+passlib.hash.sha256_crypt.encrypt(string, salt=salt)
+print "SHA512:"+passlib.hash.sha512_crypt.encrypt(string, salt=salt)
+```
+
+SHA-512 salts start with $6$ and are up to 16 chars long.
+
+SHA-256 salts start with $5$ and are up to 16 chars long.
+
+Which produces:
+
+
+### F.1 Create a Python script to create the SHA hash for the following:
+
+Prove them against on-line SHA generator (or from the page given above).
+
+“changeme”:
+
+“123456”:
+
+“password”
+
+## G PBKDF2
+PBKDF2 (Password-Based Key Derivation Function 2) is defined in RFC 2898 and generates a salted hash. Often this is used to create an encryption key from a defined password, and where it is not possible to reverse the password from the hashed value. It is used in TrueCrypt to generate the key required to read the header information of the encrypted drive, and which stores the encryption keys.
+
+PBKDF2 is used in WPA-2 and TrueCrypt. Its main focus is to produced a hashed version of a password and includes a salt value to reduce the opportunity for a rainbow table attack. It generally uses over 1,000 iterations in order to slow down the creation of the hash, so that it can overcome brute force attacks. The generalise format for PBKDF2 is:
+
+
+
+where Password is the pass phrase, Salt is the salt, MInterations is the number of iterations, and dklen is the length of the derived hash.In WPA-2, the IEEE 802.11i standard defines that the pre-shared key is defined by:
+
+
+
+In TrueCrypt we use PBKDF2 to generate the key (with salt) and which will decrypt the header, and reveal the keys which have been used to encrypt the disk (using AES, 3DES or Twofish). We use:
+
+```python
+byte[] result = passwordDerive.GenerateDerivedKey(16,
+ ASCIIEncoding.UTF8.GetBytes(message), salt, 1000);
+```
+
+which has a key length of 16 bytes (128 bits - dklen), uses a salt byte array, and 1000 iterations of the hash (Minterations). The resulting hash value will have 32 hexadecimal characters (16 bytes).
+
+Web link (PBKDF2): http://www.asecuritysite.com/encryption/PBKDF2
+
+```python
+import hashlib;
+import passlib.hash;
+import sys;
+
+
+salt="ZDzPE45C"
+string="password"
+
+if (len(sys.argv)>1):
+ string=sys.argv[1]
+
+if (len(sys.argv)>2):
+ salt=sys.argv[2]
+
+print "PBKDF2 (SHA1):"+passlib.hash.pbkdf2_sha1.encrypt(string, salt=salt)
+print "PBKDF2 (SHA256):"+passlib.hash.pbkdf2_sha256.encrypt(string, salt=salt)
+```
+
+
+### G.1
+Create a Python script to create the PBKDF2 hash for the following (uses a salt value of “ZDzPE45C”). You just need to list the first six hex characters of the hashed value.
+
+
+“changeme”:
+
+“123456”:
+
+“password”
+
+
+## H Bcrypt
+MD5 and SHA-1 produce a hash signature, but this can be attacked by rainbow tables. Bcrypt (Blowfish Crypt) is a more powerful hash generator for passwords and uses salt to create a non-recurrent hash. It was designed by Niels Provos and David Mazières, and is based on the Blowfish cipher. It is used as the default password hashing method for BSD and other systems.
+
+Overall it uses a 128-bit salt value, which requires 22 Base-64 characters. It can use a number of iterations, which will slow down any brute-force cracking of the hashed value. For example, “Hello” with a salt value of “$2a$06$NkYh0RCM8pNWPaYvRLgN9.” gives:
+
+
+As illustrated in Figure 1, the first part is "$2a$" (or "$2b$"), and then followed by the number of rounds used. In this case is it 6 rounds which is 26 iterations (where each additional round doubles the hash time). The 128-bit (22 character) salt values comes after this, and then finally there is a 184-bit hash code (which is 31 characters).
+
+The slowness of bcrypt is highlighted with an AWS EC2 server benchmark using hashcat:
+
+* Hash type: MD5 Speed/sec: 380.02M words
+* Hash type: SHA1 Speed/sec: 218.86M words
+* Hash type: SHA256 Speed/sec: 110.37M words
+* Hash type: bcrypt, Blowfish(OpenBSD) Speed/sec: 25.86k words
+* Hash type: NTLM. Speed/sec: 370.22M words
+
+You can see that Bcrypt is almost 15,000 times slower than MD5 (380,000,000 words/sec down to only 25,860 words/sec). With John The Ripper:
+
+* md5crypt [MD5 32/64 X2] 318237 c/s real, 8881 c/s virtual
+* bcrypt ("$2a$05", 32 iterations) 25488 c/s real, 708 c/s virtual
+* LM [DES 128/128 SSE2-16] 88090K c/s real, 2462K c/s virtual
+
+where you can see that BCrypt over 3,000 times slower than LM hashes. So, although the main hashing methods are fast and efficient, this speed has a down side, in that they can be cracked easier. With Bcrypt the speed of cracking is considerably slowed down, with each iteration doubling the amount of time it takes to crack the hash with brute force. If we add one onto the number of rounds, we double the time taken for the hashing process. So, to go from 6 to 16 increase by over 1,000 (210) and from 6 to 26 increases by over 1 million (220).
+
+The following defines a Python script which calculates a whole range of hashes:
+
+```python
+import hashlib;
+import passlib.hash;
+
+salt="ZDzPE45C"
+string="password"
+salt2="1111111111111111111111"
+
+print "General Hashes"
+print "MD5:"+hashlib.md5(string).hexdigest()
+print "SHA1:"+hashlib.sha1(string).hexdigest()
+print "SHA256:"+hashlib.sha256(string).hexdigest()
+print "SHA512:"+hashlib.sha512(string).hexdigest()
+
+print "UNIX hashes (with salt)"
+print "DES:"+passlib.hash.des_crypt.encrypt(string, salt=salt[:2])
+print "MD5:"+passlib.hash.md5_crypt.encrypt(string, salt=salt)
+print "Sun MD5:"+passlib.hash.sun_md5_crypt.encrypt(string, salt=salt)
+print "SHA1:"+passlib.hash.sha1_crypt.encrypt(string, salt=salt)
+print "SHA256:"+passlib.hash.sha256_crypt.encrypt(string, salt=salt)
+print "SHA512:"+passlib.hash.sha512_crypt.encrypt(string, salt=salt)
+print "Bcrypt:"+passlib.hash.bcrypt.encrypt(string, salt=salt2[:22])
+```
+
+Figure 1 Bcrypt
+
+### H.1
+Create the hash for the word “hello” for the different methods (you only have to give the first six hex characters for the hash):
+
+Also note the number hex characters that the hashed value uses:
+
+MD5:
+
+SHA1:
+
+SHA256:
+
+SHA512:
+
+DES:
+
+MD5:
+
+Sun MD5:
+
+SHA-1:
+
+SHA-256:
+
+SHA-512:
+
+## I HMAC
+Write a Python or Node.js program which will prove the following:
+
+
+If you get this to work, can you expand to include other MAC methods. You can test against this page:
+
+https://asecuritysite.com/encryption/js10
+
+## J Reflective statements
+1. Why might increasing the number of iterations be a better method of protecting a hashed password than using a salted version?
+
+
+
+
+
+
+2. Why might the methods bcrypt, Phpass and PBFDK2 be preferred for storing passwords than MD5, SHA?
+
+
+
+
+
+
+## K What I should have learnt from this lab?
+The key things learnt:
+
+* The differing methods used to hash data.
+* How hashcat and John The Ripper are used to crack hashed values.
+* How salt is added to the hashing process.
+* The core difference between the fast hashing methods (such as MD5 and SHA-1) and the slow ones (bcrypt and PBKDF2).
+
+## L Additional
+The following provides a hash most of the widely used hashing method. For this enter the code of:
+```python
+import hashlib;
+import passlib.hash;
+import sys;
+
+
+salt="ZDzPE45C"
+string="password"
+salt2="1111111111111111111111"
+
+
+if (len(sys.argv)>1):
+ string=sys.argv[1]
+
+if (len(sys.argv)>2):
+ salt=sys.argv[2]
+
+print "General Hashes"
+print "MD5:"+hashlib.md5(string).hexdigest()
+print "SHA1:"+hashlib.sha1(string).hexdigest()
+print "SHA256:"+hashlib.sha256(string).hexdigest()
+print "SHA512:"+hashlib.sha512(string).hexdigest()
+
+print "UNIX hashes (with salt)"
+print "DES:"+passlib.hash.des_crypt.encrypt(string, salt=salt[:2])
+print "MD5:"+passlib.hash.md5_crypt.encrypt(string, salt=salt)
+print "Sun MD5:"+passlib.hash.sun_md5_crypt.encrypt(string, salt=salt)
+print "SHA1:"+passlib.hash.sha1_crypt.encrypt(string, salt=salt)
+print "SHA256:"+passlib.hash.sha256_crypt.encrypt(string, salt=salt)
+print "SHA512:"+passlib.hash.sha512_crypt.encrypt(string, salt=salt)
+
+print "APR1:"+passlib.hash.apr_md5_crypt.encrypt(string, salt=salt)
+print "PHPASS:"+passlib.hash.phpass.encrypt(string, salt=salt)
+print "PBKDF2 (SHA1):"+passlib.hash.pbkdf2_sha1.encrypt(string, salt=salt)
+print "PBKDF2 (SHA256):"+passlib.hash.pbkdf2_sha256.encrypt(string, salt=salt)
+#print "PBKDF2 (SHA512):"+passlib.hash.pbkdf2_sha512.encrypt(string, salt=salt)
+#print "CTA PBKDF2:"+passlib.hash.cta_pbkdf2_sha1.encrypt(string, salt=salt)
+#print "DLITZ PBKDF2:"+passlib.hash.dlitz_pbkdf2_sha1.encrypt(string, salt=salt)
+
+print "MS Windows Hashes"
+print "LM Hash:"+passlib.hash.lmhash.encrypt(string)
+print "NT Hash:"+passlib.hash.nthash.encrypt(string)
+print "MS DCC:"+passlib.hash.msdcc.encrypt(string, salt)
+print "MS DCC2:"+passlib.hash.msdcc2.encrypt(string, salt)
+
+#print "LDAP Hashes"
+#print "LDAP (MD5):"+passlib.hash.ldap_md5.encrypt(string)
+#print "LDAP (MD5 Salted):"+passlib.hash.ldap_salted_md5.encrypt(string, salt=salt)
+#print "LDAP (SHA):"+passlib.hash.ldap_sha1.encrypt(string)
+#print "LDAP (SHA1 Salted):"+passlib.hash.ldap_salted_sha1.encrypt(string, salt=salt)
+#print "LDAP (DES Crypt):"+passlib.hash.ldap_des_crypt.encrypt(string)
+#print "LDAP (BSDI Crypt):"+passlib.hash.ldap_bsdi_crypt.encrypt(string)
+#print "LDAP (MD5 Crypt):"+passlib.hash.ldap_md5_crypt.encrypt(string)
+#print "LDAP (Bcrypt):"+passlib.hash.ldap_bcrypt.encrypt(string)
+#print "LDAP (SHA1):"+passlib.hash.ldap_sha1_crypt.encrypt(string)
+#print "LDAP (SHA256):"+passlib.hash.ldap_sha256_crypt.encrypt(string)
+#print "LDAP (SHA512):"+passlib.hash.ldap_sha512_crypt.encrypt(string)
+
+print "LDAP (Hex MD5):"+passlib.hash.ldap_hex_md5.encrypt(string)
+print "LDAP (Hex SHA1):"+passlib.hash.ldap_hex_sha1.encrypt(string)
+print "LDAP (At Lass):"+passlib.hash.atlassian_pbkdf2_sha1.encrypt(string)
+print "LDAP (FSHP):"+passlib.hash.fshp.encrypt(string)
+
+print "Database Hashes"
+print "MS SQL 2000:"+passlib.hash.mssql2000.encrypt(string)
+print "MS SQL 2000:"+passlib.hash.mssql2005.encrypt(string)
+print "MS SQL 2000:"+passlib.hash.mysql323.encrypt(string)
+print "MySQL:"+passlib.hash.mysql41.encrypt(string)
+print "Postgres (MD5):"+passlib.hash.postgres_md5.encrypt(string, user=salt)
+print "Oracle 10:"+passlib.hash.oracle10.encrypt(string, user=salt)
+print "Oracle 11:"+passlib.hash.oracle11.encrypt(string)
+
+print "Other Known Hashes"
+print "Cisco PIX:"+passlib.hash.cisco_pix.encrypt(string, user=salt)
+print "Cisco Type 7:"+passlib.hash.cisco_type7.encrypt(string)
+print "Dyango DES:"+passlib.hash.django_des_crypt.encrypt(string, salt=salt)
+print "Dyango MD5:"+passlib.hash.django_salted_md5.encrypt(string, salt=salt[:2])
+print "Dyango SHA1:"+passlib.hash.django_salted_sha1.encrypt(string, salt=salt)
+print "Dyango Bcrypt:"+passlib.hash.django_bcrypt.encrypt(string, salt=salt2[:22])
+print "Dyango PBKDF2 SHA1:"+passlib.hash.django_pbkdf2_sha1.encrypt(string, salt=salt)
+print "Dyango PBKDF2 SHA1:"+passlib.hash.django_pbkdf2_sha256.encrypt(string, salt=salt)
+print "Bcrypt:"+passlib.hash.bcrypt.encrypt(string, salt=salt2[:22])
+```
+
+
+
+## L.1
+In the code, what does the modifier of “[:22]” do?
+
+In running the methods, which of them take the longest time to compute?
+
+
+
+Of the methods used, outline how you would identify some of the methods. For APR1 has an identifier of $apr1$.
+
+
+
+
+For the following identify the hash methods used:
+
+* 5f4dcc3b5aa765d61d8327deb882cf99
+* 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
+* $apr1$ZDzPE45C$y372GZYCbB1WYtOkbm4/u.
+* $P$HZDzPE45Ch4tvOeT9mhtu3i2G/JybR1
+* b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
+* $1$ZDzPE45C$EEQHJaCXI6yInV3FnskmF1
+* $2a$12$111111111111111111111uAQxS9vJNRtBb6zeFDV6k7tyB0DZJF0a
+
+
+## L.2
+It is known that a user has used a password of “passXord”, where X is an unknown character or number. Can crack the following hashes based on a filter:
+
+
+Passwords used:
+
+Number of tests:
+
+
+## L.3
+Download the bfield.hash password hash, and using the rockyou.txt list, determine the first 10 passwords in the hashed file. An example command might be:
+
+
+First 10 passwords from bfield.hash:
+
+
+
+
diff --git a/unit03_hashing/lab/new_lab03.docx b/unit03_hashing/lab/new_lab03.docx
new file mode 100644
index 0000000..a28275f
Binary files /dev/null and b/unit03_hashing/lab/new_lab03.docx differ
diff --git a/unit03_hashing/lab/new_lab03.pdf b/unit03_hashing/lab/new_lab03.pdf
new file mode 100644
index 0000000..efba7ec
Binary files /dev/null and b/unit03_hashing/lab/new_lab03.pdf differ
diff --git a/unit03_hashing/lab/samples_ans.md b/unit03_hashing/lab/samples_ans.md
new file mode 100644
index 0000000..a58fb6c
--- /dev/null
+++ b/unit03_hashing/lab/samples_ans.md
@@ -0,0 +1,1121 @@
+Try not to look at these answers, unless you really have too ..
+
+## A.1
+
+$ nano nthash
+$ cat nthash
+0333c27eb4b9401d91fef02a9f74840e
+$ hashcat -m 1000 nthash mywords.txt
+hashcat (v5.1.0-42-g471a8cc) starting...
+
+OpenCL Platform #1: Intel(R) Corporation
+========================================
+* Device #1: Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz, 495/1982 MB allocatable, 2MCU
+
+Hashes: 1 digests; 1 unique digests, 1 unique salts
+Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
+Rules: 1
+
+Applicable optimizers:
+* Zero-Byte
+* Early-Skip
+* Not-Salted
+* Not-Iterated
+* Single-Hash
+* Single-Salt
+* Raw-Hash
+
+Minimum password length supported by kernel: 0
+Maximum password length supported by kernel: 256
+
+ATTENTION! Pure (unoptimized) OpenCL kernels selected.
+This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
+If you want to switch to optimized OpenCL kernels, append -O to your commandline.
+
+Watchdog: Hardware monitoring interface not found on your system.
+Watchdog: Temperature abort trigger disabled.
+
+Dictionary cache hit:
+* Filename..: mywords.txt
+* Passwords.: 4
+* Bytes.....: 27
+* Keyspace..: 4
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+0333c27eb4b9401d91fef02a9f74840e:help
+
+Session..........: hashcat
+Status...........: Cracked
+Hash.Type........: NTLM
+Hash.Target......: 0333c27eb4b9401d91fef02a9f74840e
+Time.Started.....: Thu Jan 30 16:22:39 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:22:39 2020 (0 secs)
+Guess.Base.......: File (mywords.txt)
+Guess.Queue......: 1/1 (100.00%)
+Speed.#1.........: 10770 H/s (0.00ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
+Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
+Progress.........: 4/4 (100.00%)
+Rejected.........: 0/4 (0.00%)
+Restore.Point....: 0/4 (0.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
+Candidates.#1....: hello -> nowhere
+
+Started: Thu Jan 30 16:22:38 2020
+Stopped: Thu Jan 30 16:22:40 2020
+
+## B.6
+
+celtic
+motherwell
+aberdeen
+livingston
+
+A sample run:
+
+$ nano football
+$ cat football
+celtic
+rangers
+hearts
+inverness
+dundee
+aberdeen
+motherwell
+hamilton
+hibernian
+kilmarnock
+livingston
+motherwell
+$ cat hash3
+635450503029fc2484f1d7eb80da8e25bdc1770e1dd14710c592c8929ba37ee9
+b3cb6d04f9ccbf6dfe08f40c11648360ca421f0c531e69f326a72dc7e80a0912
+bc5fb9abe8d5e72eb49cf00b3dbd173cbf914835281fadd674d5a2b680e47d50
+6ac16a68ac94ca8298c9c2329593a4a4130b6fed2472a98424b7b4019ef1d968
+$ rm ~/.hashcat/hashcat.potfile
+$ hashcat -m 1400 hash3 football
+hashcat (v5.1.0-42-g471a8cc) starting...
+
+OpenCL Platform #1: Intel(R) Corporation
+========================================
+* Device #1: Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz, 495/1982 MB allocatable, 2MCU
+
+Hashes: 4 digests; 4 unique digests, 1 unique salts
+Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
+Rules: 1
+
+Applicable optimizers:
+* Zero-Byte
+* Early-Skip
+* Not-Salted
+* Not-Iterated
+* Single-Salt
+* Raw-Hash
+
+Minimum password length supported by kernel: 0
+Maximum password length supported by kernel: 256
+
+ATTENTION! Pure (unoptimized) OpenCL kernels selected.
+This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
+If you want to switch to optimized OpenCL kernels, append -O to your commandline.
+
+Watchdog: Hardware monitoring interface not found on your system.
+Watchdog: Temperature abort trigger disabled.
+
+Dictionary cache hit:
+* Filename..: football
+* Passwords.: 12
+* Bytes.....: 111
+* Keyspace..: 12
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+635450503029fc2484f1d7eb80da8e25bdc1770e1dd14710c592c8929ba37ee9:celtic
+bc5fb9abe8d5e72eb49cf00b3dbd173cbf914835281fadd674d5a2b680e47d50:aberdeen
+6ac16a68ac94ca8298c9c2329593a4a4130b6fed2472a98424b7b4019ef1d968:livingston
+
+Session..........: hashcat
+Status...........: Exhausted
+Hash.Type........: SHA2-256
+Hash.Target......: hash3
+Time.Started.....: Thu Jan 30 16:42:24 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:42:24 2020 (0 secs)
+Guess.Base.......: File (football)
+Guess.Queue......: 1/1 (100.00%)
+Speed.#1.........: 26495 H/s (0.01ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
+Recovered........: 3/4 (75.00%) Digests, 0/1 (0.00%) Salts
+Progress.........: 12/12 (100.00%)
+Rejected.........: 0/12 (0.00%)
+Restore.Point....: 12/12 (100.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
+Candidates.#1....: celtic -> motherwell
+
+Started: Thu Jan 30 16:42:24 2020
+Stopped: Thu Jan 30 16:42:26 2020
+
+
+
+## B.7
+
+hair
+face
+eye
+
+a->z: 26
+aa->zz: 676
+aaa->zzz: 17576
+aaaa->zzzz:456976
+
+A sample run is:
+
+$ nano face
+$ cat face
+4dc2159bba05da394c3b94c6f54354db1f1f43b321ac4bbdfc2f658237858c70
+0282d9b79f42c74c1550b20ff2dd16aafc3fe5d8ae9a00b2f66996d0ae882775
+47c215b5f70eb9c9b4bcb2c027007d6cf38a899f40d1d1da6922e49308b15b69
+$ hashcat -a 3 -m 1400 face ?l?l?l?l?l?l?l?l --increment
+hashcat (v5.1.0-42-g471a8cc) starting...
+
+OpenCL Platform #1: Intel(R) Corporation
+========================================
+* Device #1: Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz, 495/1982 MB allocatable, 2MCU
+
+Hashes: 3 digests; 3 unique digests, 1 unique salts
+Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
+
+Applicable optimizers:
+* Zero-Byte
+* Early-Skip
+* Not-Salted
+* Not-Iterated
+* Single-Salt
+* Brute-Force
+* Raw-Hash
+
+Minimum password length supported by kernel: 0
+Maximum password length supported by kernel: 256
+
+ATTENTION! Pure (unoptimized) OpenCL kernels selected.
+This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
+If you want to switch to optimized OpenCL kernels, append -O to your commandline.
+
+Watchdog: Hardware monitoring interface not found on your system.
+Watchdog: Temperature abort trigger disabled.
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+Session..........: hashcat
+Status...........: Exhausted
+Hash.Type........: SHA2-256
+Hash.Target......: face
+Time.Started.....: Thu Jan 30 16:48:55 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:48:55 2020 (0 secs)
+Guess.Mask.......: ?l [1]
+Guess.Queue......: 1/8 (12.50%)
+Speed.#1.........: 68915 H/s (0.00ms) @ Accel:1024 Loops:26 Thr:1 Vec:8
+Recovered........: 0/3 (0.00%) Digests, 0/1 (0.00%) Salts
+Progress.........: 26/26 (100.00%)
+Rejected.........: 0/26 (0.00%)
+Restore.Point....: 1/1 (100.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-26 Iteration:0-26
+Candidates.#1....: s -> x
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+Session..........: hashcat
+Status...........: Exhausted
+Hash.Type........: SHA2-256
+Hash.Target......: face
+Time.Started.....: Thu Jan 30 16:48:56 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:48:56 2020 (0 secs)
+Guess.Mask.......: ?l?l [2]
+Guess.Queue......: 2/8 (25.00%)
+Speed.#1.........: 1527.7 kH/s (0.06ms) @ Accel:1024 Loops:26 Thr:1 Vec:8
+Recovered........: 0/3 (0.00%) Digests, 0/1 (0.00%) Salts
+Progress.........: 676/676 (100.00%)
+Rejected.........: 0/676 (0.00%)
+Restore.Point....: 26/26 (100.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-26 Iteration:0-26
+Candidates.#1....: sa -> xq
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+47c215b5f70eb9c9b4bcb2c027007d6cf38a899f40d1d1da6922e49308b15b69:eye
+
+Session..........: hashcat
+Status...........: Exhausted
+Hash.Type........: SHA2-256
+Hash.Target......: face
+Time.Started.....: Thu Jan 30 16:48:56 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:48:56 2020 (0 secs)
+Guess.Mask.......: ?l?l?l [3]
+Guess.Queue......: 3/8 (37.50%)
+Speed.#1.........: 10092.9 kH/s (1.36ms) @ Accel:1024 Loops:26 Thr:1 Vec:8
+Recovered........: 1/3 (33.33%) Digests, 0/1 (0.00%) Salts
+Progress.........: 17576/17576 (100.00%)
+Rejected.........: 0/17576 (0.00%)
+Restore.Point....: 676/676 (100.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-26 Iteration:0-26
+Candidates.#1....: sar -> xqx
+
+0282d9b79f42c74c1550b20ff2dd16aafc3fe5d8ae9a00b2f66996d0ae882775:face
+4dc2159bba05da394c3b94c6f54354db1f1f43b321ac4bbdfc2f658237858c70:hair
+
+Session..........: hashcat
+Status...........: Cracked
+Hash.Type........: SHA2-256
+Hash.Target......: face
+Time.Started.....: Thu Jan 30 16:48:56 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 16:48:56 2020 (0 secs)
+Guess.Mask.......: ?l?l?l?l [4]
+Guess.Queue......: 4/8 (50.00%)
+Speed.#1.........: 22926.1 kH/s (2.09ms) @ Accel:1024 Loops:26 Thr:1 Vec:8
+Recovered........: 3/3 (100.00%) Digests, 1/1 (100.00%) Salts
+Progress.........: 212992/456976 (46.61%)
+Rejected.........: 0/212992 (0.00%)
+Restore.Point....: 6144/17576 (34.96%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-26 Iteration:0-26
+Candidates.#1....: snts -> xolc
+
+Started: Thu Jan 30 16:48:54 2020
+Stopped: Thu Jan 30 16:48:57 2020
+
+
+## B.8
+
+passwordW
+passowrd5
+
+A sample run is:
+
+napier@napier-virtual-machine:~/steg/python/lsb$ hashcat -a 3 -m 0 file.txt password?d
+hashcat (v5.1.0-42-g471a8cc) starting...
+
+OpenCL Platform #1: Intel(R) Corporation
+========================================
+* Device #1: Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz, 495/1982 MB allocatable, 2MCU
+
+Hashes: 2 digests; 2 unique digests, 1 unique salts
+Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
+
+Applicable optimizers:
+* Zero-Byte
+* Early-Skip
+* Not-Salted
+* Not-Iterated
+* Single-Salt
+* Brute-Force
+* Raw-Hash
+
+Minimum password length supported by kernel: 0
+Maximum password length supported by kernel: 256
+
+ATTENTION! Pure (unoptimized) OpenCL kernels selected.
+This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
+If you want to switch to optimized OpenCL kernels, append -O to your commandline.
+
+Watchdog: Hardware monitoring interface not found on your system.
+Watchdog: Temperature abort trigger disabled.
+
+The wordlist or mask that you are using is too small.
+This means that hashcat cannot use the full parallel power of your device(s).
+Unless you supply more work, your cracking speed will drop.
+For tips on supplying more work, see: https://hashcat.net/faq/morework
+
+Approaching final keyspace - workload adjusted.
+
+db0edd04aaac4506f7edab03ac855d56:password5
+
+Session..........: hashcat
+Status...........: Exhausted
+Hash.Type........: MD5
+Hash.Target......: file.txt
+Time.Started.....: Thu Jan 30 17:00:38 2020 (0 secs)
+Time.Estimated...: Thu Jan 30 17:00:38 2020 (0 secs)
+Guess.Mask.......: password?d [9]
+Guess.Queue......: 1/1 (100.00%)
+Speed.#1.........: 23640 H/s (0.01ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
+Recovered........: 1/2 (50.00%) Digests, 0/1 (0.00%) Salts
+Progress.........: 10/10 (100.00%)
+Rejected.........: 0/10 (0.00%)
+Restore.Point....: 10/10 (100.00%)
+Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
+Candidates.#1....: password1 -> password6
+
+Started: Thu Jan 30 17:00:36 2020
+Stopped: Thu Jan 30 17:00:39 2020
+
+
+## C.1
+
+bert: APPLE
+fred: ORANGE
+
+A sample run is:
+
+$ rm -r ~/.john/
+$ nano fruits
+$ cat pwdump
+fred:500:E79E56A8E5C6F8FEAAD3B435B51404EE:5EBE7DFA074DA8EE8AEF1FAA2BBDE876:::
+bert:501:10EAF413723CBB15AAD3B435B51404EE:CA8E025E9893E8CE3D2CBF847FC56814:::
+$ cat fruits
+apple
+orange
+kiwi
+lemon
+grape
+banana
+pear
+peach
+$ john --wordlist=fruits pwdump
+Created directory: /home/napier/.john
+Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16])
+Press 'q' or Ctrl-C to abort, almost any other key for status
+ORANGE (bert)
+APPLE (fred)
+2g 0:00:00:00 100% 200.0g/s 800.0p/s 800.0c/s 1600C/s APPLE..PEACH
+Use the "--show" option to display all of the cracked passwords reliably
+Session completed
+$ john --show
+Password files required, but none specified
+napier@napier-virtual-machine:~/steg/python/lsb$ john --show pwdump
+fred:APPLE:500:E79E56A8E5C6F8FEAAD3B435B51404EE:5EBE7DFA074DA8EE8AEF1FAA2BBDE876:::
+bert:ORANGE:501:10EAF413723CBB15AAD3B435B51404EE:CA8E025E9893E8CE3D2CBF847FC56814:::
+
+2 password hashes cracked, 0 left
+
+
+
+## C.2
+
+bert: DUNDEE
+fred: ABERDEEN
+Admin: PERTH
+
+A sample run:
+
+$ cat cities
+DUNDEE
+ABERDEEN
+PERTH
+EDINBURGH
+GLASGOW
+$ cat hash6
+Admin:500:629E2BA1C0338CE0AAD3B435B51404EE:9408CB400B20ABA3DFEC054D2B6EE5A1:::
+fred:501:33E58ABB4D723E5EE72C57EF50F76A05:4DFC4E7AA65D71FD4E06D061871C05F2:::
+bert:502:BC2B6A869601E4D9AAD3B435B51404EE:2D8947D98F0B09A88DC9FCD6E546A711:::
+$ john --wordlist=cities hash6
+Loaded 4 password hashes with no different salts (LM [DES 128/128 SSE2-16])
+Press 'q' or Ctrl-C to abort, almost any other key for status
+PERTH (bert)
+ABERDEE (fred:1)
+DUNDEE (Admin)
+3g 0:00:00:00 100% 300.0g/s 500.0p/s 500.0c/s 2000C/s DUNDEE..GLASGOW
+Warning: passwords printed above might be partial
+Use the "--show" option to display all of the cracked passwords reliably
+Session completed
+
+
+## C.3
+
+Bert: TIGER
+Fred: SNAKE
+Admin: ELEPHANT
+
+A sample run is:
+
+napier@napier-virtual-machine:~/steg/python/lsb$ cat animals
+tiger
+cat
+snake
+gorilla
+elephant
+napier@napier-virtual-machine:~/steg/python/lsb$ cat hash7
+fred:500:5A8BB08EFF0D416AAAD3B435B51404EE:85A2ED1CA59D0479B1E3406972AB1928:::
+bert:501:C6E4266FEBEBD6A8AAD3B435B51404EE:0B9957E8BED733E0350C703AC1CDA822:::
+admin:502:333CB006680FAF0A417EAF50CFAC29C3:D2EDBC29463C40E76297119421D2A707:::
+napier@napier-virtual-machine:~/steg/python/lsb$ john --wordlist=animals hash7
+Loaded 4 password hashes with no different salts (LM [DES 128/128 SSE2-16])
+Press 'q' or Ctrl-C to abort, almost any other key for status
+ELEPHAN (admin:1)
+TIGER (bert)
+SNAKE (fred)
+3g 0:00:00:00 100% 300.0g/s 500.0p/s 500.0c/s 2000C/s TIGER..ELEPHAN
+Warning: passwords printed above might be partial
+Use the "--show" option to display all of the cracked passwords reliably
+Session completed
+
+
+What is the message? You might find some interesting code [here](https://asecuritysite.com/encryption/rsa_example).
+
+2. Bob uses the following parameters for his public key:
+
+
+Can you crack the cipher and find the value, if you know we are using using 60 bit primes [example](https://medium.com/asecuritysite-when-bob-met-alice/cracking-rsa-a-challenge-generator-2b64c4edb3e7)?
+
+## A bit of fun
+
+* A Python program to implement RSA in just 12 lines [here](https://asecuritysite.com/encryption/rsa12).
+* A Python program to crack RSA in just 12 lines [here](https://asecuritysite.com/encryption/rsa12_2).
+* Elliptic Curve methods are used in key handshaking (ECDH). If you want to see the curves that are used click [here](https://asecurity.site/encryption/ecdh3).
+
+## Sample Exam Questions
+
+The following are sample questions for public key:
+
+* Bob selects a p value of 7 and a q value of 9, but he cannot get his RSA encryption to work. What is the problem?
+* Bob has selected a p value of 11 and a q value of 7. Which of the following are possible encryption keys: (5,77), (3,77), (9,77), (11,77), and (24,77).
+* Bob and Alice decide to use RSA encryption to send secure email, where Bob uses Alice's public key to encrypt, and she uses her private key to decrypt. What is the main problem caused with this, as apposed to using symmetric encryption?
+* Bob tells Alice that she should send her private key in order that he should encrypt something for her. Outline the main problem caused by this.
+* Security professionals say that RSA keys of over 1,024 bits are secure. What is the core protection against the RSA method being cracked for keys of 1,024 bits and more.
+* Bob says he has had a look at a few RSA public keys and he says that the ones he looked at where all the same. Is he right? If so, what makes public keys different?
+* Research: Netscape had to comply with an export [embargo](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States) on the size of the keys which can be used for RSA. Which major vulnerabilities have resulted?
+* Bob and Alice get into a debate about the size of the d and e values in the RSA encryption key. Bob says that, in real-life keys, the length of the e value in (e,n) is normally about the same size as the d value (d,n). Alice disagrees. Who is correct?
+ * Where would I find this info? Have a look at some practical examples: [Here](https://asecuritysite.com/encryption/rsa2)
+
+## Examples
+
+RSA Examples: [here](https://asecuritysite.com/public/rsa_examples.pdf).
+RSA Keygen: [here](https://asecuritysite.com/encryption/rsa_keygen).
+ECC Keygen: [here](https://asecuritysite.com/encryption/ecc_keygen).
+
+## Quick demos
+
+* Introduction to RSA: [here](https://www.youtube.com/watch?v=pHES8eNor6k)
+* Introduction to Elliptic Curve: [here](https://youtu.be/_CwIWk6XDmg)
+* Picking the Generator Value (G): [here](https://www.youtube.com/watch?v=-TjSuch3VGU)
+
+
+
diff --git a/unit04_public_key/lab/README.md b/unit04_public_key/lab/README.md
new file mode 100644
index 0000000..e587836
--- /dev/null
+++ b/unit04_public_key/lab/README.md
@@ -0,0 +1,782 @@
+
+
+# Lab 4: Asymmetric (Public) Key
+Objective: The key objective of this lab is to provide a practical introduction to public key encryption, and with a focus on RSA and Elliptic Curve methods. This includes the creation of key pairs and in the signing process.
+
+Video demo: https://youtu.be/6T9bFA2nl3c
+
+Note: If you are using Python 3, instead of "pip install pycrypto" you can install pycryptodome with "pip3 install pycryptodome".
+
+## A RSA Encryption
+### A.1
+
+The following defines a public key that is used with PGP email encryption:
+
+
+Using the following Web page, determine the owner of the key, and the ID on the key:
+
+https://asecuritysite.com/encryption/pgp1
+
+By searching on-line, can you find the public key of three famous people, and view their key details, and can you discover some of the details of their keys (eg User ID, key encryption method, key size, etc)?
+
+
+
+By searching on-line, what is an ASCII Armored Message?
+
+
+
+
+
+
+### A.2
+Bob has a private RSA key of:
+
+
+And receives a ciphertext message of:
+
+Pob7AQZZSml618nMwTpx3V74N45x/rTimUQeTl0yHq8F0dsekZgOT385Jls1HUzWCx6ZRFPFMJ1RNYR2Yh7AkQtFLVx9lYDfb/Q+SkinBIBX59ER3/fDhrVKxIN4S6h2QmMSRblh4KdVhyY6cOxu+g48Jh7TkQ2Ig93/nCpAnYQ=
+
+Using the following code:
+
+```python
+from Crypto.PublicKey import RSA
+from Crypto.Util import asn1
+from base64 import b64decode
+
+msg="Pob7AQZZSml618nMwTpx3V74N45x/rTimUQeTl0yHq8F0dsekZgOT385Jls1HUzWCx6ZRFPFMJ1RNYR2Yh7AkQtFLVx9lYDfb/Q+SkinBIBX59ER3/fDhrVKxIN4S6h2QmMSRblh4KdVhyY6cOxu+g48Jh7TkQ2Ig93/nCpAnYQ="
+privatekey = 'MIICXAIBAAKBgQCwgjkeoyCXm9v6VBnUi5ihQ2knkdxGDL3GXLIUU43/froeqk7q9mtxT4AnPAaDX3f2r4STZYYiqXGsHCUBZcI90dvZf6YiEM5OY2jgsmqBjf2Xkp/8HgN/XDw/wD2+zebYGLLYtd2u3GXx9edqJ8kQcU9LaMH+ficFQyfq9UwTjQIDAQABAoGAD7L1a6Ess+9b6G70gTANWkKJpshVZDGb63mxKRepaJEX8sRJEqLqOYDNsC+pkKO8IsfHreh4vrp9bsZuECrB1OHSjwDB0S/fm3KEWbsaaXDUAu0dQg/JBMXAKzeATreoIYJItYgwzrJ++fuquKabAZumvOnWJyBIs2z103kDz2ECQQDnn3JpHirmgVdf81yBbAJaXBXNIPzOcCth1zwFAs4EvrE35n2HvUQuRhy3ahUKXsKX/bGvWzmC2O6kbLTFEygVAkEAwxXZnPkaAY2vuoUCN5NbLZgegrAtmU+U2woa5A0fx6uXmShqxo1iDxEC71FbNIgHBg5srsUyDj3OsloLmDVjmQJAIy7qLyOA+sCc6BtMavBgLx+bxCwFmsoZHOSX3l79smTRAJ/HY64RREIsLIQ1q/yW7IWBzxQ5WTHgliNZFjKBvQJBAL3t/vCJwRz0Ebs5FaB/8UwhhsrbtXlGdnkOjIGsmV0vHSf6poHqUiay/DV88pvhN11ZG8zHpeUhnaQccJ9ekzkCQDHHG9LYCOqTgsyYms//cW4sv2nuOE1UezTjUFeqOlsgO+WN96b/M5gnv45/Z3xZxzJ4HOCJ/NRwxNOtEUkw+zY='
+
+keyDER = b64decode(privatekey)
+keys = RSA.importKey(keyDER)
+
+dmsg = keys.decrypt(b64decode(msg))
+print dmsg
+```
+
+
+What is the plaintext message that Bob has been sent?
+
+
+
+
+
+## B OpenSSL (RSA)
+We will use OpenSSL to perform the following:
+
+### B.1
+
+First we need to generate a key pair with:
+
+openssl genrsa -out private.pem 1024
+
+
+
+This file contains both the public and the private key.
+
+
+
+
+
+What is the type of public key method used:
+
+
+How long is the default key:
+
+
+How long did it take to generate a 1,024 bit key?
+
+
+Use the following command to view the keys:
+
+
+ cat private.pem
+
+
+### B.2
+Use following command to view the output file:
+
+
+cat private.pem
+
+
+What can be observed at the start and end of the file:
+
+
+### B.3
+Next we view the RSA key pair:
+
+openssl rsa -in private.pem -text
+
+
+Which are the attributes of the key shown:
+
+
+
+Which number format is used to display the information on the attributes:
+
+
+
+
+
+### B.4
+Let’s now secure the encrypted key with 3-DES:
+
+
+View the output key. What does the header and footer of the file identify?
+
+
+
+### B.6
+
+Now create a file named “myfile.txt” and put a message into it. Next encrypt it with your public key:
+
+
+### B.7
+And then decrypt with your private key:
+
+openssl rsautl -decrypt -inkey private.pem -in file.bin -out decrypted.txt What are the contents of decrypted.txt
+
+On your VM, go into the ~/.ssh folder. Now generate your SSH keys:
+
+
+
+View the private key. Outline its format?
+
+
+
+On your Ubuntu instance setup your new keys for ssh:
+
+
+ssh-add ~/.ssh/id_git
+
+
+Now create a Github account and upload your public key to Github (select Settings-> New SSH key or Add SSH key). Create a new repository on your GitHub site, and add a new file to it. Next go to your Ubuntu instance and see if you can clone of a new directory:
+
+
+If this doesn’t work, try the https connection that is defined on GitHub.
+
+## C OpenSSL (ECC)
+Elliptic Curve Cryptography (ECC) is now used extensively within public key encryption, including with Bitcoin, Ethereum, Tor, and many IoT applications. In this part of the lab we will use OpenSSL to create a key pair. For this we generate a random 256-bit private key (priv), and then generate a public key point (priv multiplied by G), using a generator (G), and which is a generator point on the selected elliptic curve.
+
+
+### C.1
+First we need to generate a private key with:
+
+The file will only contain the private key (and should have 256 bits).
+
+Now use “cat priv.pem” to view your key.
+
+Can you view your key?
+
+### C.2
+We can view the details of the ECC parameters used with:
+
+
+Outline these values:
+
+Prime (last two bytes):
+
+A:
+
+B:
+
+Generator (last two bytes):
+
+Order (last two bytes):
+
+### C.3
+Now generate your public key based on your private key with:
+
+openssl ec -in priv.pem -text -noout
+
+
+How many bits and bytes does your private key have:
+
+
+
+How many bit and bytes does your public key have (Note the 04 is not part of the elliptic curve point):
+
+
+
+What is the ECC method that you have used?
+
+
+
+If you want to see an example of ECC, try here: https://asecuritysite.com/encryption/ecc
+
+## D Elliptic Curve Encryption
+### D.1
+In the following Bob and Alice create elliptic curve key pairs. Bob can encrypt a message for Alice with her public key, and she can decrypt with her private key. Copy and paste the program from here:
+
+https://asecuritysite.com/encryption/elc
+
+Code used:
+
+```python
+import OpenSSL
+import pyelliptic
+
+secretkey="password"
+test="Test123"
+
+alice = pyelliptic.ECC()
+bob = pyelliptic.ECC()
+
+print "++++Keys++++"
+print "Bob's private key: "+bob.get_privkey().encode('hex')
+print "Bob's public key: "+bob.get_pubkey().encode('hex')
+
+print
+print "Alice's private key: "+alice.get_privkey().encode('hex')
+print "Alice's public key: "+alice.get_pubkey().encode('hex')
+
+
+ciphertext = alice.encrypt(test, bob.get_pubkey())
+
+print "\n++++Encryption++++"
+
+print "Cipher: "+ciphertext.encode('hex')
+
+print "Decrypt: "+bob.decrypt(ciphertext)
+
+signature = bob.sign("Alice")
+
+print
+print "Bob verified: "+ str(pyelliptic.ECC(pubkey=bob.get_pubkey()).verify
+(signature, "Alice"))
+```
+
+For a message of “Hello. Alice”, what is the ciphertext sent (just include the first four characters):
+
+
+
+How is the signature used in this example?
+
+
+
+
+### D.2
+Let’s say we create an elliptic curve with y2 = x3 + 7, and with a prime number of 89, generate the first five (x,y) points for the finite field elliptic curve. You can use the Python code at the following to generate them:
+
+https://asecuritysite.com/encryption/ecc_points
+
+First five points:
+
+
+
+
+### D.3
+Elliptic curve methods are often used to sign messages, and where Bob will sign a message with his private key, and where Alice can prove that he has signed it by using his public key. With ECC, we can use ECDSA, and which was used in the first version of Bitcoin. Enter the following code:
+
+```python
+from ecdsa import SigningKey,NIST192p,NIST224p,NIST256p,NIST384p,NIST521p,SECP256k1
+import base64
+import sys
+
+msg="Hello"
+type = 1
+cur=NIST192p
+
+sk = SigningKey.generate(curve=cur)
+
+vk = sk.get_verifying_key()
+
+signature = sk.sign(msg)
+
+print "Message:\t",msg
+print "Type:\t\t",cur.name
+print "========================="
+
+print "Signature:\t",base64.b64encode(signature)
+
+print "========================="
+
+print "Signatures match:\t",vk.verify(signature, msg)
+```
+
+What are the signatures (you only need to note the first four characters) for a message of “Bob”, for the curves of NIST192p, NIST521p and SECP256k1:
+
+NIST192p:
+
+NIST521p:
+
+SECP256k1:
+
+
+By searching on the Internet, can you find in which application areas that SECP256k1 is used?
+
+
+What do you observe from the different hash signatures from the elliptic curve methods?
+
+
+
+
+## E RSA
+### E.1 We will follow a basic RSA process. If you are struggling here, have a look at the following page:
+
+https://asecuritysite.com/encryption/rsa
+
+First, pick two prime numbers:
+
+p=
+
+q=
+
+Now calculate N (p.q) and PHI [(p-1).(q-1)]:
+
+N=
+
+PHI =
+
+Now pick a value of e which does not share a factor with PHI [gcd(PHI,e)=1]:
+
+e=
+
+Now select a value of d, so that (e.d) (mod PHI) = 1:
+
+[Note: You can use this page to find d: https://asecuritysite.com/encryption/inversemod]
+
+d=
+
+Now for a message of M=5, calculate the cipher as:
+
+C = Me (mod N) =
+
+Now decrypt your ciphertext with:
+
+M = Cd (mod N) =
+
+Did you get the value of your message back (M=5)? If not, you have made a mistake, so go back and check.
+
+Now run the following code and prove that the decrypted cipher is the same as the message:
+
+```python
+p=11
+q=3
+N=p*q
+PHI=(p-1)*(q-1)
+e=3
+for d in range(1,N):
+ if ((e*d % PHI)==1): break
+print e,N
+print d,N
+M=4
+cipher = M**e % N
+print cipher
+message = cipher**d % N
+print message
+```
+
+
+Select three more examples with different values of p and q, and then select e in order to make sure that the cipher will work:
+
+
+
+
+### E.2
+In the RSA method, we have a value of e, and then determine d from (d.e) (mod PHI)=1. But how do we use code to determine d? Well we can use the Euclidean algorithm. The code for this is given at:
+
+https://asecuritysite.com/encryption/inversemod
+
+Using the code, can you determine the following:
+
+
+Inverse of 53 (mod 120) =
+Inverse of 65537 (mod 1034776851837418226012406113933120080) =
+
+
+Using this code, can you now create an RSA program where the user enters the values of p, q, and e, and the program determines (e,N) and (d,N)?
+
+
+### E.3
+Run the following code and observe the output of the keys. If you now change the key generation key from ‘PEM’ to ‘DER’, how does the output change:
+
+
+
+
+
+```python
+from Crypto.PublicKey import RSA
+
+key = RSA.generate(2048)
+
+binPrivKey = key.exportKey('PEM')
+binPubKey = key.publickey().exportKey('PEM')
+
+print binPrivKey
+print binPubKey
+```
+
+
+### E.4
+A simple RSA program to encrypt and decrypt with RSA is given next. Prove its operation:
+```python
+import rsa
+(bob_pub, bob_priv) = rsa.newkeys(512)
+ciphertext = rsa.encrypt('Here is my message', bob_pub)
+message = rsa.decrypt(ciphertext, bob_priv)
+print(message.decode('utf8'))
+```
+
+## F PGP
+### F.1
+The following is a PGP key pair. Using https://asecuritysite.com/encryption/pgp, can you determine the owner of the keys:
+
+
+### F.2
+Using the code at the following link, generate a key:
+https://asecuritysite.com/encryption/openpgp
+
+### F.3
+An important element in data loss prevention is encrypted emails. In this part of the lab we will use an open source standard: PGP.
+
+1 Create a key pair with (RSA and 2,048-bit keys):
+
+gpg --gen-key
+
+
+Now export your public key using the form of:
+
+gpg --export -a "Your name" > mypub.key
+
+Now export your private key using the form of:
+
+gpg --export-secret-key -a "Your name" > mypriv.key
+
+
+How is the randomness generated?
+
+
+
+Outline the contents of your key file:
+
+### 2
+Now send your lab partner your public key in the contents of an email, and ask them to import it onto their key ring (if you are doing this on your own, create another set of keys to simulate another user, or use Bill’s public key – which is defined at http://asecuritysite.com/public.txt and send the email to him):
+
+gpg --import theirpublickey.key
+
+
+Now list your keys with:
+
+gpg --list-keys
+
+Which keys are stored on your key ring and what details do they have:
+
+
+
+### 3
+Create a text file, and save it. Next encrypt the file with their public key:
+
+
+What does the –a option do:
+
+
+What does the –r option do:
+
+
+What does the –u option do:
+
+
+Which file does it produce and outline the format of its contents:
+
+
+### 4
+Send your encrypted file in an email to your lab partner, and get one back from them.
+
+Now create a file (such as myfile.asc) and decrypt the email using the public key received from them with:
+
+gpg –d myfile.asc > myfile.txt
+
+
+Can you decrypt the message:
+
+### 5
+Next using this public key file, send Bill (w.buchanan@napier.ac.uk) a question (http://asecuritysite.com/public.txt):
+
+
+
+
+Did you receive a reply:
+
+### 6
+Next send your public key to Bill (w.buchanan@napier.ac.uk), and ask for an encrypted message from him.
+
+## G TrueCrypt
+
+No Description Result
+1 Go to your Kali instance (User: root, Password: toor). Now Create a new volume and use an encrypted file container (use tc_yourname) with a Standard TrueCrypt volume.
+
+When you get to the Encryption Options, run the benchmark tests and outline the results:
+
+
+CPU (Mean)
+
+AES:
+AES-Twofish:
+AES-Two-Seperent
+Serpent -AES
+Serpent:
+Serpent-Twofish-AES
+Twofish:
+Twofish-Serpent:
+
+Which is the fastest:
+
+Which is the slowest:
+
+2 Select AES and RIPMD-160 and create a 100MB file. Finally select your password and use FAT for the file system.
+ What does the random pool generation do, and what does it use to generate the random key?
+
+
+
+3 Now mount the file as a drive.
+
+ Can you view the drive on the file viewer and from the console? [Yes][No]
+4 Create some files your TrueCrypt drive and save them.
+
+ Without giving them the password, can they read the file?
+
+With the password, can they read the files?
+
+
+
+The following files have the passwords of “Ankle123”, “foxtrot”, “napier123”, “password” or “napier”. Determine the properties of the files defined in the table:
+
+File
+ Size Encryption type Key size Files/folders on disk Hidden partition (y/n) Hash method
+http://asecuritysite.com/tctest01.zip
+
+
+http://asecuritysite.com/tctest02.zip
+
+
+http://asecuritysite.com/tctest03.zip
+
+
+Now with truecrack see if you can determine the password on the volumes. Which TrueCrypt volumes can truecrack?
+
+H Reflective statements
+1. In ECC, we use a 256-bit private key. This is used to generate the key for signing Bitcoin transactions. Do you think that a 256-bit key is largest enough? If we use a cracker what performs 1 Tera keys per second, will someone be able to determine our private key?
+
+
+
+
+
+
+## I What I should have learnt from this lab?
+The key things learnt:
+
+* The basics of the RSA method.
+* The process of generating RSA and Elliptic Curve key pairs.
+* To illustrate how the private key is used to sign data, and then using the public key to verify the signature.
+## Additional
+The following is code which performs RSA key generation, and the encryption and decryption of a message (https://asecuritysite.com/encryption/rsa_example):
+
+```python
+from Crypto.PublicKey import RSA
+from Crypto.Util import asn1
+from base64 import b64decode
+from base64 import b64encode
+from Crypto.Cipher import PKCS1_OAEP
+import sys
+
+msg = "hello..."
+
+if (len(sys.argv)>1):
+ msg=str(sys.argv[1])
+
+key = RSA.generate(1024)
+
+binPrivKey = key.exportKey('PEM')
+binPubKey = key.publickey().exportKey('PEM')
+
+print
+print "====Private key==="
+print binPrivKey
+print
+print "====Public key==="
+print binPubKey
+
+privKeyObj = RSA.importKey(binPrivKey)
+pubKeyObj = RSA.importKey(binPubKey)
+
+
+cipher = PKCS1_OAEP.new(pubKeyObj)
+ciphertext = cipher.encrypt(msg)
+
+print
+print "====Ciphertext==="
+print b64encode(ciphertext)
+
+cipher = PKCS1_OAEP.new(privKeyObj)
+message = cipher.decrypt(ciphertext)
+
+
+print
+print "====Decrypted==="
+print "Message:",message
+```
+
+Can you decrypt this:
+
+## B.3
+We get **modulus** (N), **publicExponent** (e), **privateExponent** (d), **prime1** (p), **prime2** (q). The other parameters are stored to speed up the RSA process, such as **exponent1** (d mod p-1), **exponent2** (d mod q-1) and **coefficient** (inv q mod p).
+
+## B.4
+If someone gets your private key they could decrypt things sent to you with your public key, or sign things on your behalf.
+## B.5
+We see a PUBLIC KEY string:
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3qXK4kCxn3BNk87vJUMwIznU8
+pTjr10Kma9+Jkj4zEy/fiZtYxvdmn1rKNq/8fEUDCcRVC8hQBpevqxFiJ3dbA7ZM
+6VjUAmztOfRfxSezgvkjswVSF1/cgBM32AB4nx1dkCV/Wgedn3KFIFU+b8LH1ZLo
+yRMyLnwWmAkT/mBC/QIDAQAB
+-----END PUBLIC KEY-----
+
+## C.3
+We generate the public key from the private key. If we have a private key (priv) and a generator point (G). The public key is priv G. In this case we are using a curve of secp256k1.
+
+napieraccount@ubuntu:~/test$ gpg --gen-key
+gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048)
+Requested keysize is 2048 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ = key expires in n days
+ w = key expires in n weeks
+ m = key expires in n months
+ y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+You need a user ID to identify your key; the software constructs the user ID
+from the Real Name, Comment and Email Address in this form:
+ "Heinrich Heine (Der Dichter) "
+
+Real name: Bill Buchanan
+Email address: w.buchanan@napier.ac.uk
+Comment: Test
+You selected this USER-ID:
+ "Bill Buchanan (Test) "
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+..+++++
+......+++++
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+....+++++
++++++
+gpg: key B3396725 marked as ultimately trusted
+public and secret key created and signed.
+
+gpg: checking the trustdb
+gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
+pub 2048R/B3396725 2020-02-05
+ Key fingerprint = C6AA 3C69 9BB9 B49F 1E19 55B7 4CA0 F614 B339 6725
+uid Bill Buchanan (Test)
+sub 2048R/F06888D7 2020-02-05
+
+
+
+
+## H.1
+Password: napier
+
+
+
+
+
diff --git a/unit04_public_key/lab/tc.png b/unit04_public_key/lab/tc.png
new file mode 100644
index 0000000..5d9bd63
Binary files /dev/null and b/unit04_public_key/lab/tc.png differ
diff --git a/unit04_public_key/lecture/README.MD b/unit04_public_key/lecture/README.MD
new file mode 100644
index 0000000..8c24877
--- /dev/null
+++ b/unit04_public_key/lecture/README.MD
@@ -0,0 +1,35 @@
+
+
+# e-Security Unit 4: Public Key
+
+The key concepts are: Basics, RSA, Elliptic Curve and ElGamal.
+
+## What you should know at the end of unit?
+
+* Explain how public key provides both privacy and identity verification.
+ * Where would I find this info? This unit explains public key.
+* Understand how the RSA process works, with a simple example.
+* Understand how elliptic curve cryptography works, with a simple example.
+* Explain the operation of PGP.
+* Understands how the private key is used to check the identity of the sender, and how public key is used to preserve the privacy of the message.
+* Explain how the e and d values are determined within the RSA method.
+ * Where would I find this info? There are some examples [here](https://asecuritysite.com/log/rsa_examples.pdf).
+
+## Presentations
+
+* Week 4 Presentation (PDF) - Public Key Encryption: [here](https://github.com/billbuchanan/esecurity/blob/master/unit04_public_key/lecture/chapter04_public_msc.pdf).
+* Week 4 Presentation (video) - Public Key Encryption: [here](https://youtu.be/QEYqkxuzoTg).
+* Week 4 Presentation (lecture video - 8 Feb 2020) - Public Key Encryption: [here](https://www.youtube.com/watch?v=PEdCHWdE3zk).
+
+## Examples
+
+RSA Examples: [here](https://asecuritysite.com/public/rsa_examples.pdf)
+
+## Quick demos
+
+* Introduction to RSA: [here](https://www.youtube.com/watch?v=pHES8eNor6k)
+* Introduction to Elliptic Curve: [here](https://youtu.be/_CwIWk6XDmg)
+* Picking the Generator Value (G): [here](https://www.youtube.com/watch?v=-TjSuch3VGU)
+
+
+
diff --git a/unit04_public_key/lecture/chapter04_public_msc.key b/unit04_public_key/lecture/chapter04_public_msc.key
new file mode 100644
index 0000000..24de965
Binary files /dev/null and b/unit04_public_key/lecture/chapter04_public_msc.key differ
diff --git a/unit04_public_key/lecture/chapter04_public_msc.pdf b/unit04_public_key/lecture/chapter04_public_msc.pdf
new file mode 100644
index 0000000..fc262a2
Binary files /dev/null and b/unit04_public_key/lecture/chapter04_public_msc.pdf differ
diff --git a/unit04_public_key/lecture/chapter04_public_msc.pptx b/unit04_public_key/lecture/chapter04_public_msc.pptx
new file mode 100644
index 0000000..083bfd8
Binary files /dev/null and b/unit04_public_key/lecture/chapter04_public_msc.pptx differ
diff --git a/unit04_public_key/src/a_01.key b/unit04_public_key/src/a_01.key
new file mode 100644
index 0000000..89133af
--- /dev/null
+++ b/unit04_public_key/src/a_01.key
@@ -0,0 +1,32 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFTzi1ABCADIEWchOyqRQmU4AyQAMj2Pn68Sqo9lTPdPcItwo9LbTdv1YCFz
+w3qLlp2RORMP+Kpdi92CIhdUYHDmZfHZ3IWTBgo9+y/Np9UJ6tNGocrgsq4xWz15
+4vX4jJRddC7QySSh9UxDpRWf9sgqEv1pah136r95ZuyjC1EXnoNxdLJtx8PliCXc
+hV/v4+KfOyzYh+HDJ4xP2bt1S07dkasYZ6cA7BHYi9k4xgEwxVvYtNjSPjTsQY5R
+cTayXveGafuxmhSauZKiB/2TFErjEt49Y+p07tPTLX7bhMBVbUvojtt/JeUKV6vK
+R82dmOd8seUvhwOHYB0JL+3S7PgFFsLo1NV5ABEBAAG0LkJpbGwgQnVjaGFuYW4g
+KE5vbmUpIDx3LmJ1Y2hhbmFuQG5hcGllci5hYy51az6JATkEEwECACMFAlTzi1AC
+GwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDsAFZRGtdPQi13B/9KHeFb
+l1AxqbafFGRDEvx8UfPnEww4FFqWhcr8RLWyE8/COlUpB/5AS2yvojmbNFMGzURb
+LGf/u1LVH0a+NHQu57u8Sv+g3bBthEPh4bKaEzBYRS/dYHOx3APFyIayfm78JVRF
+zdeTOOf6PaXUTRx7iscCTkN8DUD3lg/465ZX5aH3HWFFX500JSPSt0/udqjoQuAr
+WA5JqB//g2GfzZe1UzH5Dz3PBbJky8GiIfLm0OXSEIgAmpvc/9NjzAgjOW56n3Mu
+sjVkibc+lljw+rOo97CfJMppmtcOvehvQv+KG0LZnpibiWVmM3vT7E6kRy4gEbDu
+enHPDqhsvcqTDqaduQENBFTzi1ABCACzpJgZLK/sge2rMLURUQQ6l02UrS/GilGC
+ofq3WPnDt5hEjarwMMwN65Pb0Dj0i7vnorhL+fdb/J8b8QTiyp7i03dZVhDahcQ5
+8afvCjQtQstY8+K6kZFzQOBgyOS5rHAKHNSPFq45MlnPo5aaDvP7s9mdMILITvlb
+CFhcLoC6Oqy+JoaHupJqHBqGc48/5NU4qbt6fB1AQ/H4M+6og4OozohgkQb80Hox
+YbJV4sv4vYMULd+FKOg2RdGeNMM/aWdqYo90qb/W2aHCCyXmhGHEEuok9jbc8cr/
+xrWL0gDwlWpad8RfQwyVU/VZ3Eg3OseL4SedEmwOO
+cr15XDIs6dpABEBAAGJAR8E
+GAECAAkFAlTzi1ACGwwACgkQ7ABWURrXT0KZTgf9FUpkh3wv7aC5M2wwdEjt0rDx
+nj9kxH99hhuTX2EHXuNLH+SwLGHBq5O2sq3jfP+owEhs8/Ez0j1/fSKIqAdlz3mB
+dbqWPjzPTY/m0It+wv3epOM75uWjD35PF0rKxxZmEf6SrjZD1sk0B9bRy2v9iWN9
+9ZkuvcfH4vT++PognQLTUqNx0FGpD1agrG0lXSCtJWQXCXPfWdtbIdThBgzH4flZ
+ssAIbCaBlQkzfbPvrMzdTIP+AXg6++K9SnO9N/FRPYzjUSEmpRp+ox31WymvczcU
+RmyUquF+/zNnSBVgtY1rzwaYi05XfuxG0WHVHPTtRyJ5pF4HSqiuvk6Z/4z3bw==
+=ZrP+
+-----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/unit04_public_key/src/a_02.cipher b/unit04_public_key/src/a_02.cipher
new file mode 100644
index 0000000..994a213
--- /dev/null
+++ b/unit04_public_key/src/a_02.cipher
@@ -0,0 +1 @@
+Pob7AQZZSml618nMwTpx3V74N45x/rTimUQeTl0yHq8F0dsekZgOT385Jls1HUzWCx6ZRFPFMJ1RNYR2Yh7AkQtFLVx9lYDfb/Q+SkinBIBX59ER3/fDhrVKxIN4S6h2QmMSRblh4KdVhyY6cOxu+g48Jh7TkQ2Ig93/nCpAnYQ=
diff --git a/unit04_public_key/src/a_02.key b/unit04_public_key/src/a_02.key
new file mode 100644
index 0000000..1a7b06a
--- /dev/null
+++ b/unit04_public_key/src/a_02.key
@@ -0,0 +1 @@
+MIICXAIBAAKBgQCwgjkeoyCXm9v6VBnUi5ihQ2knkdxGDL3GXLIUU43/froeqk7q9mtxT4AnPAaDX3f2r4STZYYiqXGsHCUBZcI90dvZf6YiEM5OY2jgsmqBjf2Xkp/8HgN/XDw/wD2+zebYGLLYtd2u3GXx9edqJ8kQcU9LaMH+ficFQyfq9UwTjQIDAQABAoGAD7L1a6Ess+9b6G70gTANWkKJpshVZDGb63mxKRepaJEX8sRJEqLqOYDNsC+pkKO8IsfHreh4vrp9bsZuECrB1OHSjwDB0S/fm3KEWbsaaXDUAu0dQg/JBMXAKzeATreoIYJItYgwzrJ++fuquKabAZumvOnWJyBIs2z103kDz2ECQQDnn3JpHirmgVdf81yBbAJaXBXNIPzOcCth1zwFAs4EvrE35n2HvUQuRhy3ahUKXsKX/bGvWzmC2O6kbLTFEygVAkEAwxXZnPkaAY2vuoUCN5NbLZgegrAtmU+U2woa5A0fx6uXmShqxo1iDxEC71FbNIgHBg5srsUyDj3OsloLmDVjmQJAIy7qLyOA+sCc6BtMavBgLx+bxCwFmsoZHOSX3l79smTRAJ/HY64RREIsLIQ1q/yW7IWBzxQ5WTHgliNZFjKBvQJBAL3t/vCJwRz0Ebs5FaB/8UwhhsrbtXlGdnkOjIGsmV0vHSf6poHqUiay/DV88pvhN11ZG8zHpeUhnaQccJ9ekzkCQDHHG9LYCOqTgsyYms//cW4sv2nuOE1UezTjUFeqOlsgO+WN96b/M5gnv45/Z3xZxzJ4HOCJ/NRwxNOtEUkw+zY=
diff --git a/unit04_public_key/src/a_02.py b/unit04_public_key/src/a_02.py
new file mode 100644
index 0000000..156c83c
--- /dev/null
+++ b/unit04_public_key/src/a_02.py
@@ -0,0 +1,12 @@
+from Crypto.PublicKey import RSA
+from Crypto.Util import asn1
+from base64 import b64decode
+
+msg="Pob7AQZZSml618nMwTpx3V74N45x/rTimUQeTl0yHq8F0dsekZgOT385Jls1HUzWCx6ZRFPFMJ1RNYR2Yh7AkQtFLVx9lYDfb/Q+SkinBIBX59ER3/fDhrVKxIN4S6h2QmMSRblh4KdVhyY6cOxu+g48Jh7TkQ2Ig93/nCpAnYQ="
+privatekey = 'MIICXAIBAAKBgQCwgjkeoyCXm9v6VBnUi5ihQ2knkdxGDL3GXLIUU43/froeqk7q9mtxT4AnPAaDX3f2r4STZYYiqXGsHCUBZcI90dvZf6YiEM5OY2jgsmqBjf2Xkp/8HgN/XDw/wD2+zebYGLLYtd2u3GXx9edqJ8kQcU9LaMH+ficFQyfq9UwTjQIDAQABAoGAD7L1a6Ess+9b6G70gTANWkKJpshVZDGb63mxKRepaJEX8sRJEqLqOYDNsC+pkKO8IsfHreh4vrp9bsZuECrB1OHSjwDB0S/fm3KEWbsaaXDUAu0dQg/JBMXAKzeATreoIYJItYgwzrJ++fuquKabAZumvOnWJyBIs2z103kDz2ECQQDnn3JpHirmgVdf81yBbAJaXBXNIPzOcCth1zwFAs4EvrE35n2HvUQuRhy3ahUKXsKX/bGvWzmC2O6kbLTFEygVAkEAwxXZnPkaAY2vuoUCN5NbLZgegrAtmU+U2woa5A0fx6uXmShqxo1iDxEC71FbNIgHBg5srsUyDj3OsloLmDVjmQJAIy7qLyOA+sCc6BtMavBgLx+bxCwFmsoZHOSX3l79smTRAJ/HY64RREIsLIQ1q/yW7IWBzxQ5WTHgliNZFjKBvQJBAL3t/vCJwRz0Ebs5FaB/8UwhhsrbtXlGdnkOjIGsmV0vHSf6poHqUiay/DV88pvhN11ZG8zHpeUhnaQccJ9ekzkCQDHHG9LYCOqTgsyYms//cW4sv2nuOE1UezTjUFeqOlsgO+WN96b/M5gnv45/Z3xZxzJ4HOCJ/NRwxNOtEUkw+zY='
+
+keyDER = b64decode(privatekey)
+keys = RSA.importKey(keyDER)
+
+dmsg = keys.decrypt(b64decode(msg))
+print dmsg
diff --git a/unit04_public_key/src/a_03.py b/unit04_public_key/src/a_03.py
new file mode 100644
index 0000000..06e4eab
--- /dev/null
+++ b/unit04_public_key/src/a_03.py
@@ -0,0 +1,12 @@
+from Crypto.PublicKey import RSA
+from Crypto.Util import asn1
+from base64 import b64decode
+
+msg="Pob7AQZZSml618nMwTpx3V74N45x/rTimUQeTl0yHq8F0dsekZgOT385Jls1HUzWCx6ZRFPFMJ1RNYR2Yh7AkQtFLVx9lYDfb/Q+SkinBIBX59ER3/fDhrVKxIN4S6h2QmMSRblh4KdVhyY6cOxu+g48Jh7TkQ2Ig93/nCpAnYQ="
+privatekey = 'MIICXAIBAAKBgQCwgjkeoyCXm9v6VBnUi5ihQ2knkdxGDL3GXLIUU43/froeqk7q9mtxT4AnPAaDX3f2r4STZYYiqXGsHCUBZcI90dvZf6YiEM5OY2jgsmqBjf2Xkp/8HgN/XDw/wD2+zebYGLLYtd2u3GXx9edqJ8kQcU9LaMH+ficFQyfq9UwTjQIDAQABAoGAD7L1a6Ess+9b6G70gTANWkKJpshVZDGb63mxKRepaJEX8sRJEqLqOYDNsC+pkKO8IsfHreh4vrp9bsZuECrB1OHSjwDB0S/fm3KEWbsaaXDUAu0dQg/JBMXAKzeATreoIYJItYgwzrJ++fuquKabAZumvOnWJyBIs2z103kDz2ECQQDnn3JpHirmgVdf81yBbAJaXBXNIPzOcCth1zwFAs4EvrE35n2HvUQuRhy3ahUKXsKX/bGvWzmC2O6kbLTFEygVAkEAwxXZnPkaAY2vuoUCN5NbLZgegrAtmU+U2woa5A0fx6uXmShqxo1iDxEC71FbNIgHBg5srsUyDj3OsloLmDVjmQJAIy7qLyOA+sCc6BtMavBgLx+bxCwFmsoZHOSX3l79smTRAJ/HY64RREIsLIQ1q/yW7IWBzxQ5WTHgliNZFjKBvQJBAL3t/vCJwRz0Ebs5FaB/8UwhhsrbtXlGdnkOjIGsmV0vHSf6poHqUiay/DV88pvhN11ZG8zHpeUhnaQccJ9ekzkCQDHHG9LYCOqTgsyYms//cW4sv2nuOE1UezTjUFeqOlsgO+WN96b/M5gnv45/Z3xZxzJ4HOCJ/NRwxNOtEUkw+zY='
+
+keyDER = b64decode(privatekey)
+keys = RSA.importKey(keyDER)
+
+dmsg = keys.decrypt(b64decode(msg))
+print dmsg
diff --git a/unit04_public_key/src/d_01.py b/unit04_public_key/src/d_01.py
new file mode 100644
index 0000000..cceeb82
--- /dev/null
+++ b/unit04_public_key/src/d_01.py
@@ -0,0 +1,30 @@
+import OpenSSL
+import pyelliptic
+
+secretkey="password"
+test="Test123"
+
+alice = pyelliptic.ECC()
+bob = pyelliptic.ECC()
+
+print "++++Keys++++"
+print "Bob's private key: "+bob.get_privkey().encode('hex')
+print "Bob's public key: "+bob.get_pubkey().encode('hex')
+
+print
+print "Alice's private key: "+alice.get_privkey().encode('hex')
+print "Alice's public key: "+alice.get_pubkey().encode('hex')
+
+
+ciphertext = alice.encrypt(test, bob.get_pubkey())
+
+print "\n++++Encryption++++"
+
+print "Cipher: "+ciphertext.encode('hex')
+
+print "Decrypt: "+bob.decrypt(ciphertext)
+
+signature = bob.sign("Alice")
+
+print
+print "Bob verified: "+ str(pyelliptic.ECC(pubkey=bob.get_pubkey()).verify(signature, "Alice"))
diff --git a/unit04_public_key/src/d_03.py b/unit04_public_key/src/d_03.py
new file mode 100644
index 0000000..9b144c2
--- /dev/null
+++ b/unit04_public_key/src/d_03.py
@@ -0,0 +1,24 @@
+from ecdsa import SigningKey,NIST192p,NIST224p,NIST256p,NIST384p,NIST521p,SECP256k1
+import base64
+import sys
+
+msg="Hello"
+type = 1
+cur=NIST192p
+
+
+sk = SigningKey.generate(curve=cur)
+
+vk = sk.get_verifying_key()
+
+signature = sk.sign(msg)
+
+print "Message:\t",msg
+print "Type:\t\t",cur.name
+print "========================="
+
+print "Signature:\t",base64.b64encode(signature)
+
+print "========================="
+
+print "Signatures match:\t",vk.verify(signature, msg)
diff --git a/unit04_public_key/src/e_01.py b/unit04_public_key/src/e_01.py
new file mode 100644
index 0000000..8cbd7c7
--- /dev/null
+++ b/unit04_public_key/src/e_01.py
@@ -0,0 +1,14 @@
+p=11
+q=3
+N=p*q
+PHI=(p-1)*(q-1)
+e=3
+for d in range(1,100):
+ if ((e*d % PHI)==1): break
+print e,N
+print d,N
+M=4
+cipher = M**e % N
+print cipher
+message = cipher**d % N
+print message
diff --git a/unit04_public_key/src/e_02.py b/unit04_public_key/src/e_02.py
new file mode 100644
index 0000000..9273555
--- /dev/null
+++ b/unit04_public_key/src/e_02.py
@@ -0,0 +1,46 @@
+def extended_euclidean_algorithm(a, b):
+ """
+ Returns a three-tuple (gcd, x, y) such that
+ a * x + b * y == gcd, where gcd is the greatest
+ common divisor of a and b.
+
+ This function implements the extended Euclidean
+ algorithm and runs in O(log b) in the worst case.
+ """
+ s, old_s = 0, 1
+ t, old_t = 1, 0
+ r, old_r = b, a
+
+ while r != 0:
+ quotient = old_r // r
+ old_r, r = r, old_r - quotient * r
+ old_s, s = s, old_s - quotient * s
+ old_t, t = t, old_t - quotient * t
+
+ return old_r, old_s, old_t
+
+
+def inverse_of(n, p):
+ """
+ Returns the multiplicative inverse of
+ n modulo p.
+
+ This function returns an integer m such that
+ (n * m) % p == 1.
+ """
+ gcd, x, y = extended_euclidean_algorithm(n, p)
+ assert (n * x + p * y) % p == gcd
+
+ if gcd != 1:
+ # Either n is 0, or p is not a prime number.
+ raise ValueError(
+ '{} has no multiplicative inverse '
+ 'modulo {}'.format(n, p))
+ else:
+ return x % p
+
+val1=65537
+val2=1034776851837418226012406113933120080
+
+print "Inverse of ",val1," mod ",val2
+print "Result:\t:",inverse_of(val1,val2)
\ No newline at end of file
diff --git a/unit04_public_key/src/e_03.py b/unit04_public_key/src/e_03.py
new file mode 100644
index 0000000..2fdc0e4
--- /dev/null
+++ b/unit04_public_key/src/e_03.py
@@ -0,0 +1,9 @@
+from Crypto.PublicKey import RSA
+
+key = RSA.generate(2048)
+
+binPrivKey = key.exportKey('PEM')
+binPubKey = key.publickey().exportKey('PEM')
+
+print binPrivKey
+print binPubKey
diff --git a/unit04_public_key/src/e_04.py b/unit04_public_key/src/e_04.py
new file mode 100644
index 0000000..7082d87
--- /dev/null
+++ b/unit04_public_key/src/e_04.py
@@ -0,0 +1,5 @@
+import rsa
+(bob_pub, bob_priv) = rsa.newkeys(512)
+ciphertext = rsa.encrypt('Here is my message', bob_pub)
+message = rsa.decrypt(ciphertext, bob_priv)
+print(message.decode('utf8'))
diff --git a/unit04_public_key/src/f_01.key b/unit04_public_key/src/f_01.key
new file mode 100644
index 0000000..712e419
--- /dev/null
+++ b/unit04_public_key/src/f_01.key
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: OpenPGP.js v4.4.5
+Comment: https://openpgpjs.org
+
+xk0EXEOaUwEB/23mU5DUhCpqpNE6arppQGZ29FbrBwyeC+daQun6seJCVKtc
+FRo/3UCY9m7QG+waEqMIYZJEgQ3XDZaqr5eVQyUAEQEAAc0UYmlsbCA8Ymls
+bEBob21lLmNvbT7CdQQQAQgAHwUCXEOaUwYLCQcIAwIEFQgKAgMWAgECGQEC
+GwMCHgEACgkQKUkmMSz1QV9DgwH/ZbIUqNf8wpBm5R8LIT/him54e4uQEU2F
+Qc0QH8E6R/zvafbs9ucrlhTqBzZ/hAUW4fgAmMnjIE16j//6LiYMcc5NBFxD
+mlMBAgC3nnakjnNTQJd6uvfl7pv0oYIZFVJcgL967X6fCCYxgEcj9ggxTU0m
+uR2PZE3MrJpJ0PUxVuVAKSq9Bpy4qpazABEBAAHCXwQYAQgACQUCXEOaUwIb
+DAAKCRApSSYxLPVBX9qjAf9J5aNcCOWjQ0nbWCCJXlgow1wX3QfHnmbucmIV
+Cv4YL42MSG/ITxSYBRPPH7aWQovGWrYNi1biE97hOoJK/u3B
+=izGt
+-----END PGP PUBLIC KEY BLOCK-----
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: OpenPGP.js v4.4.5
+Comment: https://openpgpjs.org
+
+xcBmBFxDmlMBAf9t5lOQ1IQqaqTROmq6aUBmdvRW6wcMngvnWkLp+rHiQlSr
+XBUaP91AmPZu0BvsGhKjCGGSRIEN1w2Wqq+XlUMlABEBAAH+CQMIEveTAKxi
+FcXge4hGtg7aAXr5gWN/ORXryIllJ71QtYs198KA2Pe2JKPdqr75s5Gr0CgC
+dxCSX8DDbhD6xRAb8QPBmvI+Sr+zYyKfti8pCkVoNBShnS17iLErIyCi8PyF
+3lNwvFisimvayT/Pgc6rXlHvssmsStfD8JPWN9uelpctUAHYEjXgi0wNFhJ2
+wHLr1Lyh5Fa1+GXRJyjMLsZlftjV7qh73jwkLhczSm7/YQu5KLH1OUp6EufG
+zupFeYYoxltpMknCPD0hc5zY3c6JUtsDLqgjzRRiaWxsIDxiaWxsQGhvbWUu
+Y29tPsJ1BBABCAAfBQJcQ5pTBgsJBwgDAgQVCAoCAxYCAQIZAQIbAwIeAQAK
+CRApSSYxLPVBX0ODAf9lshSo1/zCkGblHwshP+GKbnh7i5ARTYVBzRAfwTpH
+/O9p9uz25yuWFOoHNn+EBRbh+ACYyeMgTXqP//ouJgxxx8BmBFxDmlMBAgC3
+nnakjnNTQJd6uvfl7pv0oYIZFVJcgL967X6fCCYxgEcj9ggxTU0muR2PZE3M
+rJpJ0PUxVuVAKSq9Bpy4qpazABEBAAH+CQMIeS5rkywMn6zgGeySszlTdTpC
+F9+nqBzmw+gmVWfsW0TGwNOZwdzpAiUWy29Bs7VjokjUqSz6sJt4erZp2hga
+U+pr9Dtg3eLV6jLQ+DqtKFcT3mMH0tY6AlHCebB/06fZh+Xh0Iy75lv2bhae
+xwAjZWi1SmdSdqYRFvpjdWJIUWLvH7uGA/1JOwBWIv9b0hJFKARs3r5SuPar
+FhpRPx1AtCyMnBGAs8gODsyCR5neF+HLmjBhhuDUWgvI2spVC3vomT3obd4I
+SrZ0p22AvbO0Yh55Vz5Swl8EGAEIAAkFAlxDmlMCGwwACgkQKUkmMSz1QV/a
+owH/SeWjXAjlo0NJ21ggiV5YKMNcF90Hx55m7nJiFQr+GC+NjEhvyE8UmAUT
+zx+2lkKLxlq2DYtW4hPe4TqCSv7twQ==
+=K+xR
+-----END PGP PRIVATE KEY BLOCK-----
\ No newline at end of file
diff --git a/unit04_public_key/src/f_02.js b/unit04_public_key/src/f_02.js
new file mode 100644
index 0000000..44e25d8
--- /dev/null
+++ b/unit04_public_key/src/f_02.js
@@ -0,0 +1,25 @@
+const openpgp = require('openpgp')
+var name1='bill';
+var email1='bill@home.com';
+
+var args = process.argv;
+if (args.length>1) name=args[2];
+if (args.length>2) email=args[3];
+
+openpgp.initWorker({ path:'openpgp.worker.js' }) // set the relative web worker path
+
+var options = {
+ userIds: [{ name:name1, email:email1 }], // multiple user IDs
+ numBits: 512, // RSA key size
+ passphrase: 'password' // protects the private key
+};
+
+openpgp.generateKey(options).then(function(key) {
+ var privkey = key.privateKeyArmored; // '-----BEGIN PGP PRIVATE KEY BLOCK ... '
+ var pubkey = key.publicKeyArmored; // '-----BEGIN PGP PUBLIC KEY BLOCK ... '
+ var revocationCertificate = key.revocationCertificate; // '-----BEGIN PGP PUBLIC KEY BLOCK ... '
+
+ console.log(pubkey);
+ console.log(privkey);
+
+});
diff --git a/unit04_public_key/src/f_02.key b/unit04_public_key/src/f_02.key
new file mode 100644
index 0000000..437af19
--- /dev/null
+++ b/unit04_public_key/src/f_02.key
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.21 (MingW32)
+
+mQINBFIpG2IBEACuiDv9Lo8UW0eUh9sUvB11tncGMIgJczcdSlHXNoApf0uEmTPw
+ngIpmkeOdXniLeEHv2eao98I3IjtIfvo2YfnqFQ2lSn+UUfnCf+nh6jYAnyEOCIi
+dr8oXN5Lx91XfRCdU17oGYW6azTIKZqxLQticf0GvCaXYHdBaAqU5E1C20sC6CnV
+IlqIxr/kjzvQdhZ1Ig8LPu9Ol7ltsf6BevEI0wSLJFRZXF3mHb9iYNtJnz+gWj/S
+XBWcgJpFblH0dOo8gyF/K58HBMh8NPo9nQqO9bWmo/TMPzdX5DERGMaZ92tg34I6
+bFjGj2oflu22o8WlOZn07iXAkJKG6BLcnOT4tpqVCWrM2YBr+eD7BR9Q2qRaJQ3T
+8fm2ohYHiLjqkvH7/LjpGTilcdwkHmUjr9pD/MJQZR5BsyyWg0a6A35jvViAVaAo
+Zkz+wFE6TCIdPGBj9q+vH++F3MZDl/qREiWeUn1cu01JobPJIr6b48eyLkxHbeu3
+z1GlIuzNfC8al/Wr9rPJZpOehf/woddIdkxnYvqyyxXo/t7/7ksMJglW6VVVKVgG
+mWEFHoL93pcKXZdqImsCUtK362v8qrb3RlhG/zgFHBRljcvAVbeP+Y7HayeO756i
+WewGiy/9Z5dlS1MV594fhXM9BzwMWfbosZBivi1jvOEyTSpma3q0fHx/tQARAQAB
+tCBzY2huZWllciA8c2NobmVpZXJAc2NobmVpZXIuY29tPokCOQQTAQIAIwUCUikb
+YgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJELS0KiztrOpnODkP/3PA
+sx0r2/6D48GLqTmUBwJiK6z4EmNaMmwElvqzeadc7DknzSqHKWDcDCZPxllIlDRv
+kdAx7kKq+zuSAfzEtK+KZ4jm0ahn5bpdDzp+j8YHvym+JXcmy+JSIgdtQmCybT0B
+1xPyrVpxK7uEr6M+XBxIZ8OfpKf1uQbBQllwL47ejgYGdHP5kX0dMb2hr4OcfpxC
+ah/OXf3CpXYuOxrFIQ+b0NoqQCcap/6ggVO/cKO06d9J+xhJd0Rv5B4ILBLx0/PM
+Y4UbOs/7uAOwTkQTCIUkURq2mIHQBy4jLIVaOACdwHaKaC6C6Q6/rSiNHDQuOKZF
+Q0LVS+ygiQg7VWyA1dVsyGZTeIlQ6UwHARasrSs6AtKHbKaU6cZ1IKYmv+y5vQ3u
+dfl2cePriJIJgiZEFWe/iH5tDvIQkGkUnOACvVMtMtP9tfhL6igrMazck/JjXRHv
+RL1VUKwZx0rQrT7APxHBL/wAwCLE4Hf6eEMegyeqkY7l/bSTTvwGfA+VlMGyi93v
+5J9JNopmk9XRCGjYlK1uDxSvWnJIm5BpQVGFFx0bLx+0Y89fVwqKzOuv5DvQ7CRT
+EMuBSDZrZLpS0y7yBHfYHijxV3R7/LQvWr04uaAViPrTUFvHrY4vxDk43YHLjeQ8
+Eu3SnlSp19cAVXiImAdd5kp7koG4+6k0zDHyla7puQINBFIpG2IBEAC48ibokoiU
++lIFRGWk1ZOHxGQXZkh9LRocpaUF+b0AonYjWD/tzoQ/KhMWU6aPiu/Ldg7FcdFY
+o7FnCLkz1FMRhr3oS0YrkUiEirWGPEWMJdwrGp0t6ecy2g0Q0Jhc8O8JNE5pAmtE
+tVkb2MWgD0hRUIoFSO/abtCtQUkV7ymkPNJ5HTArNjjCcZ9QdQZykAqYqXhKbv2W
+IMe/tUGaJYFw5xpuMdZ+etm8xFuw6iLO5EgDtLvAp7yooqOgQIXwXG0EBMshFdqO
+ivpgG/JldYqx1li2S53wiCqHXJr7M9Ch23Maix14/6Q6PK20KgLjeo9WTgLCJjB1
+krUNbgbWOQIxk/ZgXcs4Z+VJXAFHrL3yoR+rBKYDDDjnSm0oWCvfYmNADSwaNPgJ
+cLL4/ibTUZZBezMqppfyTZjrBI1Ng+UMoRyMeJe3Ypg6/HvQ82B6wPSZZs49YkKK
+F36TrHUuSuO2vlVELb9NYM8ZVG8hJ/Og/PVyGKGCEb0EwgefwMomKRlNbk7IQoAb
+fzbhhRlhyZbFAD3QtuCJnTyHb/FSoXGS/PDpRyFRMQQsNQznded5TzAqmbnw1ZAQ
+zbZ/A3WKNoSrsyY97y8XZhXMlcpYOsUR7hGJoxQOizw57Y42nGltJpyntYGR/M10
+0Xl+h0zrSfCwG86GZHhhgvG4I/RdgwvWVQARAQABiQIfBBgBAgAJBQJSKRtiAhsM
+AAoJELS0KiztrOpn9ikP/i22bfoOzsyqG57YL2yxG2AM0N/qy5yfJT9uNJky3rRW
+zZ+iEglOKKwCj60fKbp9snm3Xyj8t6LGrM6Qu8YuKX40wHx7m2VUpgheeKoZAHV2
+9oCnwkJ8V3OJhp7D32O0TRya4ZhAXNrAGqEPUp0E8Yep/bWPUAlNtOxp1y2sJIHG
+mtcEee0J/AFJvU3BS885IbJxCA3YdEbgx45B8Et74WpCj4LuWrii7GmEnXbh/kv/
+JLzniZCV/5F/+8dfUZld/02GYZN02lorlbzdbZkkh6dc+GbyN0kSnQMEBhIp9xDW
+RdtbHdJpMNUxZyFAhCU7k1bTs5Fo1QNgug76LQhlhSwc/DpZWMTeKwas7P8VelAu
+5ZX3eUV0pB+sinFb+ArhW9nCtBBebLAJTL86tlxe4mq4C9sHV4AW6amcisAU8OEN
+e2MX3zIbN9I23EM+5mRVfGHavVR0gRU8M/QcO9FEP5Q3nFt6rWWfYMPSwV0Vk1kG
+ThswcgVlMG/ed6u2zlt4A39V414Lz/fECSFlTo1f3T3i2j06TT+QNMj/4jMZHsqj
+QlRYkxLnN2DRwmbPJeBtGCfW3wvhDZJ0w1XvBcO9fJLIkw87swaFCQclw66EM2Ga
+Mhc2jkLSMoXGEv/OHvneDPIZN9lSJWweHtVayhk2buFMxWka4sVTrfMvFx4Fm5ve
+=R5Hk
+-----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/unit05_key_exchange/README.md b/unit05_key_exchange/README.md
new file mode 100644
index 0000000..496e105
--- /dev/null
+++ b/unit05_key_exchange/README.md
@@ -0,0 +1,53 @@
+
+
+# Unit 5: Key Exchange
+The key concepts are: Basics of Key Exchange; Diffie-Hellman, Diffie-Hellman Weaknesses, ECDH, and Passing Key Using Public Key.
+What you should know at the end of unit?
+
+* Understand how the Diffie-Hellman process works, with a simple example
+* Understands how the private key is used to check the identity of the sender, and how public key is used to preserve the privacy of the message.
+* Understand the basics of how Bob and Alice generate a shared key with ECC.
+
+## Presentations
+
+* Week 5 Presentation (lecture - Part 1) - Key Exchange: [here](https://youtu.be/l_osjo8r13Q)
+* Week 5 Presentation (lecture - Part 2) - Key Exchange: [here](https://youtu.be/95AuvZNm0Yg)
+* Week 5 Presentation (PDF) - Key Exchange: [here](https://asecuritysite.com/public/unit05_key_exchange.pdf)
+* Week 5 Presentation (class lecture) - Key Exchange (Recorded 14 Feb 2020): [here](https://youtu.be/WIkDh_5198M)
+
+## Lab
+
+* Week 5 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/blob/master/unit05_key_exchange/lab/new_lab05.pdf)
+* Week 5 Lab (Demo): [here](https://www.youtube.com/watch?v=Lnw4FhiOwiU&feature=youtu.be)
+
+## Sample Exam Questions
+
+The following are sample questions for key exchange:
+
+* Eve listens to Bob and Alice's communcication for their Diffie-Hellman handshaking. In order to generate the same key as Bob and Alice, which values will Eve try to determine, and how is it likely to be difficult to gain these?
+* For the following key exchanges, Bob generates x, and Alice generates y. Prove the shared key. [Examples](https://asecuritysite.com/public/diffie_examples.pdf)
+ * x=3, y=4, G=4 and N=7. Share=1.
+ * x=6, y=15, G=5 and N=23. Share=2.
+ * x=5, y=7, G=10 and N=541. Share=193.
+ * x=6, y=15, G=5 and N=23. Share=2.
+ * x=7, y=7, G=5 and N=11. Share=9.
+ * x=7, y=9, G=8 and N=13. Share=5.
+ * x=5, y=4, G=2969 and N=9929. Share=8106.
+ * x=6, y=5, G=3881 and N=125. Share=792.
+ * x=3, y=4, G=3623 and N=1153. Share=939.
+* Why are Forward Security and Ephemeral so important for the security of your keys?
+
+## Examples
+
+* Diffie-Hellman Examples: [here](https://asecuritysite.com/public/diffie_examples.pdf)
+* ECDH Step-by-step: [here](https://asecuritysite.com/encryption/js08)
+
+## Quick demos
+
+* Introduction to Diffie-Hellman: [here](https://www.youtube.com/watch?v=wyNPhNAsmJ0)
+* ECDH [here](https://youtu.be/uQQz3MX-d8I)
+* Picking the Generator Value (G): [here](https://www.youtube.com/watch?v=-TjSuch3VGU)
+
+## Any questions?
+
+Slackspace: esecurity2020.slack.com
diff --git a/unit05_key_exchange/lab/README.MD b/unit05_key_exchange/lab/README.MD
new file mode 100644
index 0000000..17da5ee
--- /dev/null
+++ b/unit05_key_exchange/lab/README.MD
@@ -0,0 +1,476 @@
+
+
+## Lab 5: Key Exchange
+Objective: Key exchange allows us to pass a shared secret key between Bob and Alice. The main methods for doing this are either encrypting with the public key, the Diffie Hellman Method and the Elliptic Curve Diffie Hellman (ECDH) method. This lab investigates these methods.
+
+Web link (Demo): https://youtu.be/Lnw4FhiOwiU
+
+## A Diffie-Hellman
+No Description Result
+### A.1
+Bob and Alice have agreed on the values:
+
+g=2879, N= 9929
+
+Bob Select x=6, Alice selects y=9
+
+Now calculate (using a calculator):
+
+Bob’s A value (gx mod N):
+
+Alice’s B value (gy mod N):
+
+### A.2
+Now they exchange the values. Next calculate the shared key:
+
+
+Bob’s value (Bx mod N):
+
+Alice’s value (Ay mod N):
+
+Do they match? [Yes] [No]
+
+
+### A.3
+If you are in the lab, select someone to share a value with. Next agree on two numbers (g and N).
+
+You should generate a random number, and so should they. Do not tell them what your random number is. Next calculate your A value, and get them to do the same.
+
+
+
+Next exchange values.
+
+
+
+
+
+Numbers for g and N:
+
+Your x value:
+
+Your A value:
+
+
+The B value you received:
+
+Shared key:
+
+Do they match: [Yes] [No]
+
+## B OpenSSL (Diffie-Hellman and ECC)
+
+
+### B.1
+Generate 768-bit Diffie-Hellman parameters:
+
+openssl dhparam -out dhparams.pem 768 -text
+
+
+View your key with:
+
+
+cat dhparams.pem
+
+What is the value of g:
+
+How many bits does the prime number have?
+
+How long does it take to produce the parameters for 1,024 bits (Group 2)?
+
+
+How long does it take to produce the parameters for 1536 bits (Group 5)?
+
+
+How would we change the g value?
+
+
+
+
+
+
+
+### B.2
+Let’s look at the Elliptic curves we can create:
+
+
+Name three 160-bit curves:
+
+By doing a search on the Internet, which curve does Bitcoin use?
+
+
+Curve 2559 is a popular curve. Using Google, can you find some popular uses of Curve 25519?
+
+
+
+
+
+Can you explain how you would use these EC parameters to perform the ECDH key exchange?
+
+
+
+
+
+
+
+## C Discrete Logarithms
+### C.1
+ElGamal and Diffie Hellman use discrete logarithms. This involves a generator value (g) and a prime number. A basic operation is gx (mod p). If p=11, and g=2, determine the results (the first two have already been completed):
+
+g=2, p=11
+
+x gx (mod p)
+1 2
+2 4
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+
+Note: In Python you can implement this as:
+
+```python
+g=2
+p=11
+x=3
+print g**x % p
+```
+
+
+What happens to the values once we go past 10?
+
+
+
+What happens to this sequence if we use g=3?
+
+
+
+
+
+
+### C.2
+We can determine the values of g which will work for a given prime number with the following:
+```python
+import sys
+import random
+
+p=11
+
+def getG(p):
+
+ for x in range (1,p):
+ rand = x
+ exp=1
+ next = rand % p
+
+ while (next <> 1 ):
+ next = (next*rand) % p
+ exp = exp+1
+
+
+ if (exp==p-1):
+ print rand
+
+print getG(p)
+```
+
+Run the program and determine the possible g values for these prime numbers:
+
+p=11:
+
+p=41:
+
+On the Internet, find a large prime number, and determine the values of g that are possible:
+
+
+
+
+
+
+
+### C.3
+We can write a Python program to implement this key exchange. Enter and run the following program:
+```python
+import random
+import base64
+import hashlib
+import sys
+
+g=9
+p=997
+
+a=random.randint(5, 10)
+
+b=random.randint(10,20)
+
+A = (g**a) % p
+B = (g**b) % p
+
+print 'g: ',g,' (a shared value), n: ',p, ' (a prime number)'
+
+print '\nAlice calculates:'
+print 'a (Alice random): ',a
+print 'Alice value (A): ',A,' (g^a) mod p'
+
+print '\nBob calculates:'
+print 'b (Bob random): ',b
+print 'Bob value (B): ',B,' (g^b) mod p'
+
+print '\nAlice calculates:'
+keyA=(B**a) % p
+print 'Key: ',keyA,' (B^a) mod p'
+print 'Key: ',hashlib.sha256(str(keyA)).hexdigest()
+
+print '\nBob calculates:'
+keyB=(A**b) % p
+print 'Key: ',keyB,' (A^b) mod p'
+print 'Key: ',hashlib.sha256(str(keyB)).hexdigest()
+```
+
+Pick three different values for g and p, and make sure that the Diffie Hellman key exchange works.
+
+
+g = p=
+
+
+g= p=
+
+
+g= p=
+
+Can you pick a value of g and p which will not work?
+
+
+
+
+The following program sets up a man-in-the-middle attack for Eve:
+```python
+import random
+import base64
+import hashlib
+import sys
+
+g=15
+p=1011
+
+a= 5
+b = 9
+eve = 7
+
+message=21
+
+A=(g**a) % p
+
+B=(g**b) % p
+
+Eve1 = (A**eve) % p
+Eve2 = (B**eve) % p
+
+Key1= (Eve1**a) % p
+Key2= (Eve2**b) % p
+
+print 'g: ',g,' (a shared value), n: ',p, ' (a prime number)'
+
+print '\n== Random value generation ==='
+
+print '\nAlice calculates:'
+print 'a (Alice random): ',a
+print 'Alice value (A): ',A,' (g^a) mod p'
+
+
+print '\nBob calculates:'
+print 'b (Bob random): ',b
+print 'Bob value (B): ',B,' (g^b) mod p'
+
+print '\n==Alice sends value to Eve ==='
+
+print 'Eve takes Alice\'s value and calculates: ',Eve1
+print 'Alice gets Eve\'s value and calculates key of: ',Key1
+
+print '\n==Bob sends value to Eve ==='
+
+print 'Eve takes Bob\'s value and calculates: ',Eve2
+print 'Bob gets Eve\'s value and calculates key of: ',Key2
+```
+
+## D Elliptic Curve Diffie-Hellman (ECDH)
+ECDH is now one of the most used key exchange methods, and uses the Diffie Hellman method, but adds in elliptic curve methods. With this Alice generates (a) and Bob generates (b). We select a point on a curve (G), and Alice generates aG, and Bob generates bG. They pass the values to each other, and then Alice received bG, and Bob receives aG. Alice multiplies by a, to get abG, and Bob will multiply by b, and also get abG. This will be their shared key.
+
+### D.1
+Copy and paste the code from (you may have to run “pip install eccsnacks”):
+
+Web link (ECDH): https://asecuritysite.com/encryption/curve
+
+and confirm that Bob and Alice will always get the same shared key.
+```python
+from os import urandom
+from eccsnacks.curve25519 import scalarmult, scalarmult_base
+import binascii
+
+a = urandom(32)
+a_pub = scalarmult_base(a)
+
+b = urandom(32)
+b_pub = scalarmult_base(b)
+
+k_ab = scalarmult(a, b_pub)
+k_ba = scalarmult(b, a_pub)
+
+print "Bob public: ",binascii.hexlify(b_pub)
+print "Alice public: ",binascii.hexlify(a_pub)
+print "Bob shared: ",binascii.hexlify(k_ba)
+print "Alice shared: ",binascii.hexlify(k_ab)
+```
+
+Do Bob and Alice end up with the same key?
+
+
+How large are the random numbers that Bob and Alice generate?
+
+
+
+Do you think that this program will be secure? How might Eve discover the shared secret?
+
+
+
+Estimate the time it would take her to discover the key if she can try one billion keys per second:
+
+
+
+How would you modify that program so that it was more secure?
+
+
+
+## E Simple Key Distribution Centre (KDC)
+Rather than using key exchange, we can setup a KDC, and where Bob and Alice can have long-term keys. These can be used to generate a session key for them to use. Enter the following Python program, and prove its operation:
+```python
+import hashlib
+import sys
+import binascii
+import Padding
+import random
+
+from Crypto.Cipher import AES
+from Crypto import Random
+
+msg="test"
+
+def encrypt(word,key, mode):
+ plaintext=pad(word)
+ encobj = AES.new(key,mode)
+ return(encobj.encrypt(plaintext))
+
+def decrypt(ciphertext,key, mode):
+ encobj = AES.new(key,mode)
+ rtn = encobj.decrypt(ciphertext)
+ return(rtn)
+
+def pad(s):
+ extra = len(s) % 16
+ if extra > 0:
+ s = s + (' ' * (16 - extra))
+ return s
+
+
+rnd = random.randint(1,2**128)
+
+keyA= hashlib.md5(str(rnd)).digest()
+
+rnd = random.randint(1,2**128)
+
+keyB= hashlib.md5(str(rnd)).digest()
+
+print 'Long-term Key Alice=',binascii.hexlify(keyA)
+print 'Long-term Key Bob=',binascii.hexlify(keyB)
+
+rnd = random.randint(1,2**128)
+keySession= hashlib.md5(str(rnd)).hexdigest()
+
+ya = encrypt(keySession,keyA,AES.MODE_ECB)
+yb = encrypt(keySession,keyB,AES.MODE_ECB)
+
+print "Encrypted key sent to Alice:",binascii.hexlify(ya)
+print "Encrypted key sent to Bob:",binascii.hexlify(yb)
+
+decipherA = decrypt(ya,keyA,AES.MODE_ECB)
+decipherB = decrypt(yb,keyB,AES.MODE_ECB)
+
+print "Session key:",decipherA
+print "Session key:",decipherB
+```
+
+Web link (Simple KDC): https://asecuritysite.com/encryption/kdc01
+
+The program above uses a shared 128-bit session key (generated by MD5). Now change the program so that you generate a 256-bit session key. What are the changes made:
+
+
+
+
+
+
+
+
+
+
+## F Challenge
+### F.1
+Bob and Alice agree on a g value of 5, and a prime number of 97. They then use the Diffie-Hellman key exchange method. Alice passes a value of 32, and Bob passes a value of 41. Can you determine the secret value that Bob and Alice have generated, and the resultant key value? Outline the code here:
+
+
+
+
+
+
+
+
+What happens if we use a g value of 2? Why is there a problem?
+
+
+
+
+
+
+Can you now write a generate DH key cracker for any value of g, p, A (passed by Alice), and B (passed by Bob) Outline code and run to evaluate the perform of our code with different ranges of the prime number (p):
+
+
+
+
+
+
+
+
+
+
+## G What I should have learnt from this lab?
+The key things learnt:
+
+• The basics of the Diffie Hellman method.
+• The basic method used with ECDH.
+
+
+
diff --git a/unit05_key_exchange/lab/dhparams.pem b/unit05_key_exchange/lab/dhparams.pem
new file mode 100644
index 0000000..8e2dd25
--- /dev/null
+++ b/unit05_key_exchange/lab/dhparams.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MGYCYQCtSRF0GZ2EZJFR9LBnNIMXKJ8sRUuyHXYaI07MjdOE0w9L0bhvU0fIhI+2
+sxrfpkyGz56cp/648awS2aI5pNJnMQku/FDogCEhMO5BYqMqqJ/1CcqTHWhwJQpo
+mOItjJMCAQI=
+-----END DH PARAMETERS-----
diff --git a/unit05_key_exchange/lab/new_lab05.docx b/unit05_key_exchange/lab/new_lab05.docx
new file mode 100644
index 0000000..89d8aa0
Binary files /dev/null and b/unit05_key_exchange/lab/new_lab05.docx differ
diff --git a/unit05_key_exchange/lab/new_lab05.pdf b/unit05_key_exchange/lab/new_lab05.pdf
new file mode 100644
index 0000000..4556cdd
Binary files /dev/null and b/unit05_key_exchange/lab/new_lab05.pdf differ
diff --git a/unit05_key_exchange/lab/sample_ans.md b/unit05_key_exchange/lab/sample_ans.md
new file mode 100644
index 0000000..ee8aee9
--- /dev/null
+++ b/unit05_key_exchange/lab/sample_ans.md
@@ -0,0 +1,160 @@
+
+Try not to look at these answers, unless you really have too ..
+
+# Key Exchange
+
+## A Diffie-Hellman
+
+### A.1 Bob and Alice have agreed on the values:
+
+g=2879, N= 9929
+
+Bob Select x=6, Alice selects y=9
+
+Now calculate (using a calculator):
+
+Bob’s A value (gx mod N): **9381**
+
+Alice’s B value (gy mod N): **1067**
+
+### A.2 Now they exchange the values. Next calculate the shared key:
+
+
+Bob’s value (Bx mod N): **210**
+
+Alice’s value (AY mod N): **210**
+
+Do they match? **[Yes]**
+
+
+## B OpenSSL (Diffie-Hellman and ECC)
+
+### B.1 Generate 768-bit Diffie-Hellman parameters:
+
+napier@napier-virtual-machine:~$ openssl dhparam -out dhparams.pem 768 -text
+Generating DH parameters, 768 bit long safe prime, generator 2
+This is going to take a long time
+....+..........+..................+.....+...............................+.......................................+...............................................+..+.....................+.............+.........................+.............................................................................................................................................................+..............................+.............................................................+............................+..+.......+..................................................+.................+....++*++*++*++*
+napier@napier-virtual-machine:~$ cat dhparams.pem
+ DH Parameters: (768 bit)
+ prime:
+ 00:d2:1c:e6:9c:77:ec:ea:c5:46:20:84:74:b0:b1:
+ 1f:46:4b:00:f4:0d:91:db:c6:d6:a5:9f:a7:88:0b:
+ 77:da:7b:80:c6:3f:b1:e3:33:c3:8a:ab:a5:62:b5:
+ 69:9d:d4:55:a2:54:2f:a4:ba:bd:cf:7d:58:04:8d:
+ 1a:f2:de:90:bd:42:30:6a:02:d6:0c:e8:6f:2b:f1:
+ 10:8a:99:9d:f9:8a:6e:23:5a:dd:be:0f:87:3b:13:
+ b5:22:9c:5e:63:47:0b
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MGYCYQDSHOacd+zqxUYghHSwsR9GSwD0DZHbxtaln6eIC3fae4DGP7HjM8OKq6Vi
+tWmd1FWiVC+kur3PfVgEjRry3pC9QjBqAtYM6G8r8RCKmZ35im4jWt2+D4c7E7Ui
+nF5jRwsCAQI=
+-----END DH PARAMETERS-----
+
+
+What is the value of g: **2**
+
+How many bits does the prime number have? **768 bits**
+
+How long does it take to produce the parameters for 1,024 bits (Group 2)? **6 seconds**
+
+
+How long does it take to produce the parameters for 1536 bits (Group 5)? **6 seconds**
+
+
+How would we change the g value?
+
+
+napier@napier-virtual-machine:~$ openssl dhparam -out dhparams.pem 768 -5 -text
+Generating DH parameters, 768 bit long safe prime, generator 5
+This is going to take a long time
+.....+...........+..................+................+....+....................+...+.........+.........+...+.................................................................+.........................................................+.++*++*++*++*
+napier@napier-virtual-machine:~$ cat dhparams.pem
+ DH Parameters: (768 bit)
+ prime:
+ 00:d6:fd:ec:bc:c7:fa:67:7a:03:2e:88:0a:1c:a4:
+ 0b:d6:6a:b4:d7:1e:72:b8:51:da:84:16:6c:b5:83:
+ c6:84:02:8a:6b:76:ba:50:d5:10:5c:48:1a:15:2b:
+ a6:00:e7:8a:a2:57:ec:f6:91:67:38:af:0d:76:ea:
+ a5:0a:51:40:bf:db:fa:31:25:8c:e0:fd:3b:29:29:
+ 2c:27:7e:2b:82:7c:7a:b9:e5:0a:fa:33:43:96:24:
+ 8d:27:df:73:c2:2a:1f
+ generator: 5 (0x5)
+-----BEGIN DH PARAMETERS-----
+MGYCYQDW/ey8x/pnegMuiAocpAvWarTXHnK4UdqEFmy1g8aEAoprdrpQ1RBcSBoV
+K6YA54qiV+z2kWc4rw126qUKUUC/2/oxJYzg/TspKSwnfiuCfHq55Qr6M0OWJI0n
+33PCKh8CAQU=
+-----END DH PARAMETERS-----
+
+
+### B.2 Lets look at the Elliptic curves we can create:
+
+
+Name three 160-bit curves:
+
+**secp112r1, secp112r2, ...**
+
+By doing a search on the Internet, which curve does Bitcoin use?
+
+**secp256k1**
+
+
+### Curve 2559 is a popular curve. Using Google, can you find some popular uses of Curve 25519?
+Tor network, IoT, etc
+
+### Can you explain how you would use these EC parameters to perform the ECDH key exchange?
+Alice generates a, and then a value of aG (mod p).
+
+Bob generates b, and then a value of bG (mod p).
+
+Alice passes aG (mod p) to Bob.
+
+Bob passes bG (mod p) to Alice.
+
+Alice computes abG (mod p), and Bob also computes abG (mod p), and they have a shared secret.
+
+
+
+
+
diff --git a/unit05_key_exchange/labs b/unit05_key_exchange/labs
new file mode 100644
index 0000000..2dfc3b9
--- /dev/null
+++ b/unit05_key_exchange/labs
@@ -0,0 +1,735 @@
+
+Try not to look at these answers, unless you really have too ..
+
+# Introduction
+## A.1
+
+pub 2048R/1AD74F42 2015-03-01 Bill Buchanan (None)
+sub 2048R/6F6AA48C 2015-03-01
+
+## B.3
+We get **modulus** (N), **publicExponent** (e), **privateExponent** (d), **prime1** (p), **prime2** (q). The other parameters are stored to speed up the RSA process, such as **exponent1** (d mod p-1), **exponent2** (d mod q-1) and **coefficient** (inv q mod p).
+
+## B.4
+If someone gets your private key they could decrypt things sent to you with your public key, or sign things on your behalf.
+## B.5
+We see a PUBLIC KEY string:
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3qXK4kCxn3BNk87vJUMwIznU8
+pTjr10Kma9+Jkj4zEy/fiZtYxvdmn1rKNq/8fEUDCcRVC8hQBpevqxFiJ3dbA7ZM
+6VjUAmztOfRfxSezgvkjswVSF1/cgBM32AB4nx1dkCV/Wgedn3KFIFU+b8LH1ZLo
+yRMyLnwWmAkT/mBC/QIDAQAB
+-----END PUBLIC KEY-----
+
+## C.3
+We generate the public key from the private key. If we have a private key (priv) and a generator point (G). The public key is priv G. In this case we are using a curve of secp256k1.
+
+napieraccount@ubuntu:~/test$ gpg --gen-key
+gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048)
+Requested keysize is 2048 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ = key expires in n days
+ w = key expires in n weeks
+ m = key expires in n months
+ y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+You need a user ID to identify your key; the software constructs the user ID
+from the Real Name, Comment and Email Address in this form:
+ "Heinrich Heine (Der Dichter) "
+
+Real name: Bill Buchanan
+Email address: w.buchanan@napier.ac.uk
+Comment: Test
+You selected this USER-ID:
+ "Bill Buchanan (Test) "
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+..+++++
+......+++++
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+....+++++
++++++
+gpg: key B3396725 marked as ultimately trusted
+public and secret key created and signed.
+
+gpg: checking the trustdb
+gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
+pub 2048R/B3396725 2020-02-05
+ Key fingerprint = C6AA 3C69 9BB9 B49F 1E19 55B7 4CA0 F614 B339 6725
+uid Bill Buchanan (Test)
+sub 2048R/F06888D7 2020-02-05
+
+
+
+
+## H.1
+Password: napier
+
+
+
+
+
diff --git a/unit05_key_exchange/lecture/README.MD b/unit05_key_exchange/lecture/README.MD
new file mode 100644
index 0000000..d7383fa
--- /dev/null
+++ b/unit05_key_exchange/lecture/README.MD
@@ -0,0 +1,29 @@
+
+
+# Unit 5: Key Exchange
+The key concepts are: Basics of Key Exchange; Diffie-Hellman, Diffie-Hellman Weaknesses, ECDH, and Passing Key Using Public Key.
+What you should know at the end of unit?
+
+* Understand how the Diffie-Hellman process works, with a simple example
+* Understands how the private key is used to check the identity of the sender, and how public key is used to preserve the privacy of the message.
+* Understand the basics of how Bob and Alice generate a shared key with ECC.
+
+## Presentations
+
+* Week 5 Presentation (lecture - Part 1) - Key Exchange: [here](https://youtu.be/l_osjo8r13Q)
+* Week 5 Presentation (lecture - Part 2) - Key Exchange: [here](https://youtu.be/95AuvZNm0Yg)
+* Week 5 Presentation (PDF) - Key Exchange: [here](https://asecuritysite.com/public/unit05_key_exchange.pdf)
+* Week 5 Presentation (class lecture) - Key Exchange (Recorded 14 Feb 2020): [here](https://youtu.be/WIkDh_5198M)
+
+## Examples
+
+* Diffie-Hellman Examples: [here](https://asecuritysite.com/public/diffie_examples.pdf)
+* ECDH Step-by-step: [here](https://asecuritysite.com/encryption/js08)
+
+## Quick demos
+
+* Introduction to Diffie-Hellman: [here](https://www.youtube.com/watch?v=wyNPhNAsmJ0)
+* ECDH [here](https://youtu.be/uQQz3MX-d8I)
+* Picking the Generator Value (G): [here](https://www.youtube.com/watch?v=-TjSuch3VGU)
+
+
diff --git a/unit05_key_exchange/lecture/unit05_key_exchange.key b/unit05_key_exchange/lecture/unit05_key_exchange.key
new file mode 100644
index 0000000..19583d7
Binary files /dev/null and b/unit05_key_exchange/lecture/unit05_key_exchange.key differ
diff --git a/unit05_key_exchange/lecture/unit05_key_exchange.pdf b/unit05_key_exchange/lecture/unit05_key_exchange.pdf
new file mode 100644
index 0000000..07e09fb
Binary files /dev/null and b/unit05_key_exchange/lecture/unit05_key_exchange.pdf differ
diff --git a/unit05_key_exchange/lecture/unit05_key_exchange.pptx b/unit05_key_exchange/lecture/unit05_key_exchange.pptx
new file mode 100644
index 0000000..60c2b9e
Binary files /dev/null and b/unit05_key_exchange/lecture/unit05_key_exchange.pptx differ
diff --git a/unit05_key_exchange/src/b_01.txt b/unit05_key_exchange/src/b_01.txt
new file mode 100644
index 0000000..a36c44d
--- /dev/null
+++ b/unit05_key_exchange/src/b_01.txt
@@ -0,0 +1 @@
+openssl dhparam -out dhparams.pem 768 -text
diff --git a/unit05_key_exchange/src/b_02.txt b/unit05_key_exchange/src/b_02.txt
new file mode 100644
index 0000000..1dfec41
--- /dev/null
+++ b/unit05_key_exchange/src/b_02.txt
@@ -0,0 +1,4 @@
+openssl ecparam -list_curves
+openssl ecparam -name secp256k1 -out secp256k1.pem
+openssl ecparam -in secp256k1.pem -text -param_enc explicit -noout
+openssl ecparam -in secp256k1.pem -genkey -noout -out mykey.pem
diff --git a/unit05_key_exchange/src/c_01.py b/unit05_key_exchange/src/c_01.py
new file mode 100644
index 0000000..66aec1d
--- /dev/null
+++ b/unit05_key_exchange/src/c_01.py
@@ -0,0 +1,4 @@
+g=2
+p=11
+x=3
+print g**x % p
diff --git a/unit05_key_exchange/src/c_02.py b/unit05_key_exchange/src/c_02.py
new file mode 100644
index 0000000..7c8caad
--- /dev/null
+++ b/unit05_key_exchange/src/c_02.py
@@ -0,0 +1,22 @@
+import sys
+import random
+
+p=11
+
+def getG(p):
+
+ for x in range (1,p):
+ rand = x
+ exp=1
+ next = rand % p
+
+ while (next <> 1 ):
+ next = (next*rand) % p
+ exp = exp+1
+
+
+ if (exp==p-1):
+ print rand
+
+print getG(p)
+
diff --git a/unit05_key_exchange/src/c_03.py b/unit05_key_exchange/src/c_03.py
new file mode 100644
index 0000000..d750024
--- /dev/null
+++ b/unit05_key_exchange/src/c_03.py
@@ -0,0 +1,34 @@
+import random
+import base64
+import hashlib
+import sys
+
+g=9
+p=1001
+
+a=random.randint(5, 10)
+
+b=random.randint(10,20)
+
+A = (g**a) % p
+B = (g**b) % p
+
+print 'g: ',g,' (a shared value), n: ',p, ' (a prime number)'
+
+print '\nAlice calculates:'
+print 'a (Alice random): ',a
+print 'Alice value (A): ',A,' (g^a) mod p'
+
+print '\nBob calculates:'
+print 'b (Bob random): ',b
+print 'Bob value (B): ',B,' (g^b) mod p'
+
+print '\nAlice calculates:'
+keyA=(B**a) % p
+print 'Key: ',keyA,' (B^a) mod p'
+print 'Key: ',hashlib.sha256(str(keyA)).hexdigest()
+
+print '\nBob calculates:'
+keyB=(A**b) % p
+print 'Key: ',keyB,' (A^b) mod p'
+print 'Key: ',hashlib.sha256(str(keyB)).hexdigest()
\ No newline at end of file
diff --git a/unit05_key_exchange/src/d_01.py b/unit05_key_exchange/src/d_01.py
new file mode 100644
index 0000000..0a51f30
--- /dev/null
+++ b/unit05_key_exchange/src/d_01.py
@@ -0,0 +1,18 @@
+from os import urandom
+from eccsnacks.curve25519 import scalarmult, scalarmult_base
+import binascii
+
+a = urandom(32)
+a_pub = scalarmult_base(a)
+
+b = urandom(32)
+b_pub = scalarmult_base(b)
+
+k_ab = scalarmult(a, b_pub)
+k_ba = scalarmult(b, a_pub)
+
+print "Bob public: ",binascii.hexlify(b_pub)
+print "Alice public: ",binascii.hexlify(a_pub)
+print "Bob shared: ",binascii.hexlify(k_ba)
+print "Alice shared: ",binascii.hexlify(k_ab)
+
diff --git a/unit05_key_exchange/src/dhparams.pem b/unit05_key_exchange/src/dhparams.pem
new file mode 100644
index 0000000..8601ded
--- /dev/null
+++ b/unit05_key_exchange/src/dhparams.pem
@@ -0,0 +1,15 @@
+ PKCS#3 DH Parameters: (768 bit)
+ prime:
+ 00:b9:72:d5:da:ed:87:21:1c:e5:08:55:f9:b0:da:
+ 18:31:fc:7b:43:13:39:09:da:e0:fc:c6:6d:b4:09:
+ 5f:2e:52:75:eb:18:65:01:7b:0d:d5:f8:0f:f5:b4:
+ 43:56:ec:a7:2a:38:5c:c8:1d:c2:a8:26:d9:22:df:
+ f9:ba:ac:bd:a2:06:8f:09:53:66:43:c9:73:15:a8:
+ b3:3d:e7:1b:59:61:19:84:e2:e8:ab:1a:8d:85:2f:
+ ca:9d:d7:13:f8:dd:1b
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MGYCYQC5ctXa7YchHOUIVfmw2hgx/HtDEzkJ2uD8xm20CV8uUnXrGGUBew3V+A/1
+tENW7KcqOFzIHcKoJtki3/m6rL2iBo8JU2ZDyXMVqLM95xtZYRmE4uirGo2FL8qd
+1xP43RsCAQI=
+-----END DH PARAMETERS-----
diff --git a/unit05_key_exchange/src/e_01.py b/unit05_key_exchange/src/e_01.py
new file mode 100644
index 0000000..65afc9d
--- /dev/null
+++ b/unit05_key_exchange/src/e_01.py
@@ -0,0 +1,53 @@
+import hashlib
+import sys
+import binascii
+import Padding
+import random
+
+from Crypto.Cipher import AES
+from Crypto import Random
+
+msg="test"
+
+def encrypt(word,key, mode):
+ plaintext=pad(word)
+ encobj = AES.new(key,mode)
+ return(encobj.encrypt(plaintext))
+
+def decrypt(ciphertext,key, mode):
+ encobj = AES.new(key,mode)
+ rtn = encobj.decrypt(ciphertext)
+ return(rtn)
+
+def pad(s):
+ extra = len(s) % 16
+ if extra > 0:
+ s = s + (' ' * (16 - extra))
+ return s
+
+
+rnd = random.randint(1,2**128)
+
+keyA= hashlib.md5(str(rnd)).digest()
+
+rnd = random.randint(1,2**128)
+
+keyB= hashlib.md5(str(rnd)).digest()
+
+print 'Long-term Key Alice=',binascii.hexlify(keyA)
+print 'Long-term Key Bob=',binascii.hexlify(keyB)
+
+rnd = random.randint(1,2**128)
+keySession= hashlib.md5(str(rnd)).hexdigest()
+
+ya = encrypt(keySession,keyA,AES.MODE_ECB)
+yb = encrypt(keySession,keyB,AES.MODE_ECB)
+
+print "Encrypted key sent to Alice:",binascii.hexlify(ya)
+print "Encrypted key sent to Bob:",binascii.hexlify(yb)
+
+decipherA = decrypt(ya,keyA,AES.MODE_ECB)
+decipherB = decrypt(yb,keyB,AES.MODE_ECB)
+
+print "Session key:",decipherA
+print "Session key:",decipherB
diff --git a/unit05_key_exchange/src/f_01.py b/unit05_key_exchange/src/f_01.py
new file mode 100644
index 0000000..770192f
--- /dev/null
+++ b/unit05_key_exchange/src/f_01.py
@@ -0,0 +1,15 @@
+g=2
+A=32
+B=41
+p=97
+a=0
+b=0
+for x in range(0,p):
+ if (g**x)% p==A:
+ print "Found a=",x
+ a=x
+ if (g**x)% p==B:
+ print "Found b=",x
+ b=x
+secret = g**(a*b) % p
+print "Secret is:",secret
diff --git a/unit05a_mini_project/README.md b/unit05a_mini_project/README.md
new file mode 100644
index 0000000..587e289
--- /dev/null
+++ b/unit05a_mini_project/README.md
@@ -0,0 +1,463 @@
+
+
+# Unit 5a: Mini-project
+
+Objective: In this lab we will build a basic infrastructure for integrating and testing cryptograph.
+
+Open up your Ubuntu instance and conduct this lab. The lab is [here](https://github.com/billbuchanan/esecurity/blob/master/unit05a_mini_project/lab_mini_project.pdf).
+
+You can watch a demo [here](https://www.youtube.com/watch?v=1YC-nP3nCO4).
+
+## 1. Open up the following page:
+
+Web link (Mini-project): https://asecuritysite.com/encryption/js10
+
+On this page, you will find RSA and ECC key pair generation. As this will run in the browser, we can assess how well a machine will cope with the key generation. On your VM (Ubuntu), on the computer desktop (such as Mac or Windows) and on your mobile phone, run the following tests:
+
+Method VM time Desktop time Mobile phone time
+
+RSA 1,024
+
+RSA 2,048
+
+ECC 128-bit
+
+ECC 160-bit
+
+ECC 256-bit
+
+ECC 512-bit
+
+
+What can you observe about the performance of the key pair generation?
+
+
+
+
+Does the timing vary significantly for different browsers? Run the following browsers and note the time it takes to create the key pair:
+
+IE:
+
+Chrome:
+
+Firefox:
+
+Safari (if you have an Apple device):
+
+
+If you are in a lab, share your results with others. What conclusions do you come to on the different devices and browsers for key pair generation?
+
+
+
+
+
+
+## 2. Open up the following page:
+
+Web link (Mini-project): https://asecuritysite.com/encryption/js10
+
+We now want to build this page on your own virtual machine. The outline code is available here:
+
+https://github.com/billbuchanan/esecurity/tree/master/z_associated/projects/miniproject
+
+The two files you are need are: **crypto.html** and **cryptojs.js**, along with the folder scripts.
+
+Download these files from the following ZIP file and run the crypto.html file within your Web browser:
+
+https://github.com/billbuchanan/esecurity/blob/master/z_associated/projects/miniproject/cryptojs.zip
+
+Does it run? Yes/No
+
+
+## 3. Now you need to test the code.
+
+For the following test the hashing function of your code:
+
+Function Word to hash Result from your Web page (first two hex characters) Test using Python [see code below](first two hex characters) Prove with Openssl
+
+MD5 “Hello”
+
+SHA1 “Hello”
+
+SHA256 “Hello”
+
+SHA3 “Hello”
+
+RIPEMD “Hello”
+
+PBKDF2 256-bit “Hello”
+
+If we test with Openssl:
+
+
+The following is some sample code you can test your hashes against:
+```python
+import hashlib;
+import passlib.hash;
+
+string="password"
+print "General Hashes"
+print "MD5:"+hashlib.md5(string).hexdigest()
+print "SHA1:"+hashlib.sha1(string).hexdigest()
+print "SHA256:"+hashlib.sha256(string).hexdigest()
+print "SHA512:"+hashlib.sha512(string).hexdigest()
+```
+
+To test your PBKDF2 code, you will have to take the salt generated randomly from your Web page and copy it. For example:
+
+
+The JavaScript integration has 1,000 iterations, so we can create a Python program which will convert this hex value for the salt into ASCII:
+```python
+import hashlib;
+import passlib.hash;
+
+salt="0b72ad84e34c9fc218dc92bc13463fd3"
+salt=salt.decode('hex')
+print 'Salt is ',salt.encode('base64')
+string="Hello"
+
+print "PBKDF2 (SHA1):"+passlib.hash.pbkdf2_sha1.encrypt(string, salt=salt,rounds=1000)
+print "PBKDF2 (SHA256):"+passlib.hash.pbkdf2_sha256.encrypt(string, salt=salt,rounds=1000)
+```
+
+When we run this example, we get:
+
+
+We can see the salt value in Base64, and the hash value after it.
+
+
+For RIPEMD160, can you implement your own checker? What is the code used:
+
+
+
+
+By performing an on-line search, can you find an application where RIPEMD160 is used?
+
+
+## 4. For the following test the MAC function of your code:
+
+Function Word to hash Password Result from your Web page (first two hex characters) Test using Python [see code below](first two hex characters)
+
+HMAC(MD5) “Hello” “qwerty”
+
+HMAC(SHA1) “Hello” “qwerty”
+
+HMAC(SHA256) “Hello” “qwerty”
+
+We can test with Openssl using:
+
+
+Can you replicate this with Node.ja?
+
+
+
+A hint is given in the Appendix.
+
+
+## 5. Now we will test for symmetric key encryption.
+For AES CBC a sample run is:
+
+
+
+
+What is “U2FsdGVkX1”?
+
+The format of the encrypted value is: 'Salted__' + salt + ciphertext
+
+By converting the encrypted output in ASCII, can you pick-off the fields of the cipher?
+
+
+Now save the cipher to a file (enc.txt) and then decrypt with (remember to change to the value of the salt that you have generated):
+
+
+### 7a. Now run the code and check the answers for the hashing methods from this page:
+
+
+Function Word to hash Result from your Web page (first two hex characters) Test using node.js
+
+MD5 “Hello”
+
+SHA1 “Hello”
+
+SHA256 “Hello”
+
+SHA3 “Hello”
+
+RIPEMD160 “Hello”
+
+### 7b. The program implements AES, now implement two other modes: CBC and OFB, and make sure the program works.
+
+
+### 7c. We can try some ciphertext by adding the Base64 cipher to the decrypt method:
+
+```javascript
+var bytes = CryptoJS.AES.decrypt( "U2FsdGVkX1+k/F8uNPiUeRzIeTajlxidwGfpRLPJyEA=" , password,mode=CryptoJS.mode.ECB);
+```
+
+Using the technical (and with ECB), can you decrypt the following (and which use the passphrase of “qwerty”:
+
+
+
+What are the words?
+
+Why do we not have to provide the salt to the decryption method?
+
+
+
+
+
+
+### 7d. The program implements AES, can you now implement RC4 and Rabbit, and prove that they can encrypt and decrypt.
+
+
+
+### 7e. The program implements HMAC-SHA1. Now implement HMAC-SHA256, HMAC-SHA3 and HMAC-RIPEMD160, can verify the answers against the test Web page.
+
+## 8. Question
+If you were developing a front-end application for a bank. How would you support the sending back encrypted data? Using the code that you have developed, could you generate an RSA key pair and use it to encrypt credit card details that the user enters?
+
+## Reflective questions
+Why didn’t we have to provide an additional salt value when we decrypted the ciphertext in Question 7b?
+
+
+## Appendix
+
+Some Hmac code:
+```javascript
+var crypto = require('crypto');
+
+var key = 'qwerty';
+var message = 'Hello';
+var hash = crypto.createHmac('md5', key).update(message);
+
+console.log(hash.digest('hex'));
+console.log(hash.digest('base64'));
+```
+
+A sample run:
+
+$ node h.js
+7f43007a026d9696566dc8c7bb2172e4
+
+
+
+
diff --git a/unit05a_mini_project/cryptojs.zip b/unit05a_mini_project/cryptojs.zip
new file mode 100644
index 0000000..2b70f57
Binary files /dev/null and b/unit05a_mini_project/cryptojs.zip differ
diff --git a/unit05a_mini_project/lab_mini_project.docx b/unit05a_mini_project/lab_mini_project.docx
new file mode 100644
index 0000000..f18a6f9
Binary files /dev/null and b/unit05a_mini_project/lab_mini_project.docx differ
diff --git a/unit05a_mini_project/lab_mini_project.pdf b/unit05a_mini_project/lab_mini_project.pdf
new file mode 100644
index 0000000..eae9801
Binary files /dev/null and b/unit05a_mini_project/lab_mini_project.pdf differ
diff --git a/unit05a_mini_project/sample_ans.md b/unit05a_mini_project/sample_ans.md
new file mode 100644
index 0000000..96e730c
--- /dev/null
+++ b/unit05a_mini_project/sample_ans.md
@@ -0,0 +1,121 @@
+Try not to look at these answers, unless you really have too ..
+
+# Introduction
+
+## 1
+Sample run with Firefox on Mac OSX
+
+
+RSA 1,024 161 ms
+RSA 2,048 924 ms
+ECC 128-bit 34 ms
+ECC 160-bit 43 ms
+ECC 256-bit 27 ms
+
+
+What can you observe about the performance of the key pair generation?
+
+**RSA increases greatly with an increasing key size, but ECC is fairly constant.**
+
+## 3.
+Function Word to hash Result from your Web page (first two hex characters) Test using Python [see code below](first two hex characters) Prove with Openssl
+
+MD5 “Hello” 8b1a9953c4611296a827abf8c47804d7
+
+SHA1 “Hello” f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0
+
+SHA256 “Hello” 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969
+
+SHA3 “Hello” 06b3dfaec148fb1bb2b066f10ec285e7c9bf402ab32aa78a5d38e34566810cd2
+
+RIPEMD “Hello” d44426aca8ae0a69cdbc4021c64fa5ad68ca32fe
+
+PBKDF2 256-bit “Hello” 2071f2b297b8373d87489ffa202fe92aef0e710e799af3119d6c44fd8402d463
+
+
Note: Hashing takes Input, but Encryption and HMAC takes Input and Password.
diff --git a/unit05a_mini_project/src/cryptojs.js b/unit05a_mini_project/src/cryptojs.js
new file mode 100644
index 0000000..c6b55e4
--- /dev/null
+++ b/unit05a_mini_project/src/cryptojs.js
@@ -0,0 +1,97 @@
+// Node.js example Run with:
+// node crypto.js
+
+message ="Hello"
+password="qwerty"
+
+var SHA256 = require("crypto-js/sha256");
+var MD5 = require("crypto-js/md5");
+var SHA3 = require("crypto-js/sha3");
+var SHA1 = require("crypto-js/sha1");
+var SHA224 = require("crypto-js/sha224");
+var SHA512 = require("crypto-js/sha512");
+var SHA384 = require("crypto-js/sha384");
+var RIP = require("crypto-js/ripemd160");
+var AES = require("crypto-js/aes");
+
+var CryptoJS = require("crypto-js");
+
+var args = process.argv;
+if (args.length>1) message=args[2];
+if (args.length>2) password=args[3];
+
+console.log("Message: ",message);
+console.log("Password: ",password);
+
+console.log("\n--- Hashes");
+console.log("MD5: ",MD5(message).toString());
+console.log("SHA-256: ",SHA256(message).toString());
+console.log("SHA-1: ",SHA1(message).toString());
+console.log("SHA-224: ",SHA224(message).toString());
+console.log("SHA-512: ",SHA512(message).toString());
+console.log("SHA-384: ",SHA384(message).toString());
+console.log("ripemd160: ",RIP(message).toString());
+// To do:
+// crypto-js/sha1
+// crypto-js/sha256
+// crypto-js/sha224
+// crypto-js/sha512
+// crypto-js/sha384
+// crypto-js/ripemd160
+
+
+console.log("\n--- AES");
+var ciphertext = AES.encrypt(message, password);
+
+var bytes = AES.decrypt(ciphertext.toString(), password);
+var plaintext = bytes.toString(CryptoJS.enc.Utf8);
+
+console.log("Cipher: ",ciphertext.toString());
+console.log("Plaintext: ",plaintext);
+
+// To do:
+// crypto-js/tripledes
+// crypto-js/rc4
+// crypto-js/rabbit
+// crypto-js/evpkdf
+
+
+console.log("\n--- HMAC-SHA1");
+console.log("HMAC: ",CryptoJS.HmacSHA1(message, password).toString());
+
+// To do:
+// crypto-js/hmac-md5
+// crypto-js/hmac-sha256
+// crypto-js/hmac-sha224
+// crypto-js/hmac-sha512
+// crypto-js/hmac-sha384
+// crypto-js/hmac-sha3
+// crypto-js/hmac-ripemd160
+
+
+
+// Padding to do:
+// crypto-js/pad-pkcs7
+// crypto-js/pad-ansix923
+// crypto-js/pad-iso10126
+// crypto-js/pad-iso97971
+// crypto-js/pad-zeropadding
+// crypto-js/pad-nopadding
+
+
+// Formats to do:
+
+// crypto-js/enc-latin1
+// crypto-js/enc-utf8
+// crypto-js/enc-hex
+// crypto-js/enc-utf16
+// crypto-js/enc-base64
+
+
+// Modes to do:
+
+// crypto-js/mode-cfb
+// crypto-js/mode-ctr
+// crypto-js/mode-ctr-gladman
+// crypto-js/mode-ofb
+// crypto-js/mode-ecb
\ No newline at end of file
diff --git a/unit05a_mini_project/src/h.js b/unit05a_mini_project/src/h.js
new file mode 100644
index 0000000..b2e4173
--- /dev/null
+++ b/unit05a_mini_project/src/h.js
@@ -0,0 +1,10 @@
+var crypto = require('crypto');
+
+var key = 'qwerty';
+var message = 'Hello';
+
+var hash = crypto.createHmac('md5', key).update(message);
+
+console.log(hash.digest('hex'));
+console.log(hash.digest('base64'));
+
diff --git a/unit06_trust_dig_cert/README.md b/unit06_trust_dig_cert/README.md
new file mode 100644
index 0000000..a3b4bcd
--- /dev/null
+++ b/unit06_trust_dig_cert/README.md
@@ -0,0 +1,38 @@
+
+
+# Unit 6: Trust and Digital Certificates
+
+The key concepts are:
+
+* Digital Certificate: Usage, formats, and PKI.
+* Creation of the trust infrastructure.
+
+## What you should know at the end of unit?
+
+* Understand the trust infrastructures of PKI.
+* Define certificate signing requests for the generation of certificates.
+
+## Presentations
+
+* Unit 6 Presentation (PDF) - Digital Certs: [here](https://github.com/billbuchanan/esecurity/blob/master/unit06_trust_dig_cert/lab/new_lab06.pdf).
+* Unit 6 Presentation (lecture) - Digital Certs: [here](https://youtu.be/2ptgq8u0I5g).
+* Unit 6 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs).
+
+## Lab
+
+* Unit 6 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/tree/master/unit06_trust_dig_cert/lab).
+* Unit 6 Lab (video) - Digital Certs: [here](https://www.youtube.com/watch?v=-uNQFv0GTZc).
+
+## Sample Exam Questions
+
+The following are sample questions on digital certificates:
+
+* Bob has just produced a key pair, in a Base-64 format, and now wants to send this to Alice. What advice would you give him on sending the key pair to Alice?
+ * Where would I find this info? Have a think about the certificate which is distributed. You can observe it [here](https://www.youtube.com/watch?v=GLOObdTy5uY).
+* Bob sends an encrypted message to Alice, and also sends his digital certificate to Alice to prove his identity. How does Alice prove that it is Bob who sent the message?
+* Your CEO calls you and is unhappy that your company's Web site has received a F grade on [SSLLab](https://www.ssllabs.com/ssltest/), and that it is highlighting a problem with the digital certificate on the site. What problem(s) related to the digital certificate might cause the site to have such a poor rating?
+
+## Any questions?
+
+Slackspace: esecurity2020.slack.com
+
diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD
new file mode 100644
index 0000000..b35eb14
--- /dev/null
+++ b/unit06_trust_dig_cert/lab/README.MD
@@ -0,0 +1,527 @@
+
+
+# Lab 6: Trust and Digital Certificates
+
+Objective: Digital certificates are used to define a trust infrastructure within PKI (Public Key Infrastructure). A certificate can hold a key pair, while a distributable certificate will only contain the public key. In this lab we will read-in digital certificates and analyse them.
+
+
+## A Introduction
+
+### A.1
+From:
+
+Web link (Digital Certificate): http://asecuritysite.com/encryption/digitalcert
+
+Open up Certificate 1 and identify the following: Serial number:
+
+Effective date:
+
+Name:
+
+Issuer:
+
+What is CN used for:
+
+What is ON used for:
+
+What is O used for:
+
+What is L used for:
+
+
+
+### A.2
+Now open-up the ZIP file for the certificate, and view the CER file.
+
+What other information can you gain from the certificate:
+
+What is the size of the public key:
+
+Which hashing method has been used:
+
+Is the certificate trusted on your system: [Yes][No]
+
+### A.3
+Make a connection to the www.live.com Web site:
+
+openssl s_client -connect www.live.com:443
+
+
+Can you identity the certificate chain?
+
+What is the subject on the certificate?
+
+Who is the issuer on the certificate?
+
+### A.4
+
+Google moved in July 2018 to mark sites as being insecure if they did not have a match between their digital certificate and the site. A scan, at the time, on health and social care sites from the following page showed problems in digital certificates:
+
+https://bit.ly/2EkUvX0
+
+
+Outline three sites that still have problems with their digital certificate, and the reason for the problem (you perhaps should try Chrome to assess):
+
+
+
+
+
+
+
+Pick two sites that you feel are not setup properly for their digital certificate, and then run a scan from SSLLabs (www.ssllabs.com). Identify the problems that they have with their digital certificate:
+
+
+
+
+
+What are their SSLLabs rating?
+
+
+
+Can you find a site with an “T” rating?
+
+
+
+
+
+
+
+### A.5
+Which the certificates in A.2, for Example 2 to Example 6. Complete the following table:
+
+Cert Organisation (Issued to) Date range when valid Size of public key Issuer Root CA Hash method Is it trusted?
+
+2
+
+
+3
+
+
+4
+
+
+5
+
+
+6
+
+
+
+### A.6
+Now download the DER files from:
+
+Web link (Digital Certificate): http://asecuritysite.com/der.zip
+
+Now use openssl to read the certificates:
+
+openssl x509 -inform der -in [certname] -noout -text
+
+## B Creating certificates
+
+Now we will create our own self-signed certificates.
+
+
+No Description Result
+
+### B.1
+Create your own certificate from:
+
+Web link (Create Certificate): http://asecuritysite.com/encryption/createcert
+
+Add in your own details. View the certificate, and verify some of the details on the certificate.
+
+
+Can you view the DER file?
+
+
+
+We have a root certificate authority of My Global Corp, which is based in Washington, US, and the administrator is admin@myglobalcorp.com and we are going to issue a certificate to My Little Corp, which is based in Glasgow, UK, and the administrator is admin@mylittlecorp.com.
+
+
+### B.2
+Create your RSA key pair with:
+
+openssl genrsa -out ca.key 2048
+
+
+Next create a self-signed root CA certificate ca.crt for My Global Corp:
+
+
+
+
+How many years will the certificate be valid for?
+
+
+Which details have you entered:
+
+
+
+
+
+### B.3
+Next go to Places, and from your Home folder, open up ca.crt and view the details of the certificate.
+
+Which Key Algorithm has been used:
+
+Which hashing methods have been used:
+
+When does the certificate expire:
+
+Who is it verified by:
+
+Who has it been issued to:
+
+
+### B.4
+Next we will create a subordinate CA (My Little Corp), and which will be used for the signing of the certificate. First, generate the key:
+
+openssl genrsa -out ia.key 2048
+
+
+Next we will request a certificate for our newly created subordinate CA:
+
+openssl req -new -key ia.key -out ia.csr
+
+
+We can then create a certificate from the subordinate CA certificate and signed by the root CA.
+
+View the newly created certificate.
+
+When does it expire:
+
+Who is the subject of the certificate:
+
+Which is their country:
+
+Who signed the certificate:
+
+Which is their country:
+
+What is the serial number of the certificate:
+
+Check the serial number for the root certificate. What is its serial number:
+
+### B.5
+If we want to use this certificate to digitally sign files and verify the signatures, we need to convert it to a PKCS12 file:
+
+
+Can you view ia.p12 in a text edit?
+
+
+
+### B.6
+The crt format is in encoded in binary. If we want to export to a Base64 format, we can use DER:
+
+
+What are the details on the requests?
+
+
+
+
+
+
+## C Elliptic Curve Key Creation
+Elliptic curve key pairs are increasing used within corporate Web sites.
+
+In Openssl we can view the curves with the ecparam option:
+
+openssl ecparam -list_curves
+
+
+Outline some of the curve names:
+
+
+
+
+By performing an Internet search, which are the most popular curves (and where are they used)?
+
+
+
+
+We can create our elliptic parameter file with:
+
+
+Finally we will convert into a DER format, so that we can import the keys into a system:
+
+openssl ec -in enckey.pem -outform DER -out enckey.der
+
+
+Examine each of the files created and outline what they contain:
+
+
+
+
+Now pick another elliptic curve type and perform the same operations as above. Which type did you use?
+
+
+
+Outline the commands used:
+
+
+
+
+
+
+If you want to create a non-encrypted version (PFX), which command would you use:
+
+
+
+
+
+Go to www.cloudflare.com and examine the digital certificate on the site.
+
+What is the public key method used?
+
+
+What is the size of the public key?
+
+
+What is the curve type used?
+
+## E PFX files
+We have a root certificate authority of My Global Corp, which is based in Washington, US, and the administrator is admin@myglobalcorp.com and we are going to issue a certificate to My Little Corp, which is based in Glasgow, UK, and the administrator is admin@mylittlecorp.com.
+
+
+### E.1 We will now view some PFX certificate files, and which are protected with a password:
+
+Web link (Digital Certificates): http://asecuritysite.com/encryption/digitalcert2
+
+For Certificate 1, can you open it in the Web browser with an incorrect password:
+
+
+Now enter “apples” as a password, and record some of the key details of the certificate:
+
+
+Now repeat for Certificate 2:
+
+
+
+### E.2
+Now with the PFX files (contained in the ZIP files from the Web site), try and import them onto your computer. Try to enter an incorrect password first and observe the message.
+
+
+Was the import successful?
+
+
+If successful, outline some of the details of the certificates:
+
+
+
+
+## F Cracking Certificates
+Digital certificates are often protected with a simple password. With this we can use a Python program to try various passwords on the certificate, and if it does not create an exception, then we have found the required password. First download the following pfx files:
+
+https://asecuritysite.com/cert_crack.zip
+
+Now for fred.pfx, crack the password with the following code:
+
+```python
+import OpenSSL
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+str="fred.pfx"
+passwords=["ankle","battery","password","bill","apple","apples","orange"]
+
+for password in passwords:
+ try:
+ pfx = open(str, 'rb').read()
+
+ p12 = OpenSSL.crypto.load_pkcs12(pfx, password)
+ print "Found: ",password
+
+
+ privkey=OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey())
+
+ cert=OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate())
+
+ cert = x509.load_pem_x509_certificate(cert, default_backend())
+
+
+ print " Issuer: ",cert.issuer
+ print " Subect: ",cert.subject
+ print " Serial number: ",cert.serial_number
+ print " Hash: ",cert.signature_hash_algorithm.name
+ print privkey
+ print certificate
+
+
+ except:
+
+ print "Not working: ",password
+```
+
+What is the password?
+
+
+The files bill01.pfx, bill02.pfx … bill18.pfx have a password which are fruits. Can you determine the fruits used:
+
+
+The files country01.pfx, country02.pfx … country06.pfx have a password which are countries. Can you determine the countries used:
+
+
+
+## G Setting up a certificate on a Web site
+### G.1
+Now we will enable HTTPs on an Apache Web Server, and install a digital certificate. Execute the following commands:
+
+
+HTTPs should now be enabled with a self-signed certificate. If you try https://localhost, you will have to add an exception to view the page, as we are using a self-signed certificate:
+
+
+
+## What I should have learnt from this lab?
+The key things learnt:
+
+* Understand how digital certificates are generated and ported onto systems.
+* Identifying problems with digital certificates on sites.
+* Understand how Python could be used in the analysis of certificates.
+
diff --git a/unit06_trust_dig_cert/lab/new_lab06.docx b/unit06_trust_dig_cert/lab/new_lab06.docx
new file mode 100644
index 0000000..9f2ae5c
Binary files /dev/null and b/unit06_trust_dig_cert/lab/new_lab06.docx differ
diff --git a/unit06_trust_dig_cert/lab/new_lab06.pdf b/unit06_trust_dig_cert/lab/new_lab06.pdf
new file mode 100644
index 0000000..a0a8786
Binary files /dev/null and b/unit06_trust_dig_cert/lab/new_lab06.pdf differ
diff --git a/unit06_trust_dig_cert/lab/samples_ans.md b/unit06_trust_dig_cert/lab/samples_ans.md
new file mode 100644
index 0000000..ec1d229
--- /dev/null
+++ b/unit06_trust_dig_cert/lab/samples_ans.md
@@ -0,0 +1,114 @@
+
+
+# Lab 6: Trust and Digital Certificates
+
+
+## A Introduction
+
+### A.1
+
+Serial Number: 702958
+
+Effective date: 4/24/2008 9:18:42 PM
+
+Name: Fred Smith
+
+Issuer: Self signed
+
+What is CN used for: Common Name
+
+What is OU used for: Organisational Unit
+
+What is O used for: Organisational
+
+What is L used for: Location
+
+
+### A.3
+
+$ openssl s_client -connect www.live.com:443
+CONNECTED(00000005)
+depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
+verify return:1
+depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+verify return:1
+depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
+verify return:1
+---
+Certificate chain
+ 0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
+ i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+ 1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+ i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+MIIHzjCCBragAwIBAgIQCoH8ucQ1FhbxdOc4Y7FvoTANBgkqhkiG9w0BAQsFADBL
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
+aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTE5MTIyNDAwMDAwMFoXDTIx
+MTIyNDEyMDAwMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
+EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
+bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDLFi2juwqukpMR/dNzYseJ2nU9LPCnrpyYbnFxRxf8m3L8Z+n3XREd
+LmTZ0lIK2V2sgJnR+16PvnTeuLlT0XVnaDWsE2/6bR6T3zCI9HlmB5mYgBAKrLq6
+yB1yZlf+DqaGFZUVRu1rgAt4DTZvc4liwve3n04Cm7/XZAluv223SGMc6sdRi8cq
+IHaPTZsJW2GQeFkvIjb7/Cz6IzwVS7bj62cWRYQeq08Nl3hEOgOPwbWDLmLj7hDe
+UbPzdZuh2Mo2PhF1CbZXz2IGRMcsgou6+Tu2s/MhexemAwKwqQntoE5rEdPc2GcC
+...
+kdLxzsCguY8dsdvU+iKBqqTGrF0+aq++Yu+wSgj8wLUa3jUPJ1/Cd4k/kAKQCCL5
+LvT0BheI4kzyqQW/QykMpTRbpctzLgA0IZctBRXj4xsI1aUYj1ZoaKy/XFMO0lGK
+Ta7iKyY7UwpRxq2+i4DBGcgnN4mFXif6qMC6LVS2H43fPQ==
+-----END CERTIFICATE-----
+subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
+
+issuer=C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+
+---
+No client certificate CA names sent
+Peer signing digest: SHA256
+Peer signature type: RSA
+Server Temp Key: ECDH, P-384, 384 bits
+---
+SSL handshake has read 3978 bytes and written 472 bytes
+Verification: OK
+---
+New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
+Server public key is 2048 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+SSL-Session:
+ Protocol : TLSv1.2
+ Cipher : ECDHE-RSA-AES256-GCM-SHA384
+ Session-ID: 752A8406875DA02E17A539E7676182F6EBDC880FE5DA95BE0531B733E6EB054B
+ Session-ID-ctx:
+ Master-Key: 4E1B4A0FB630888BA14231377A314568F7B9BABBF5298E79E09561B904DC739DF52F2B1288A78F5DCAEFABFF73D23A3D
+ PSK identity: None
+ PSK identity hint: None
+ SRP username: None
+ TLS session ticket lifetime hint: 36000 (seconds)
+ ...
+
+
+Can you identity the certificate chain?
+
+Certificate chain
+ 0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
+ i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+ 1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
+ i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
+
+
+What is the subject on the certificate?
+
+outlook.com
+
+
+Who is the issuer on the certificate?
+
+DigiCert Cloud Services CA-1
+
+
+
+
diff --git a/unit06_trust_dig_cert/lecture/README.md b/unit06_trust_dig_cert/lecture/README.md
new file mode 100644
index 0000000..2ee0ca5
--- /dev/null
+++ b/unit06_trust_dig_cert/lecture/README.md
@@ -0,0 +1,23 @@
+
+
+# Unit 6: Trust and Digital Certificates
+
+The key concepts are:
+
+* Digital Certificate: Usage, formats, and PKI.
+* Creation of the trust infrastructure.
+
+## What you should know at the end of unit?
+
+* Understand the trust infrastructures of PKI.
+* Define certificate signing requests for the generation of certificates.
+
+## Presentations
+
+* Week 7 Presentation (PDF) - Digital Certs: [here](https://asecuritysite.com/public/chapter06_digital_cert.pdf).
+* Week 7 Presentation (lecture) - Digital Certs: [here](https://youtu.be/2ptgq8u0I5g).
+* Week 7 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs).
+
+
+
+
diff --git a/unit06_trust_dig_cert/lecture/unit06_digital_cert.key b/unit06_trust_dig_cert/lecture/unit06_digital_cert.key
new file mode 100755
index 0000000..fb2beab
Binary files /dev/null and b/unit06_trust_dig_cert/lecture/unit06_digital_cert.key differ
diff --git a/unit06_trust_dig_cert/lecture/unit06_digital_cert.pdf b/unit06_trust_dig_cert/lecture/unit06_digital_cert.pdf
new file mode 100644
index 0000000..608ef6d
Binary files /dev/null and b/unit06_trust_dig_cert/lecture/unit06_digital_cert.pdf differ
diff --git a/unit06_trust_dig_cert/lecture/unit06_digital_cert.pptx b/unit06_trust_dig_cert/lecture/unit06_digital_cert.pptx
new file mode 100644
index 0000000..5d6a80b
Binary files /dev/null and b/unit06_trust_dig_cert/lecture/unit06_digital_cert.pptx differ
diff --git a/unit06_trust_dig_cert/src/a_03.txt b/unit06_trust_dig_cert/src/a_03.txt
new file mode 100644
index 0000000..881db9d
--- /dev/null
+++ b/unit06_trust_dig_cert/src/a_03.txt
@@ -0,0 +1 @@
+openssl s_client -connect www.live.com:443
diff --git a/unit06_trust_dig_cert/src/b_07.py b/unit06_trust_dig_cert/src/b_07.py
new file mode 100644
index 0000000..96fecf3
--- /dev/null
+++ b/unit06_trust_dig_cert/src/b_07.py
@@ -0,0 +1,34 @@
+import OpenSSL.crypto
+from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM
+
+csr = '''-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICyTCCAbECAQAwajELMAkGA1UEBhMCVUsxDTALBgNVBAgTBE5vbmUxEjAQBgNV
+BAcTCUVkaW5idXJnaDEXMBUGA1UEChMOTXkgTGl0dGxlIENvcnAxDDAKBgNVBAsT
+A01MQzERMA8GA1UEAxMITUxDLm5vbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCuQE68qgssJ210wGxfKjCX3PG/RgSb5VpAp2rzavx71M9Bhg9kUORE
+OP7BQC3E6DGu+xba3NdnhrHAFNa+hH9dnTZrlxb98aM5q9+TUm76V1toIseOMDdU
+UE9IpxXoFvD6b0inbFZnbrjFj3XUUzIIqvvizw4rIOxzgbWqZ5+F7YpP8d59eWW0
+6iXzJKoeE/+Gw7Slsdr1+QQAUaX05MHTweMYbZEHir2M8f1RA4o81zEd2tWCK85F
+6VS/EkCzUG1cqDBQQ7D2S9MWN8Zk2P7CS8/yZx7uRTmT1t3UWKLUyIN0TU3IjCeY
+t53P6C+9DT6UD0fDFZRBCmPOH+qb6/YBAgMBAAGgGjAYBgkqhkiG9w0BCQcxCxMJ
+UXdlcnR5MTIzMA0GCSqGSIb3DQEBBQUAA4IBAQCqpXjmaQf2/o/xbNZG5ggAV8yV
+d6rSabnov5zIkcit9NQXsPJEi84u7CbcriYqY5h7XlMWjv476mAGbgAVZB2ZhIlp
+qLal+lx9xwhFbuLHNRxZcUMM0g9KQZaZTkAQdlDVU/vPzRjq+EHGoPfG7R9QKGD0
+k1b4DqOvInWLOs+yuWT7YYtWdr2TNKPpcBqbzCYzrWL6UaUN7LYFpNn4BbqXRgVw
+iMAnUh9fvLMe7oreYfTaevXT/506Sj9WvQFXTcLtRhs+M30q22/wUK0ZZ8APjpwf
+rQMegvzXXEIO3xEGrBi5/wXJxsawRLcM3ZSGPu/Ws950oM5Ahn8K8HBdKubQ
+-----END NEW CERTIFICATE REQUEST-----'''
+
+req = load_certificate_request(FILETYPE_PEM, csr)
+key = req.get_pubkey()
+key_type = 'RSA' if key.type() == OpenSSL.crypto.TYPE_RSA else 'DSA'
+subject = req.get_subject()
+components = dict(subject.get_components())
+print "Key algorithm:", key_type
+print "Key size:", key.bits()
+print "Common name:", components['CN']
+print "Organisation:", components['O']
+print "Organisational unit", components['OU']
+print "City/locality:", components['L']
+print "State/province:", components['ST']
+print "Country:", components['C']
diff --git a/unit06_trust_dig_cert/src/ca.cer b/unit06_trust_dig_cert/src/ca.cer
new file mode 100644
index 0000000..b2f8706
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ca.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIJAMnkRtqDNuEHMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
+BAYTAlVLMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlFZGluYnVyZ2gx
+DTALBgNVBAoMBGRmZGYxDjAMBgNVBAsMBWRmc2RmMB4XDTE5MDMwMzExNDYxN1oX
+DTI0MDMwMjExNDYxN1owVTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3Rh
+dGUxEjAQBgNVBAcMCUVkaW5idXJnaDENMAsGA1UECgwEZGZkZjEOMAwGA1UECwwF
+ZGZzZGYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClTP8ZZf4PtDUW
+Z7uaNm7+xkrjq+uXJDtP6UYSfvGr76pXtcEzb4cczUSZbCUhwI+S1SWlQsSuqVwW
+HqyURhAcIiVPg/Vo0v3R0Jnk/rpx3IwuxlX3Ta5V4SdP25KewxTotDfAP9Q0oE1z
+KtoemcGQ8ibcJM/1h9OGnUV8o1wRQYUOx7GvHnRXtkOSKUk0db8SwU2rcE/51ORr
+KjjxpOsprBEVcoOnzDv4/B1ILAnv07STZkAFLdRK+ScseXaqBSE5popZhLAPo3wr
+QcUrzveOsl1H+rXCu3cPVlrCR+rubaKLZ5qOpy/fJ9hL2gtSe+fGv+W9JE8eniaV
+j2eMP4fvAgMBAAGjUDBOMB0GA1UdDgQWBBRNuNroiMADP/j8qX73hWeg3URcAjAf
+BgNVHSMEGDAWgBRNuNroiMADP/j8qX73hWeg3URcAjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQA0k5e8wuQLJF2rsb8mRkvG2x6+1zebCh3/vFvN7Kdi
+z2yKj98wkKBqsfmdcKIXGBB4edBwLIG5DkySbvbnwUNJacQmhqVVrkkk2A+G0L8E
+GSR9lE1jOFPPDJ46faSHRGFogqD+vkBLrxwIbnfAyaNLvdqUMJgvp0HyL5MfDHkW
+QFujAc8c0l8Xp7iZmDFKH/v9tt0ONq/l1D2LHaYPscCXzGidXbXpcKk5AlMckgWy
+8XYvF+v4lo9lQtheoAfgscuIJYnFQVlCcVrV4HGZX+vzsiT3NhvDvQNQN00hk3fe
+opDaLcBWZ3J9mw6HqNO+CJeaQ9caxx8yDDdXa+Xrjs2Z
+-----END CERTIFICATE-----
diff --git a/unit06_trust_dig_cert/src/ca.crt b/unit06_trust_dig_cert/src/ca.crt
new file mode 100644
index 0000000..b2f8706
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ca.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIJAMnkRtqDNuEHMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
+BAYTAlVLMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlFZGluYnVyZ2gx
+DTALBgNVBAoMBGRmZGYxDjAMBgNVBAsMBWRmc2RmMB4XDTE5MDMwMzExNDYxN1oX
+DTI0MDMwMjExNDYxN1owVTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3Rh
+dGUxEjAQBgNVBAcMCUVkaW5idXJnaDENMAsGA1UECgwEZGZkZjEOMAwGA1UECwwF
+ZGZzZGYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClTP8ZZf4PtDUW
+Z7uaNm7+xkrjq+uXJDtP6UYSfvGr76pXtcEzb4cczUSZbCUhwI+S1SWlQsSuqVwW
+HqyURhAcIiVPg/Vo0v3R0Jnk/rpx3IwuxlX3Ta5V4SdP25KewxTotDfAP9Q0oE1z
+KtoemcGQ8ibcJM/1h9OGnUV8o1wRQYUOx7GvHnRXtkOSKUk0db8SwU2rcE/51ORr
+KjjxpOsprBEVcoOnzDv4/B1ILAnv07STZkAFLdRK+ScseXaqBSE5popZhLAPo3wr
+QcUrzveOsl1H+rXCu3cPVlrCR+rubaKLZ5qOpy/fJ9hL2gtSe+fGv+W9JE8eniaV
+j2eMP4fvAgMBAAGjUDBOMB0GA1UdDgQWBBRNuNroiMADP/j8qX73hWeg3URcAjAf
+BgNVHSMEGDAWgBRNuNroiMADP/j8qX73hWeg3URcAjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQA0k5e8wuQLJF2rsb8mRkvG2x6+1zebCh3/vFvN7Kdi
+z2yKj98wkKBqsfmdcKIXGBB4edBwLIG5DkySbvbnwUNJacQmhqVVrkkk2A+G0L8E
+GSR9lE1jOFPPDJ46faSHRGFogqD+vkBLrxwIbnfAyaNLvdqUMJgvp0HyL5MfDHkW
+QFujAc8c0l8Xp7iZmDFKH/v9tt0ONq/l1D2LHaYPscCXzGidXbXpcKk5AlMckgWy
+8XYvF+v4lo9lQtheoAfgscuIJYnFQVlCcVrV4HGZX+vzsiT3NhvDvQNQN00hk3fe
+opDaLcBWZ3J9mw6HqNO+CJeaQ9caxx8yDDdXa+Xrjs2Z
+-----END CERTIFICATE-----
diff --git a/unit06_trust_dig_cert/src/ca.key b/unit06_trust_dig_cert/src/ca.key
new file mode 100644
index 0000000..637e7f6
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApUz/GWX+D7Q1Fme7mjZu/sZK46vrlyQ7T+lGEn7xq++qV7XB
+M2+HHM1EmWwlIcCPktUlpULErqlcFh6slEYQHCIlT4P1aNL90dCZ5P66cdyMLsZV
+902uVeEnT9uSnsMU6LQ3wD/UNKBNcyraHpnBkPIm3CTP9YfThp1FfKNcEUGFDsex
+rx50V7ZDkilJNHW/EsFNq3BP+dTkayo48aTrKawRFXKDp8w7+PwdSCwJ79O0k2ZA
+BS3USvknLHl2qgUhOaaKWYSwD6N8K0HFK873jrJdR/q1wrt3D1Zawkfq7m2ii2ea
+jqcv3yfYS9oLUnvnxr/lvSRPHp4mlY9njD+H7wIDAQABAoIBAEJ6ndmkGDJOok8Z
+duyFWcxjCTlZKg2GB8iSo5jKrv0cDSDrOwEpqGgf8afWQ3S4kcVWraYyHRG1kRBg
+U73qE46M+P5qrqbyvBvGzi23eFpUfZhOMcKc3jExtPK79tKc2GriF83cncZwddWM
+dV57LcrSaGh+8ZfogVyRIaIHvP4++sLvnIzSsfmS7DJUtk9WLYX93KEBTJFqGBMg
+xxp3EZPFufVBxx5HCeIl3V/No8S45bt6lwwysGSfCICJbWJQfI0eiOojRYYbbwLp
+M40yA2X5fwH+MtxvJyygzBlh1wQowLAL67sRH+jChlPWAjtXXJ4uvGxHonDokDyo
+i1Ka+gkCgYEA2UpvSmwsf9jquEfxcsQGkqzPoWIkXKks5ePGzQl2Zx5/ZDMh06aH
+TEmSOskD4jZ9ckq2TbARxjsFqJdQeh8LC60V4H8zPVZtxkQiarmpiU1oxpiix8Ob
+O35f0bCO2QIS3Iy4Qx/M/ecyMR0D04Pxu4gpM3IX6MQiYdWhe3FYPxUCgYEAwr+N
+pOeEKeTCzgijZA+X0Cd6MxxgL7PHTbSS3cIHN6nv08ssE40Bc0M3MEonbk2lEGe0
+8Y63/O+GlXDnJ2rqjgLMTLhUz+KHRwStKk4xldgvtsLzm5FVF+6iKb8E5NYkyBDN
+lt4LthLINz1TM5aKLFiWG5lcsrrELQ2fxfsey/MCgYB6j/eyPM3k1w+eHkZce6FR
+flQnLVphQbNngFEUOfAlPhiRBh5gaaALMbxfmB6urBmaK/YkX9nGvGf2rlLgbz4l
+ud2LIXRfdq64lJntJQgxwA4HZvT6RKT8q82UU0hfs0G8UUtl4TwZQx0Wgs0zs0rY
+gnbq48IEswzJrlxFaqth+QKBgQC+Iuj21HartEYhhDuJ6NNujex31D9ws1Rl4GP3
+kIUdapPVMyrwV53P3BMY2X1P6wy6TJZTtOSbVXwPkXCNgoxIZCD00o8ze9ZZlw4+
+HKO6yZwkEohnHWh3+itnGLF9fjng/s7KejXy6LmDfSMrXdG/ZCoB/iSL916rIf8Y
++4lg0wKBgDc0+AcIScuhGFHx5ahKccvCZtGeHtHgxAEsVn/rvePSjWQZs1I0rliD
+AZKmRMmv8RI076giilHI6xwCNJow5nRZXvHAAv45Vp4xAbGA1DdrbnCRpv8i5oAV
+NIpzUGLKDuIxls+uGTh1X7iG9APLRNjDFgsLSdaMwaHsVNkNIALb
+-----END RSA PRIVATE KEY-----
diff --git a/unit06_trust_dig_cert/src/csr01.txt b/unit06_trust_dig_cert/src/csr01.txt
new file mode 100644
index 0000000..bacb97b
--- /dev/null
+++ b/unit06_trust_dig_cert/src/csr01.txt
@@ -0,0 +1,20 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIDPzCCAqgCAQAwZDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmJqMQswCQYDVQQH
+EwJiajERMA8GA1UEChMIbXhjei5uZXQxETAPBgNVBAsTCG14Y3oubmV0MRUwEwYD
+VQQDEwx3d3cubXhjei5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQ7
+an4v6pHRusBA0prMWXMWJCXY1AO1H0X8pvZj96T5GWg++JPCQE9guPgGwlD02U0B
+NDoEABeD1fwyKZ+JV5UFiOeSjO5sWrzIupdMI7hf34UaPNxHo6r4bLYEykw/Rnmb
+GKnNcD4QlPkypE+mLR4p0bnHZhe3lOlNtgd6NpXbAgMBAAGgggGZMBoGCisGAQQB
+gjcNAgMxDBYKNS4yLjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8E
+BAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN
+AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABS
+AFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp
+AGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBIKHVhHb9FZdVLV4VZ
+9DK4aBSuYY//jlIpvsfMIdHXfAsuan7w7PH87asp1wdb6lD9snvLZix1UGK7VQg6
+wUFYNlMqJh1m7ITVvzhjdnx7EzCKkBXSxEom4mwbvSNvzqOKAWsDE0gvHQ9aCSby
+NFBQQMoW94LqrG/kuIQtjwVdZA==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/unit06_trust_dig_cert/src/csr02.txt b/unit06_trust_dig_cert/src/csr02.txt
new file mode 100644
index 0000000..80b41d6
--- /dev/null
+++ b/unit06_trust_dig_cert/src/csr02.txt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
+HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
+Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
+IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
+WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
+cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
+4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
+Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
+6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
+-----END CERTIFICATE REQUEST-----
diff --git a/unit06_trust_dig_cert/src/d_01.py b/unit06_trust_dig_cert/src/d_01.py
new file mode 100644
index 0000000..c6aed1b
--- /dev/null
+++ b/unit06_trust_dig_cert/src/d_01.py
@@ -0,0 +1,54 @@
+import hashlib
+import sys
+import binascii
+import Padding
+import random
+
+from Crypto.Cipher import AES
+from Crypto import Random
+
+msg="test"
+
+def encrypt(word,key, mode):
+ plaintext=pad(word)
+ encobj = AES.new(key,mode)
+ return(encobj.encrypt(plaintext))
+
+def decrypt(ciphertext,key, mode):
+ encobj = AES.new(key,mode)
+ rtn = encobj.decrypt(ciphertext)
+ return(rtn)
+
+def pad(s):
+ return s
+ extra = len(s) % 16
+ if extra > 0:
+ s = s + (' ' * (16 - extra))
+ return s
+
+
+rnd = random.randint(1,2**128)
+
+keyA= hashlib.md5(str(rnd)).digest()
+
+rnd = random.randint(1,2**128)
+
+keyB= hashlib.md5(str(rnd)).digest()
+
+print 'Long-term Key Alice=',binascii.hexlify(keyA)
+print 'Long-term Key Bob=',binascii.hexlify(keyB)
+
+rnd = random.randint(1,2**128)
+keySession= hashlib.md5(str(rnd)).hexdigest()
+
+ya = encrypt(keySession,keyA,AES.MODE_ECB)
+yb = encrypt(keySession,keyB,AES.MODE_ECB)
+
+print "Encrypted key sent to Alice:",binascii.hexlify(ya)
+print "Encrypted key sent to Bob:",binascii.hexlify(yb)
+
+decipherA = decrypt(ya,keyA,AES.MODE_ECB)
+decipherB = decrypt(yb,keyB,AES.MODE_ECB)
+
+print "Session key:",decipherA
+print "Session key:",decipherB
diff --git a/unit06_trust_dig_cert/src/enckey.der b/unit06_trust_dig_cert/src/enckey.der
new file mode 100644
index 0000000..38b27bb
Binary files /dev/null and b/unit06_trust_dig_cert/src/enckey.der differ
diff --git a/unit06_trust_dig_cert/src/enckey.pem b/unit06_trust_dig_cert/src/enckey.pem
new file mode 100644
index 0000000..ac23ebb
--- /dev/null
+++ b/unit06_trust_dig_cert/src/enckey.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,1723BF9302D19564732EB43CB05DA0C9
+
+jZbzcM9joWFdxK04f/DTkntwkaH8aME14q9xN4X8q6RDKiKAwclNqhHmtm+cbLiK
+D1DNV6wDKhAkXN6oYY3RYZlEBDtG9tiazG1zCmT2wgQHq5ftrurxPeOYZyDvYxOb
+MycgVNxmv8ZzoxEzLa4N0Lg8WpwGegIyNGE2cwwUDLQ=
+-----END EC PRIVATE KEY-----
diff --git a/unit06_trust_dig_cert/src/f_01.py b/unit06_trust_dig_cert/src/f_01.py
new file mode 100644
index 0000000..6b79f7b
--- /dev/null
+++ b/unit06_trust_dig_cert/src/f_01.py
@@ -0,0 +1,22 @@
+import OpenSSL
+
+str="fred.pfx"
+passwords=["ankle","battery","password","bill","apple","apples","orange"]
+
+for password in passwords:
+ try:
+ pfx = open(str, 'rb').read()
+
+ p12 = OpenSSL.crypto.load_pkcs12(pfx, password)
+
+ print "Found: ",password
+ print " ",p12.get_friendlyname()
+
+ privkey=OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey())
+
+ certificate=OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate())
+ print privkey
+ print certificate
+
+ except:
+ print "Not working: ",password
diff --git a/unit06_trust_dig_cert/src/ia.crt b/unit06_trust_dig_cert/src/ia.crt
new file mode 100644
index 0000000..dbd19a7
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ia.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFjCCAf4CAQEwDQYJKoZIhvcNAQELBQAwVTELMAkGA1UEBhMCVUsxEzARBgNV
+BAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCUVkaW5idXJnaDENMAsGA1UECgwEZGZk
+ZjEOMAwGA1UECwwFZGZzZGYwHhcNMTkwMzAzMTE1MTEwWhcNMjEwMzAyMTE1MTEw
+WjBNMQswCQYDVQQGEwJVSzETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UEBwwH
+R2xhc2dvdzEXMBUGA1UECgwOTXkgTGl0dGxlIENvcnAwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCxxHLWScS8gCxr0GGiBG8fPYOJoujG8ZPr7z1IEfEi
+5g3eJUUu6Brp1q2RV1WQlmPq/7UDHc2KJ9ASTk0nly0Gf13FSG7J12oa4vk3NT9S
+J/y6sCUooomB0sec9FlMdtDjBTQpY7IW2nnNTafWDl8OoRaIN4/F7Yd1jnpMh9b/
+BGUY+tjZlNrVEa8xzLVsKJseJNimwgsHKuTnvB259BOimrSSafcLxCFsq4yiNLEL
+NjP5R8DUqsCes4RD9xB5Tg7wU8PNKhHuiOyuz5em2XvuB+9Kz5hAo7Abfm8Ao33a
+l9rAq1InSsN/oG3a9PVfxZ7ZBN2BUylfSUcJWrJkJsLxAgMBAAEwDQYJKoZIhvcN
+AQELBQADggEBAFTA9DhVS/Rm9eHO70MB2Z5Md6y+dBOUQDS9Pj0LylIU/4oPXPV+
+AIyAWE3M0OEacRax0YweYo9R1i9dvBdE9V91xJwTqmMEXUDePVUF4IjI764NbNi2
+Gt+ohDlEDwCami+AH3KkxAaxGCngol99m8miWD0WJZYRflCC67kvh+gbVpt4AJEv
+7eSFuG2pjb0IbyUWZ9wI8DVqQ9eIArOmODOO5NkyIolh3PtxgyXnjamZADX4CMuj
+Z56bkIPVCvkwtQHPfBOIYSRk/e4NhGGbEilON+vlvSnZrwGDLGyUpJysyCLUxgn8
+5C2F8LXNizNMyGgBVGwQzHSqu0zeBvnoyso=
+-----END CERTIFICATE-----
diff --git a/unit06_trust_dig_cert/src/ia.csr b/unit06_trust_dig_cert/src/ia.csr
new file mode 100644
index 0000000..3489352
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ia.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkjCCAXoCAQAwTTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUx
+EDAOBgNVBAcMB0dsYXNnb3cxFzAVBgNVBAoMDk15IExpdHRsZSBDb3JwMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscRy1knEvIAsa9BhogRvHz2DiaLo
+xvGT6+89SBHxIuYN3iVFLuga6datkVdVkJZj6v+1Ax3NiifQEk5NJ5ctBn9dxUhu
+yddqGuL5NzU/Uif8urAlKKKJgdLHnPRZTHbQ4wU0KWOyFtp5zU2n1g5fDqEWiDeP
+xe2HdY56TIfW/wRlGPrY2ZTa1RGvMcy1bCibHiTYpsILByrk57wdufQTopq0kmn3
+C8QhbKuMojSxCzYz+UfA1KrAnrOEQ/cQeU4O8FPDzSoR7ojsrs+Xptl77gfvSs+Y
+QKOwG35vAKN92pfawKtSJ0rDf6Bt2vT1X8We2QTdgVMpX0lHCVqyZCbC8QIDAQAB
+oAAwDQYJKoZIhvcNAQELBQADggEBAKDPrpYuTtQErltMQ7Vgrt3OX8Hync5vxEqH
+Ggb47H8O5P+3j/cHdMn14VLgpF9pP/ke92Pi2/XNXmwTX1oWZRBhYSKbpfEm0fV6
+tt2Cz+Pn+9hbHeUsjqtvz0Plbx6j5SEnufhT2iPr3NLn4p+e9njlwryYvOWWFjyy
+cicdCkzCDIeG3nv/etTZfkp5+KDCFv9KqHg68kARvvEMLCw+NYqIWnZfNBhx7xJj
+GtQJ3PuY83KgL9zii/y27p6nF1q8imbo9+msm9Zqqo3b9L2YerH/70l9wMPylhF/
+dLvRdYpE2fD3Pe/hec7+YunWdkvEfSoeb5J7MFhXD9dB2XfeaOw=
+-----END CERTIFICATE REQUEST-----
diff --git a/unit06_trust_dig_cert/src/ia.key b/unit06_trust_dig_cert/src/ia.key
new file mode 100644
index 0000000..fdebbee
--- /dev/null
+++ b/unit06_trust_dig_cert/src/ia.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAscRy1knEvIAsa9BhogRvHz2DiaLoxvGT6+89SBHxIuYN3iVF
+Luga6datkVdVkJZj6v+1Ax3NiifQEk5NJ5ctBn9dxUhuyddqGuL5NzU/Uif8urAl
+KKKJgdLHnPRZTHbQ4wU0KWOyFtp5zU2n1g5fDqEWiDePxe2HdY56TIfW/wRlGPrY
+2ZTa1RGvMcy1bCibHiTYpsILByrk57wdufQTopq0kmn3C8QhbKuMojSxCzYz+UfA
+1KrAnrOEQ/cQeU4O8FPDzSoR7ojsrs+Xptl77gfvSs+YQKOwG35vAKN92pfawKtS
+J0rDf6Bt2vT1X8We2QTdgVMpX0lHCVqyZCbC8QIDAQABAoIBADPczGQYQX19J3iM
+4u8RvBmxKJ8PGDpyYGWE9qwAEAnOdF1LIlP9A10VdK3ifOQh/CSjVXwDReP4mYu9
+rGTQhiJPJlxYNXpNjncpoOuqbT7ay7Drkuu3/8YQaIwx/ZuBTo/tBLrOizZ/pulu
+rniU2Ma72IcFLrzf/5UcbDHHr8HWWZp+L9ggW5ZbI+BfNTd0VQxkRNjcOrzU4A2k
+AUlj2KjjL9r4NRdPGqwi9JUVwFvRa7FeMrgY6KwcVXpvKXZC8RsxA9eXJTj7U3Z6
+eJAw0gzMWbTIy4FNol5UJ2qM0+EDB4OOyP884G7P6Dd/iT5ukt/QpTpMmSyFUCfk
+ky5aHAECgYEA5WdhmDrAU9W/FxwxRt0A969NuNKg5s8AjycjUzSFkmWC3GpMxYJJ
+xTvkBLuF8AQoovmuYpUWKi7+8hq+HA15iXE7sfpy7GXkKi7eHQ1iRsDZ4lryAqvg
+jc7iGoT623JTOZfWLqxsHmU1f1GJLEKkD8jk1oa2eEU8XwvfrjuEyOkCgYEAxmCE
+VYew6oXENgdtTGh3YJW0ZzRNcCX2GwVPHJrJGE/JUhNwvaWzGnylrG0UAo9G4N4M
+I3dWc6ofO/OalvIyrqcgOSAeO2ITWROSlvLi7vE30V3xt7jYFDbi8plhGp3yQKtt
+Eid1CTRVoRoiS9Geb2EOLdJQKqj1mZ7xjJTaZMkCgYEAl9361AaA8H8ehDQbwyfn
+zhD1yRdXgbUkT6C/WAP7MVGWckjFDjQUlkfxydhC8QQvysS0V3sPM1ntWWWu2W9q
+OD0IIekFT86cX/iq/lyv5Nsi4yEF+hLDE94T/S5vy/tBcW09U6S95tllsyXNQ8nS
+RsjeBc8k2TYso1d++x9X5pECgYAPyFH+9AKxRd8sZT7e21jUCFUH+PNIPtzrnWqD
+3hStqHtd2koX7HzpWI1dwHfdFEURUtkoYTAxl5FQlbrw02gQ2R8JLHL7Snw7lAEP
+nVdMp0hHke/PLBeU1CEOKAG/ul0xo/HThewbxVwiqw+bdJvkRJZ6MsdJ/ZM8m5ag
+Fp+hcQKBgFJpgHnFXSylV8HvuW7Gmyp0wXsBv2v4yUcjcdVIw7AzesoyRwrxSGcF
+TjRNpFO6yjSNk6jc/oLcDqo0MHUpEC3xOtOuFftORehYZGI8tPd3X7fyLXc7Jjyk
+IoJAuWRC8U/ljPtizaa1XZNE/7ZszPNXaHN/+xd0WEAK00Pz9e/M
+-----END RSA PRIVATE KEY-----
diff --git a/unit06_trust_dig_cert/src/ia.p12 b/unit06_trust_dig_cert/src/ia.p12
new file mode 100644
index 0000000..d13209e
Binary files /dev/null and b/unit06_trust_dig_cert/src/ia.p12 differ
diff --git a/unit06_trust_dig_cert/src/mykey.pem b/unit06_trust_dig_cert/src/mykey.pem
new file mode 100644
index 0000000..d86bb6c
--- /dev/null
+++ b/unit06_trust_dig_cert/src/mykey.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEIPZXqz4rW7TnjJpjEwY2HdMcQJOJhR67hZn8EJAKHPPUoAcGBSuBBAAK
+oUQDQgAEgqrtasaPGpbcrU5Kihgs+1U1whCKxBZwtTnqf1anK/UmOhhYG3tv7/cX
+6CEciagHfOy6z2mh3XUsj5OmCFccTw==
+-----END EC PRIVATE KEY-----
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill01.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill01.pfx
new file mode 100644
index 0000000..7f43d8e
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill01.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill02.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill02.pfx
new file mode 100644
index 0000000..f54e2df
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill02.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill03.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill03.pfx
new file mode 100644
index 0000000..51390a9
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill03.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill04.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill04.pfx
new file mode 100644
index 0000000..487205e
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill04.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill05.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill05.pfx
new file mode 100644
index 0000000..41e0a25
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill05.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill06.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill06.pfx
new file mode 100644
index 0000000..59da91b
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill06.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill07.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill07.pfx
new file mode 100644
index 0000000..78d7b4a
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill07.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill08.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill08.pfx
new file mode 100644
index 0000000..367b50d
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill08.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill09.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill09.pfx
new file mode 100644
index 0000000..73ae746
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill09.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill10.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill10.pfx
new file mode 100644
index 0000000..041eb75
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill10.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill11.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill11.pfx
new file mode 100644
index 0000000..96f4afd
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill11.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill12.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill12.pfx
new file mode 100644
index 0000000..e40d195
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill12.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill13.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill13.pfx
new file mode 100644
index 0000000..35d74db
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill13.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill14.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill14.pfx
new file mode 100644
index 0000000..58653c8
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill14.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill15.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill15.pfx
new file mode 100644
index 0000000..66c8aad
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill15.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill16.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill16.pfx
new file mode 100644
index 0000000..220df9c
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill16.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill17.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill17.pfx
new file mode 100644
index 0000000..cdb40bc
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill17.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/bill18.pfx b/unit06_trust_dig_cert/src/pfx_certs/bill18.pfx
new file mode 100644
index 0000000..ee0c300
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/bill18.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country01.pfx b/unit06_trust_dig_cert/src/pfx_certs/country01.pfx
new file mode 100644
index 0000000..3eda01b
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country01.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country02.pfx b/unit06_trust_dig_cert/src/pfx_certs/country02.pfx
new file mode 100644
index 0000000..e96d59f
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country02.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country03.pfx b/unit06_trust_dig_cert/src/pfx_certs/country03.pfx
new file mode 100644
index 0000000..0da0d66
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country03.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country04.pfx b/unit06_trust_dig_cert/src/pfx_certs/country04.pfx
new file mode 100644
index 0000000..93505c5
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country04.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country05.pfx b/unit06_trust_dig_cert/src/pfx_certs/country05.pfx
new file mode 100644
index 0000000..fcde5e5
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country05.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/country06.pfx b/unit06_trust_dig_cert/src/pfx_certs/country06.pfx
new file mode 100644
index 0000000..14d8020
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/country06.pfx differ
diff --git a/unit06_trust_dig_cert/src/pfx_certs/fred.pfx b/unit06_trust_dig_cert/src/pfx_certs/fred.pfx
new file mode 100644
index 0000000..53712e0
Binary files /dev/null and b/unit06_trust_dig_cert/src/pfx_certs/fred.pfx differ
diff --git a/unit06_trust_dig_cert/src/secp256k1.pem b/unit06_trust_dig_cert/src/secp256k1.pem
new file mode 100644
index 0000000..32d952e
--- /dev/null
+++ b/unit06_trust_dig_cert/src/secp256k1.pem
@@ -0,0 +1,3 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQACg==
+-----END EC PARAMETERS-----
diff --git a/unit07_tunnelling/README.md b/unit07_tunnelling/README.md
new file mode 100644
index 0000000..cb083e6
--- /dev/null
+++ b/unit07_tunnelling/README.md
@@ -0,0 +1,37 @@
+
+
+# Unit 7: Tunnelling (SSL, TLS and IPSec)
+
+## Presentations
+This provides an outline of tunnelling, including for SSL/TLS and IPSec:
+
+* Presentation (Lecture): [here](https://youtu.be/fz4eO53kOIU)
+* Presentation (PDF): [here](https://github.com/billbuchanan/esecurity/blob/master/unit07_tunnelling/lecture/unit07_tunnelling.pdf)
+* Presentation (Video): [here](https://youtu.be/JA9zfKtVwwE)
+
+## Lab
+The labs are:
+
+* Week 7 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/blob/master/unit07_tunnelling/lab/new_lab07.pdf)
+* Week 7 Lab (Demo): [here](https://youtu.be/ASCDJq4Wy9Y)
+
+## Network Traces
+
+The following are some sample PCAP files (you will need to install Wireshark to view them):
+
+* IPSec (PCAP file): [here](https://asecuritysite.com/log/ipsec.zip)
+* SSL (PCAP file): [here](https://asecuritysite.com/log/ssl.zip)
+* Client Server Connection on Port 443 (See lab, Section E.1): [here](https://asecuritysite.com/public/port_443_client_server.zip)
+* HTTPs (PCAP file): [here](https://asecuritysite.com/log/https.zip)
+* ECDHE (PCAP file): [here](https://asecuritysite.com/log/ssl_ecdhe.zip)
+* SFTP (PCAP file): [here](https://asecuritysite.com/log/sftp.zip)
+* TOR (PCAP file): [here](https://asecuritysite.com/log/tor.zip)
+* Heartbleed (PCAP file): [here](https://asecuritysite.com/log/heart.zip)
+
+## Related topics
+
+The following are some related presentations:
+
+* Introduction to SSL/TLS: [here]()
+* A Bluffers Guide to TLS 1.3: [here]()
+
diff --git a/unit07_tunnelling/lab/README.md b/unit07_tunnelling/lab/README.md
new file mode 100644
index 0000000..4438bac
--- /dev/null
+++ b/unit07_tunnelling/lab/README.md
@@ -0,0 +1,539 @@
+
+
+# Lab 7: Tunnelling and Web Security
+Objective: In this lab we will investigate the usage of SSL/TLS and VPN tunnels.
+
+
+YouTube Demo: https://youtu.be/ASCDJq4Wy9Y
+
+## A Web cryptography assessment
+The Ssllabs tool (https://ssllabs.com) can be used to assess the security of the cryptography used on a Web site. Pick three of your favouriate sites to scan. Now perform a test on them, and determine:
+
+
+What grade does the site get?
+
+The digital certificate key size and type?
+
+Does the name of the site match the name on the server?
+
+Who is the signer of the digital certificate?
+
+The expiry date on the digital certificate?
+
+What is the hashing method on the certificate?
+
+If it uses RSA keys, what is the e value that is used in the encryption (Me mod N)?
+Determine a weak cipher suite used and example why it might be weak?
+
+Is SSL v2 supported?
+
+
+If SSL v2 was supported, what problems might there be with the site (this will require some research)?
+Outline the usage of TLS 1.0/1.1 and 1.2, and identify a problem if one of these TLS versions were not supported?
+
+
+
+Is the site vulnerable to Heartbleed?
+
+Is the site vulnerable to DROWN?
+
+Is the site vulnerable to BEAST?
+
+Is the site vulnerable to POODLE?
+
+Research questions:
+
+What does TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 identify?
+
+
+
+If a site gets a ‘T’ grade, what is the problem?
+
+
+If the site was susceptible to Poodle, what is the vulnerability?
+
+
+Can you find a site which gets an “A+”? What features does a site need to get an “A+” grade?
+
+
+
+## A.2
+We will now create a Python program which calls up the SSLlabs assessment. First create a CSV file (sites.csv) with your sites in it. The format is Name of site, URL:
+
+
+
+Next enter the following code and run it:
+
+```python
+# Code from https://github.com/TrullJ/ssllabs/blob/master/ssllabsscanner.py
+import requests
+import time
+import sys
+import logging
+
+API = 'https://api.ssllabs.com/api/v2/'
+
+
+def requestAPI(path, payload={}):
+ '''This is a helper method that takes the path to the relevant
+ API call and the user-defined payload and requests the
+ data/server test from Qualys SSL Labs.
+ Returns JSON formatted data'''
+
+ url = API + path
+
+ try:
+ response = requests.get(url, params=payload)
+ except requests.exception.RequestException:
+ logging.exception('Request failed.')
+ sys.exit(1)
+
+ data = response.json()
+ return data
+
+
+def resultsFromCache(host, publish='off', startNew='off', fromCache='on', all='done'):
+ path = 'analyze'
+ payload = {
+ 'host': host,
+ 'publish': publish,
+ 'startNew': startNew,
+ 'fromCache': fromCache,
+ 'all': all
+ }
+ data = requestAPI(path, payload)
+ return data
+
+
+def newScan(host, publish='off', startNew='on', all='done', ignoreMismatch='on'):
+ path = 'analyze'
+ payload = {
+ 'host': host,
+ 'publish': publish,
+ 'startNew': startNew,
+ 'all': all,
+ 'ignoreMismatch': ignoreMismatch
+ }
+ results = requestAPI(path, payload)
+
+ payload.pop('startNew')
+
+ while results['status'] != 'READY' and results['status'] != 'ERROR':
+ time.sleep(30)
+ results = requestAPI(path, payload)
+
+ return results
+
+
+import csv
+with open('sites.csv') as csvfile:
+ reader = csv.DictReader(csvfile)
+ for row in reader:
+
+ url = row['site'].strip()
+
+ a = newScan(url)
+ with open("out3.txt", "a") as myfile:
+ myfile.write(str(row['web'])+"\n"+str(a)+"\n\n\n")
+ print row['web']
+```
+
+Note that it will can take a few minutes to perform a single scan. By reading the out3.txt file, outline your findings:
+
+
+Site name: Site rating:
+
+Other significant details:
+
+
+
+
+
+Site name: Site rating:
+
+
+Other significant details:
+
+
+
+
+
+## B Viewing details
+
+### B.1
+On your VM instance (or your desktop), run Wireshark and capture traffic from your main network connection. Start a Web browser and go to Google.com.
+
+
+
+Stop Wireshark and identify some of your connection details:
+
+Your IP address and TCP port:
+
+Google’s Web server IP address and TCP port:
+
+Which SSL/TLS version is used:
+
+By examining the Wireshark trace, which encryption method is used for the tunnel (hint: look in the ‘Server Hello’ response):
+
+By examining the Wireshark trace, which hashing method is used for the tunnel (hint: look in the ‘Server Hello’ response):
+
+By examining the Wireshark trace, what is the length of the encryption key (hint: look in the ‘Server Hello’ response):
+
+Using Firefox, and examining the connection details from the site (click on green padlock), can you verify the TLS version, the symmetric key encryption method, the handshaking method and the hashing method used within the tunnel? A sample is shown below.
+
+
+
+
+
+### B.2 Run Wireshark and capture traffic from your main network connection. Start a Web browser and go to https://twitter.com.
+
+Stop Wireshark and identify some of your connection details:
+
+Your IP address and TCP port:
+
+Twitter’s Web server IP address and TCP port:
+
+Which SSL/TLS version is used:
+
+By examining the Wireshark trace, which encryption method is used for the tunnel:
+
+By examining the Wireshark trace, which hash method is used for the tunnel:
+
+By examining the Wireshark trace, what is the length of the encryption key:
+
+
+Using Firefox, and examining the connection details from the site (click on green padlock), can you verify the TLS version, the symmetric key encryption method, the handshaking method and the hashing method used within the tunnel?
+
+
+
+## C OpenSSL
+
+### C.1
+On your VM instance (or your desktop), make a connection to the www.live.com Web site:
+
+openssl s_client -connect www.live.com:443
+
+
+Which SSL/TLS method has been used:
+
+Which method is used on the encryption key on the certificate, and what is the size of the public key?
+
+
+Which is the handshaking method that has been used to create the encryption key?
+
+
+Which TLS version is used for the tunnel?
+
+
+Which symmetric encryption method is used for the tunnel:
+
+
+Which hashing method is used for the tunnel:
+
+
+What is the length of the symmetric encryption key:
+
+
+Who has signed the certificate:
+
+
+
+
+
+
+
+## D Examining traces
+
+### D.1 Download the following file, and examine the trace with Wireshark:
+
+http://asecuritysite.com/log/ssl.zip
+
+Client IP address and TCP port:
+
+Web server IP address and TCP port:
+
+Determine one of the symmetric key encryption methods, the key exchange, and the hashing methods that the client wants to use (Hint: look at the ‘Client Hello’ packet)”
+
+
+Which SSL/TLS method has been used:
+
+Which encryption method is used for the tunnel:
+
+Which hashing method is used for the tunnel:
+
+What is the length of the encryption key:
+
+### D.2 Download the following file, and examine the trace with Wireshark:
+
+http://asecuritysite.com/log/https.zip
+ Client IP address and TCP port:
+
+Web server IP address and TCP port:
+
+Which SSL/TLS method has been used:
+
+Which encryption method is used for the tunnel:
+
+Which hashing method is used for the tunnel:
+
+What is the length of the encryption key:
+
+### D.3 Download the following file, and examine the trace with Wireshark:
+
+http://asecuritysite.com/log/heart.zip
+
+Client IP address and TCP port:
+
+Web server IP address and TCP port:
+
+Which SSL/TLS method has been used:
+
+Which encryption method is used for the tunnel:
+
+Which hashing method is used for the tunnel:
+
+
+What is the length of the encryption key:
+
+
+### D.4 Download the following file, and examine the trace with Wireshark:
+
+http://asecuritysite.com/log/ipsec.zip
+
+Which is the IP address of the client and of the server:
+
+
+Which packet number identifies the start of the VPN connection (Hint: look for UDP Port 500):
+
+
+
+Determine one of the encryption and the hashing methods that the client wants to use:
+
+
+
+Now determine the encryption and hashing methods that are agreed in the ISAKMP:
+
+
+Download the following file, and examine the trace with Wireshark:
+
+http://asecuritysite.com/log/tor.zip
+
+Which TCP port does the client use to send to?
+
+What is the IP address of the Tor node that the client connects to?
+
+What is strange about the packet size?
+
+Is SSL/TLS used for the connection?
+
+Can you trace any content in the conversation?
+
+Can you determine the Web site that is being connected to?
+
+
+## E TLS Connection
+### E.1
+We will now create our own SSL/TLS server and client in Python. First, we need to generate a certificate for our server:
+
+
+Next we will create a server which will listen on Port 444 (as 443 is likely to be used already for HTTPs), and support two cipher suites ('AES256+ECDH:AES256+EDH'):
+
+
+```python
+import socket, ssl
+
+context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+context.load_cert_chain(certfile="mycert.pem")
+
+def handle(conn):
+ conn.write(b'GET / HTTP/1.1\n')
+ print(conn.recv().decode())
+
+while True:
+ sock = socket.socket()
+ sock.bind(('', 444))
+ sock.listen(5)
+ context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ context.load_cert_chain(certfile="mycert.pem")
+ context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 # optional
+ context.set_ciphers('AES256+ECDH:AES256+EDH')
+ while True:
+ conn = None
+ ssock, addr = sock.accept()
+ try:
+ conn = context.wrap_socket(ssock, server_side=True)
+ handle(conn)
+ except ssl.SSLError as e:
+ print(e)
+ finally:
+ if conn:
+ conn.close()
+```
+
+Now we will create the client to connect on Port 444. As we have a self-signed certificate, we will disable the checking of the host and certificate (remember to change the IP address to the address of your local host):
+
+```python
+import socket, ssl
+
+HOST, PORT = '10.10.10.10', 444
+
+def handle(conn):
+ conn.write(b'GET / HTTP/1.1\n')
+ print(conn.recv().decode())
+
+def main():
+
+ sock = socket.socket(socket.AF_INET)
+
+ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+ context.check_hostname = False
+ context.verify_mode=ssl.CERT_NONE
+
+
+ context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+
+ conn = context.wrap_socket(sock, server_hostname=HOST)
+
+ try:
+ conn.connect((HOST, PORT))
+ handle(conn)
+ finally:
+ conn.close()
+
+if __name__ == '__main__':
+ main()
+```
+
+
+Now run Wireshark (sudo wireshark &), and capture from the Ethernet port (a sample run is show in in Figure 1). Now run the server, and then run the client. Stop Wireshark and determine:
+
+ The cipher suites sent from client to the server (‘Client Hello’):
+
+
+The cipher suite selected by the server (‘Server Hello’):
+
+
+If we change the code to:
+```python
+context.set_ciphers(‘HIGH’)
+```
+
+What are the cipher suites sent from server, and which cipher suite is selected by the client:
+
+
+
+
+
+Figure 1: Sample capture
+
+Now select your own cipher suits to accept. The possible settings are given next. You can use the “+” (to add), “-“ (to take away), and “!” (for not).
+
+Key exchange:
+
+* kRSA, aRSA, RSA. RSA Key exchange.
+* kDHE, kEDH, DH. Ephemeral DH key agreement.
+* DHE, EDH. Cipher suites using authenticated ephemeral DH key agreement.
+* kEECDH, kECDHE, ECDH. Cipher suites using ephemeral ECDH key agreement.
+* ECDHE, EECDH. Cipher suites using authenticated ephemeral ECDH key agreement.
+* aECDSA, ECDSA. Cipher suites with ECDSA authentication.
+
+Encryption:
+
+* AES128, AES256, AES, AESGCM, AESCCM, AESCCM8.
+* ARIA128, ARIA256, ARIA.
+* CAMELLIA128, CAMELLIA256, CAMELLIA.
+* CHACHA20.
+* 3DES, DES, RC4, RC2, IDEA.
+
+Hashing methods:
+
+• MD5, SHA1, SHA. SHA256, SHA384
+• aGOST, kGOST, GOST94, GOST89MAC.
+
+We can also use: HIGH (256-bit); MEDIUM (128-bit); LOW (56-bit or 64-bit).
+## G Secure services
+### G.1
+On your VM, determine your IP address with ipconfig, and then using nmap, show the running servers on the server:
+
+
+ifconfig
+nmap [ip]
+
+
+What are the servers that are running:
+
+
+
+Open a Web browser on your server, and open up the home page with:
+
+https://[ip]
+
+
+What is contained on the home page:
+
+
+### G.2
+Now to the /var/www/html folder and show that there is a file named index.html. Connect to the sftp service by determining your IP address () and use the command:
+
+
+sftp sftpuser@[ip]
+
+
+With this we run the normal FTP service, but integrate with the SSH service (and which runs on Port 22). Now run the following commands, and determine the output:
+
+
+pwd
+ls
+cd napier
+put index.html
+
+
+### G.3
+Now exit from sftp and try and locate the file you have copied. Go back to sftp, and now see if you can copy a file to the /home/napier folder.
+
+Now start wireshark (with sudo wireshark &), and capture your session. Now login into your local host with the ssh server:
+
+ssh napier@localhost
+
+
+
+What observations can you make on the creation of the secure connection:
+
+
+
+
+
+
+### G.4
+Now, let’s repeat the lab question from last week. Let’s enable HTTPs:
+
+ C \> openssl ec -in priv.pem -text -noout
+ read EC key
+ Private-Key (256 bit)
+ priv
+ 46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30
+ d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0
+ 49 5f
+ pub
+ 04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8
+ 74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc
+ 1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53
+ 38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e
+ b6 62 98 7a 9f
+ ASN1 OID secp256k1
+
+## Hands-on demos
+
+In the test, there is no need for any practical skills in setting up a Blockchain. If you are interested, though, the following provide some practical demos of using the Ethereum blockchain:
+
+* Introduction to Blockchain (Intro): [here](https://www.youtube.com/watch?v=Gl3Suylr-7E).
+* A "Hello World" application: [here](https://www.youtube.com/watch?v=6-RYefqkhjg).
+* Contracts and addresses: [here](https://www.youtube.com/watch?v=afIrT_h3vXk).
+
+## A few demos of some principles
+
+* Base58 (used in Bitcoins). [Base58](https://asecuritysite.com/encryption/base58).
+* Bitcoin keys. [Bitcoin keys](https://asecuritysite.com/encryption/Bitcoin).
+* Bitcoin details. [Bitcoin details](https://asecuritysite.com/encryption/bit).
+* Elliptic Curve (Keys). [Elliptic Curve (Keys)](https://asecuritysite.com/encryption/ecc). Elliptic Curve is a public key method. This page outline the generation of ECC keys in Bitcoin.
+* Blockchain work. Work. [Determine Blockchain work](https://asecuritysite.com/encryption/block).
diff --git a/unit08_blockchain/lab/README.md b/unit08_blockchain/lab/README.md
new file mode 100644
index 0000000..bd06958
--- /dev/null
+++ b/unit08_blockchain/lab/README.md
@@ -0,0 +1,559 @@
+
+
+# Lab 8: Blockchain and Cryptocurrencies
+
+At the end of this lab, remember to stop your Blockchain (Control-C from the console that is running Geth), and shut down your VM. You may also want to use “rm -r mynapier” in order to delete your blockchain.
+
+Aim: To provide a foundation in understanding in Bitcoin and Blockchain.
+
+## Activities
+### L1.1 Using blockchain.info:
+Find the details of the genesis block [here](https://www.blockchain.com/btc/block/0):
+
+* Date created:
+* Reward:
+* Number of transactions:
+* Size of block:
+* Which account received the mining reward for the genesis block (last four digits):
+* How many USD does the original miner have in the account they used for the first genesis record:
+* When did the genesis block creator stop trading?
+
+
+### L1.2 Using blockchain.info:
+
+Determine the following [here](https://www.blockchain.com/charts):
+
+* Total bitcoins in circulation:
+* Most recent hash block (last four hex digits):
+* Block reward per block:
+* Difficulty:
+* Average time between blocks:
+* Market capitalisation (USD):
+* 24 hr price (USD):
+* 24hr transactions (USD):
+* Hash rate:
+* Last successful miner:
+* Maximum block size:
+* Balance for 1GbVUSW5WJmRCpaCJ4hanUny77oDaWW4to:
+
+
+### L1.3
+Download and create the Python file defined on this page:
+
+https://asecuritysite.com/encryption/bit
+```Python
+# https://asecuritysite.com/encryption/bit
+# Bitcoin details
+
+import httplib2
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/latesthash")
+print "Latest hash: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/bcperblock")
+print "Block reward per block: ",float(content)/100000000.0
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/getblockcount")
+print "Longest block: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/getdifficulty")
+print "Difficulty: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/probability")
+print "Mining probability: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/interval")
+print "Average time between blocks (seconds): ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/eta")
+print "Time to next block (seconds): ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/marketcap")
+print "Market capitalisation (Million USD): ",float(content)/1000000
+
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/24hrprice")
+print "24hr price (USD): ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/24hrtransactioncount")
+print "24hr transactions: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/hashrate")
+print "Hash rate: ",content
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/addressbalance/1GbVUSW5WJmRCpaCJ4hanUny77oDaWW4to?confirmations=1")
+print "Account balance for 1Gb...4to (BTC): ",int(content)/100000000
+
+resp, content = httplib2.Http().request("https://blockchain.info/q/getreceivedbyaddress/1GbVUSW5WJmRCpaCJ4hanUny77oDaWW4to?confirmations=1")
+print "Received for 1Gb...4to (BTC): ",int(content)/100000000
+```
+
+Now run the Python file, and compare the results in L.1.2.
+
+Total bitcoins in circulation:
+
+Most recent hash block (last four hex digits):
+
+Block reward per block:
+
+Difficulty:
+
+Average time between blocks:
+
+Market capitalisation (USD):
+
+24 hr price (USD):
+
+24hr transactions (USD):
+
+Hash rate:
+
+Balance for 1GbVUSW5WJmRCpaCJ4hanUny77oDaWW4to:
+
+## Ethereum
+In this tutorial, we will run an Ethereum blockchain on your Ubuntu host:
+
+Demo: https://www.youtube.com/watch?v=Gl3Suylr-7E
+
+Outline: https://asecuritysite.com/subjects/chapter91
+
+
+On your Ubuntu computer, install Geth:
+
+
+We are going to create the blockchain in the mynapier folder. First create three new accounts:
+
+
+napier@napier-virtual-machine:~$ sudo geth --datadir=mynapier account new
+WARN [03-20|22:24:56.282] Sanitizing cache to Go's GC limits provided=1024 updated=666
+INFO [03-20|22:24:56.284] Maximum peer count ETH=25 LES=0 total=25
+Passphrase: Qwerty1
+Address: {39a18a459b2475925e3014679707e4970a6a836d}
+napier@napier-virtual-machine:~$ sudo geth --datadir=mynapier account new
+WARN [03-20|22:25:12.291] Sanitizing cache to Go's GC limits provided=1024 updated=666
+INFO [03-20|22:25:12.293] Maximum peer count ETH=25 LES=0 total=25
+Passphrase: Qwerty1
+Address: {3a5b61aeb069dc7df1b8f1b58e883118ea8bef3f}
+napier@napier-virtual-machine:~$ sudo geth --datadir=mynapier account new
+WARN [03-20|22:25:46.518] Sanitizing cache to Go's GC limits provided=1024 updated=666
+INFO [03-20|22:25:46.521] Maximum peer count ETH=25 LES=0 total=25
+Passphrase: Qwerty1
+Address: {a2cda8c68259cc314bd12b67873ce7380b3dc496}
+
+
+Open custom.json, and copy and paste the following details for your genesis block, but replace the hex IDs with the three accounts that you have created:
+
+We have now created wallets and the genesis block in the mynapier folder. Examine the mynapier folder.
+
+What are the contents of this folder:
+
+
+How are the keys stored:
+
+
+Note: You may have to use “chmod 777 mynapier” to allow access to the folder.
+
+Next we will start our blockchain:
+
+
+We can see we now have four account (three created from the genesis block, and which have some cryptocurrency, and a new one). Take a note of your new account ID (just first four hex characters):
+
+
+
+
+We can look at the initial balances in the accounts (use the hex values contained in the accounts). For the following, view of all the account balances (replace the hex IDs with the ones on your system):
+
+Next we can transfer some cryptocurrency from one account to another. For this, transfer Ether from the account with most funds into your newly created account, and then view the transaction:
+
+
+If we look at the blockchain we see there are two blocks have been created:
+
+> eth.blockNumber
+2
+
+
+What are the balances in the accounts:
+
+What are the balances on the accounts?
+
+How many blocks have been mined?
+
+
+## D Creating a contract
+
+Now let’s create a contract. First open up:
+
+http://remix.ethereum.org/
+
+and paste the following code:
+
+pragma solidity >0.4.0;
+contract test2{
+ uint a;
+ constructor () public {
+ a = 1;
+ }
+ function val() public returns(uint){
+ return a;
+ }
+}
+contract test3 is test2{
+ uint b = a++;
+ function show() public returns(uint){
+ return b;
+ }
+}
+
+
+We can compile the code (use the 0.5.0 compiler) and then click on Details, and get the Web3Deploy version (by clicking on Bytecode):
+
+
+
+A sample is:
+
+
+Create your Solidity program on Ubuntu (1.sol), and then compile it to a binary format:
+
+napier@napier-virtual-machine:~$ solc --bin 1.sol
+1.sol:4:4: Warning: Function state mutability can be restricted to pure
+ function sqrt(uint x) public view returns (uint y) {
+ ^ (Relevant source part starts here and spans across multiple lines).
+
+======= 1.sol:mymath =======
+Binary:
+608060405234801561001057600080fd5b5060de8061001f6000396000f3fe6080604052348015600f57600080fd5b506004361060285760003560e01c8063677342ce14602d575b600080fd5b605660048036036020811015604157600080fd5b8101908080359060200190929190505050606c565b6040518082815260200191505060405180910390f35b600080600260018401811515607d57fe5b0490508291505b8181101560ac578091506002818285811515609b57fe5b040181151560a557fe5b0490506084565b5091905056fea165627a7a723058207aa8e5d6d41b8fd664f343f3f2bb080b89ab85d06bd9ded50b8eb65a747362dd0029
+
+What can you observe from the code produced? How could you deploy this?
+
+
+Now compile with the ABI option. What information does the output give?
+
+
+How does this relate to the code your previously created from the Web site?
+
+
+
+
+## Commands
+
+
+
+
+What is the block and key size of XTEA?
+
+
+
+Can you add some code to measure the time taken for 1,000 encryptions?
+
+
+Can you estimate the number for encryption keys that could be tried per second on your system?
+
+
+If possible, run the code on another machine, and estimate the rate of encryption keys that can be used per second:
+
+
+
+### L3
+RC4 is a stream cipher created by Ron Rivest and has a variable key length. Run the following Python code and test it:
+
+```Python
+def KSA(key):
+ keylength = len(key)
+
+ S = range(256)
+
+ j = 0
+ for i in range(256):
+ j = (j + S[i] + key[i % keylength]) % 256
+ S[i], S[j] = S[j], S[i] # swap
+
+ return S
+
+
+def PRGA(S):
+ i = 0
+ j = 0
+ while True:
+ i = (i + 1) % 256
+ j = (j + S[i]) % 256
+ S[i], S[j] = S[j], S[i] # swap
+
+ K = S[(S[i] + S[j]) % 256]
+ yield K
+
+def RC4(key):
+ S = KSA(key)
+ return PRGA(S)
+
+def asctohex(string_in):
+ a=""
+ for x in string_in:
+ a = a + ("0"+((hex(ord(x)))[2:]))[-2:]
+ return(a)
+
+def convert_key(s):
+ return [ord(c) for c in s]
+
+key="0102030405"
+
+plaintext = 'Hello'
+
+if (len(sys.argv)>1):
+ plaintext=str(sys.argv[1])
+
+if (len(sys.argv)>2):
+ key=str(sys.argv[2])
+
+key = key.decode('hex')
+key = convert_key(key)
+
+keystream = RC4(key)
+print "Keystream: ",
+for i in range (0,15):
+ print hex(keystream.next()),
+print
+print "Cipher: ",
+keystream = RC4(key)
+
+for c in plaintext:
+ sys.stdout.write("%02X" % (ord(c) ^ keystream.next()))
+```
+Repl.it: https://repl.it/@billbuchanan/rc4tut
+
+Now go to https://tools.ietf.org/html/rfc6229 and test a few key generation values and see if you get the same key stream.
+
+Tests:
+
+Key: 0102030405 Key stream (first six bytes):
+
+Key: Key stream (first six bytes):
+
+Key: Key stream (first six bytes):
+
+Key: Key stream (first six bytes):
+
+How does the Python code produce a key stream length which matches the input data stream:
+
+
+Can you test the code by decrypting the cipher stream (note: you just use the same code, and do the same operation again)?
+
+
+RC4 uses an s-Box. Can you find a way to print out the S-box values for a key of “0102030405”?
+
+
+What are the main advantages of having a variable key size and having a stream cipher in light-weight cryptography?
+
+
+
+### L4
+The ELLI method can be used to identify an RFID tag.
+
+
+
+Can you run the following code and determine that it works (C and D should be the same)? Can you also explain how it works?
+
+
+
+```Python
+from os import urandom
+from eccsnacks.curve25519 import scalarmult, scalarmult_base
+import binascii
+
+lamb = urandom(32)
+a = scalarmult_base(lamb)
+
+eps = urandom(32)
+b = scalarmult_base(eps)
+
+c = scalarmult(eps, a)
+
+d = scalarmult(lamb, b)
+
+print "RFID private key: ",binascii.hexlify(eps)
+
+print "Reader private key: ",binascii.hexlify(lamb)
+
+print
+print "A value: ",binascii.hexlify(a)
+print "B value: ",binascii.hexlify(b)
+
+print "C value: ",binascii.hexlify(c)
+print "D value: ",binascii.hexlify(d)
+```
+Repl.it: https://repl.it/@billbuchanan/elli
+
+## 3 Zero-knowledge proof (ZKP)
+
+### L5
+With ZKP, Alice can prove that he still knows something to Bob, without revealing her secret. At the basis of many methods is the Fiat-Shamir method:
+
+
+Ref: https://asecuritysite.com/encryption/fiat
+
+Repl.it: https://repl.it/@billbuchanan/zktut2
+
+The following code implements some basic code for Fiat-Shamir, can you prove that for a number of values of x, that Alice will always be able to prove that she knows x.
+
+x: Proved: Y/N
+x: Proved: Y/N
+x: Proved: Y/N
+x: Proved: Y/N
+
+The value of n is a prime number. Now increase the value of n, and determine the effect that this has on the time taken to compute the proof:
+
+
+
+```Python
+import sys
+import random
+
+n=97
+
+g= 5
+
+x = random.randint(1,5)
+v = random.randint(n//2,n)
+c = random.randint(1,5)
+
+y= pow(g,x, n)
+
+t = pow(g,v,n)
+
+r = (v - c * x)
+
+print r
+if (r<0): r=-r
+
+Result = ( pow(g,r,n)) * (pow(y,c,n)) % n
+
+
+print 'x=',x
+print 'c=',c
+print 'v=',v
+print 'P=',n
+print 'G=',g
+print '======'
+print 't=',t
+print 'r=',Result
+if (t==Result):
+ print 'Alice has proven she knows x'
+else:
+ print 'Alice has not proven she knows x'
+```
+
+Repl.it: https://repl.it/@billbuchanan/zktut
+
+### L6
+We can now expand this method by creating a password, and then making this the secret. Copy and run the code here:
+
+https://asecuritysite.com/encryption/fiat2
+
+Repl.it: https://repl.it/@billbuchanan/zktut2
+
+Now test the code with different passwords?
+
+
+How does the password get converting into a form which can be used in the Fiat-Shamir method?
+
+
+
+### L1.7
+The Diffie-Hellman method can be used to perform a zero-knowledge proof implementation. Copy the code from the following link and verify that it works:
+
+https://asecuritysite.com/encryption/diffiez
+
+Repl.it: https://repl.it/@billbuchanan/diffiez
+
+
+
+
+
diff --git a/unit09_future/lab/diffiez.py b/unit09_future/lab/diffiez.py
new file mode 100644
index 0000000..21c32ff
--- /dev/null
+++ b/unit09_future/lab/diffiez.py
@@ -0,0 +1,102 @@
+# zkp-dh: Zero-knowledge proof generator and verifier for one party to show
+# to another that their Diffie-Hellman shared secret is correct.
+# See the Camenisch and Stadler paper for procedural specifics on ZKP
+# proof generation, such as knowledge of discrete logarithm.
+
+# Lining Wang, June 2014
+
+import random
+import hashlib
+import binascii
+import sys
+
+# DiffieHellman class enables construction of keys capable of performing
+# D-H exchanges, and interactive proof of knowledge
+class DiffieHellman:
+ P = 101
+ G = 51
+
+ def __init__(self,secret=0):
+ if (secret==0):
+ self.secret = random.randrange(1 << (self.G.bit_length() - 1), self.G - 1)
+ else:
+ self.secret = secret
+ self.public = pow(self.G, self.secret, self.P)
+
+ # get shared secret: (g^b)^a mod p
+ def get_shared_secret(self, remote_pub):
+ return pow(remote_pub, self.secret, self.P)
+
+ # Given the public key of B (remote_pub), shows that the shared secret
+ # between A and B was generated by A.
+ # Returns zero-knowledge proof of shared Diffie-Hellman secret between A & B.
+ def prove_shared_secret(self, remote_pub):
+ G = self.G; prover_pub = self.public; phi = self. P - 1;
+ secret = self.get_shared_secret(remote_pub)
+
+ # Random key in the group Z_q
+ randKey = DiffieHellman() # random secret
+ commit1 = randKey.public
+ commit2 = randKey.get_shared_secret(remote_pub)
+
+ # shift and hash
+ concat = str(G) + str(prover_pub) + str(remote_pub) + str(secret) + str(commit1) + str(commit2)
+ h = hashlib.md5()
+ h.update(concat.encode("utf-8"))
+ challenge = int(h.hexdigest(), 16)
+ product = (self.secret * challenge) % phi
+ response = (randKey.secret - product) % phi
+
+ return (secret, challenge, response)
+
+ # Verifies proof generated above. Verifier c is showing that
+ # shared secret between A and B was generated by A.
+ # returns 0 if if verification fails; returns shared secret otherwise
+ def verify_shared_secret(self, prover_pub, remote_pub, secret, challenge,
+ response):
+ P = self.P; G = self.G ; public = self.public
+
+ # g^r * (a's public key)^challenge
+ commit1 = (pow(G, response, P) * pow(public, challenge, P)) % P
+
+ # (b's public key)^response * (secret)^challenge
+ commit2 = (pow(remote_pub, response, P) * pow(secret, challenge, P)) % P
+
+ # Shift and hash
+ hasher = hashlib.md5()
+ concat = str(G) + str(prover_pub) + str(remote_pub) + str(secret) + str(commit1) + str(commit2)
+ hasher.update(concat.encode("utf-8"))
+ check = int(hasher.hexdigest(), 16)
+
+ if challenge == check:
+ return secret
+ else:
+ return 0
+
+x=3
+y=4
+
+
+a = DiffieHellman(x)
+b = DiffieHellman(y)
+
+print("G=",a.G)
+print("p=",a.P)
+print("x=",x)
+print("y=",y)
+print("\n============")
+
+print("a (pub,sec)=",a.public,a.secret)
+print("b (pub,sec)=",b.public,b.secret)
+shared=a.get_shared_secret(b.public)
+print("Shared=",shared)
+print("\nNow Bob will generate the secret, a challenge and a response")
+results = a.prove_shared_secret(b.public)
+print("(secret, challenge, response):",results)
+
+val=a.verify_shared_secret(a.public, b.public, results[0], results[1], results[2])
+print("\nAlice now checks")
+if (val==shared):
+ print("Bob has proven he knows x")
+else:
+ print("Bob has not proven that he knows x")
diff --git a/unit09_future/lab/diffiez.py.bak b/unit09_future/lab/diffiez.py.bak
new file mode 100644
index 0000000..6e2255a
--- /dev/null
+++ b/unit09_future/lab/diffiez.py.bak
@@ -0,0 +1,102 @@
+# zkp-dh: Zero-knowledge proof generator and verifier for one party to show
+# to another that their Diffie-Hellman shared secret is correct.
+# See the Camenisch and Stadler paper for procedural specifics on ZKP
+# proof generation, such as knowledge of discrete logarithm.
+
+# Lining Wang, June 2014
+
+import random
+import hashlib
+import binascii
+import sys
+
+# DiffieHellman class enables construction of keys capable of performing
+# D-H exchanges, and interactive proof of knowledge
+class DiffieHellman:
+ P = 101
+ G = 51
+
+ def __init__(self,secret=0):
+ if (secret==0):
+ self.secret = random.randrange(1 << (self.G.bit_length() - 1), self.G - 1)
+ else:
+ self.secret = secret
+ self.public = pow(self.G, self.secret, self.P)
+
+ # get shared secret: (g^b)^a mod p
+ def get_shared_secret(self, remote_pub):
+ return pow(remote_pub, self.secret, self.P)
+
+ # Given the public key of B (remote_pub), shows that the shared secret
+ # between A and B was generated by A.
+ # Returns zero-knowledge proof of shared Diffie-Hellman secret between A & B.
+ def prove_shared_secret(self, remote_pub):
+ G = self.G; prover_pub = self.public; phi = self. P - 1;
+ secret = self.get_shared_secret(remote_pub)
+
+ # Random key in the group Z_q
+ randKey = DiffieHellman() # random secret
+ commit1 = randKey.public
+ commit2 = randKey.get_shared_secret(remote_pub)
+
+ # shift and hash
+ concat = str(G) + str(prover_pub) + str(remote_pub) + str(secret) + str(commit1) + str(commit2)
+ h = hashlib.md5()
+ h.update(concat.encode("utf-8"))
+ challenge = int(h.hexdigest(), 16)
+ product = (self.secret * challenge) % phi
+ response = (randKey.secret - product) % phi
+
+ return (secret, challenge, response)
+
+ # Verifies proof generated above. Verifier c is showing that
+ # shared secret between A and B was generated by A.
+ # returns 0 if if verification fails; returns shared secret otherwise
+ def verify_shared_secret(self, prover_pub, remote_pub, secret, challenge,
+ response):
+ P = self.P; G = self.G ; public = self.public
+
+ # g^r * (a's public key)^challenge
+ commit1 = (pow(G, response, P) * pow(public, challenge, P)) % P
+
+ # (b's public key)^response * (secret)^challenge
+ commit2 = (pow(remote_pub, response, P) * pow(secret, challenge, P)) % P
+
+ # Shift and hash
+ hasher = hashlib.md5()
+ concat = str(G) + str(prover_pub) + str(remote_pub) + str(secret) + str(commit1) + str(commit2)
+ hasher.update(concat.encode("utf-8"))
+ check = int(hasher.hexdigest(), 16)
+
+ if challenge == check:
+ return secret
+ else:
+ return 0
+
+x=3
+y=4
+
+
+a = DiffieHellman(x)
+b = DiffieHellman(y)
+
+print "G=",a.G
+print "p=",a.P
+print "x=",x
+print "y=",y
+print "\n============"
+
+print "a (pub,sec)=",a.public,a.secret
+print "b (pub,sec)=",b.public,b.secret
+shared=a.get_shared_secret(b.public)
+print "Shared=",shared
+print "\nNow Bob will generate the secret, a challenge and a response"
+results = a.prove_shared_secret(b.public)
+print "(secret, challenge, response):",results
+
+val=a.verify_shared_secret(a.public, b.public, results[0], results[1], results[2])
+print "\nAlice now checks"
+if (val==shared):
+ print "Bob has proven he knows x"
+else:
+ print "Bob has not proven that he knows x"
diff --git a/unit09_future/lab/lab09.docx b/unit09_future/lab/lab09.docx
new file mode 100644
index 0000000..a7b3302
Binary files /dev/null and b/unit09_future/lab/lab09.docx differ
diff --git a/unit09_future/lab/lab09.pdf b/unit09_future/lab/lab09.pdf
new file mode 100644
index 0000000..b37da00
Binary files /dev/null and b/unit09_future/lab/lab09.pdf differ
diff --git a/unit09_future/lab/~$lab09.docx b/unit09_future/lab/~$lab09.docx
new file mode 100644
index 0000000..8528d3c
Binary files /dev/null and b/unit09_future/lab/~$lab09.docx differ
diff --git a/unit09_future/lecture/README.md b/unit09_future/lecture/README.md
new file mode 100644
index 0000000..84edbae
--- /dev/null
+++ b/unit09_future/lecture/README.md
@@ -0,0 +1,24 @@
+
+
+# Unit 9: Future Crypto
+
+The key concepts are:
+
+* Zero-knowledge proof (ZKP).
+* Homomophic encryption.
+* Tokenization.
+* Quantum-robust encryption.
+
+## What you should know at the end of unit?
+
+* Understand the usage of Light-weight cryptography.
+* Understand the usage of Zero-knowledge proofs.
+
+## Material
+
+* Week 9 Lecture (Video): [here](https://youtu.be/CKZjrCnUrAM).
+* Week 9 Lecture (Video Live): [here](https://www.youtube.com/watch?v=AWMGHAVh_nE).
+* Week 9 Lecture (PDF): [here](https://asecuritysite.com/public/unit09_next_gen.pdf).
+
+
+
diff --git a/unit09_future/lecture/unit09_next_gen.pdf b/unit09_future/lecture/unit09_next_gen.pdf
new file mode 100644
index 0000000..8281d59
Binary files /dev/null and b/unit09_future/lecture/unit09_next_gen.pdf differ
diff --git a/unit09_future/lecture/unit09_next_gen.pptx b/unit09_future/lecture/unit09_next_gen.pptx
new file mode 100644
index 0000000..1c6bc73
Binary files /dev/null and b/unit09_future/lecture/unit09_next_gen.pptx differ
diff --git a/unit09_future/src/a_01.py b/unit09_future/src/a_01.py
new file mode 100644
index 0000000..f84cefb
--- /dev/null
+++ b/unit09_future/src/a_01.py
@@ -0,0 +1,42 @@
+# Zero-knowledge Proof: Proving age with hash chains.
+# https://asecuritysite.com/encryption/age
+
+import hashlib;
+import passlib.hash;
+import sys;
+
+age_actual=19
+age_to_prove=18
+seed=b"12345667"
+
+proof = hashlib.md5(seed)
+encrypted_age = hashlib.md5(seed)
+
+for i in range(1,1+age_actual-age_to_prove):
+ proof = hashlib.md5(proof.digest())
+
+for i in range(1,age_actual+1):
+ encrypted_age = hashlib.md5(encrypted_age.digest())
+
+verfied_age=proof
+
+for i in range(0,age_to_prove):
+ verfied_age = hashlib.md5(verfied_age.digest())
+
+
+
+print "Peggy's Age:\t\t",age_actual
+print "Age to prove:\t\t",age_to_prove
+
+print "...."
+
+
+print "Proof:\t\t",proof.hexdigest()
+print "Encr Age:\t",encrypted_age.hexdigest()
+print "Verified Age:\t",verfied_age.hexdigest()
+
+if (encrypted_age.hexdigest()==verfied_age.hexdigest()):
+ print "You have proven your age ... please come in"
+else:
+ print "You have not proven you age!"
+
\ No newline at end of file
diff --git a/unit09_future/src/a_02.py b/unit09_future/src/a_02.py
new file mode 100644
index 0000000..19fd302
--- /dev/null
+++ b/unit09_future/src/a_02.py
@@ -0,0 +1,34 @@
+# Zero-knowledge proof (discrete logs).
+# https://asecuritysite.com/encryption/z
+
+import sys
+
+p=71
+g=13
+x=7
+r=8
+
+print 'p=',p
+print 'g=',g
+print 'x=',x
+print 'r=',r
+print '========'
+
+y= g**x % p
+
+print 'Y=',y
+
+C = g**r % p
+print 'C=',C
+
+print '========'
+val1=g**((x+r)%(p-1)) % p
+print 'g^(x+r)%(p-1) mod p=',val1
+
+val2=C*y %p
+print 'C.y mod P=',val2
+
+if (val1==val2):
+ print 'Well done ... have you proven that you know x'
+else:
+ print 'Not proven'
\ No newline at end of file
diff --git a/unit09_future/src/a_03.py b/unit09_future/src/a_03.py
new file mode 100644
index 0000000..7aa909d
--- /dev/null
+++ b/unit09_future/src/a_03.py
@@ -0,0 +1,37 @@
+import sys
+import random
+
+n=101
+g= 3
+
+ans=7
+
+x = 3
+y = 4
+
+E1= g**( (x+y) % (n-1)) % n
+
+E2= (g**x * g**y) % n
+
+E3 = g**(ans) % n
+
+print '======Agreed parameters============'
+print 'P=',n,'\t(Prime number)'
+print 'G=',g,'\t(Generator)'
+print 'x=',x,'\t(Value 1 - Alice first value)'
+print 'y=',y,'\t(value 2 - Alice second value)'
+print 'ans=',ans,'\t(Answer = x+y?)'
+
+print '======Encrypted values============'
+print 'g^x=',(g**x) % n
+print 'g^y=',(g**y) % n
+
+print '======zkSnark===================='
+print 'E1=',E1
+print 'E2=',E2
+print 'E3=',E3
+if (E2==E3):
+ print 'Alice has proven she knows the sum is ',ans
+else:
+ print 'Alice has proven she does not know the sum is ',ans
+
\ No newline at end of file
diff --git a/unit09_future/src/a_04.py b/unit09_future/src/a_04.py
new file mode 100644
index 0000000..59408d1
--- /dev/null
+++ b/unit09_future/src/a_04.py
@@ -0,0 +1,40 @@
+import sys
+import random
+
+n=101
+g= 3
+
+x=5
+
+a = 3
+b = 4
+
+# eqn = ax + b x^2
+
+
+E1= g**( a *x ) % n
+
+E2= g**(b*x*x) % n
+
+E3 = (E1 * E2) % n
+E4 = g**(a*x + b*x*x) % n
+
+
+
+print '======Agreed parameters============'
+print 'P=',n,'\t(Prime number)'
+print 'G=',g,'\t(Generator)'
+print 'a=',a
+print 'b=',b
+print 'x=',x,'\t(Eqn= ax + bx^2)'
+
+
+print '======zkSnark===================='
+
+print 'E3=',E3
+print 'E4=',E4
+
+if (E3==E4):
+ print 'Alice has computed the result'
+else:
+ print 'Alice has proven she does not know result'
\ No newline at end of file
diff --git a/unit09_future/src/a_05.py b/unit09_future/src/a_05.py
new file mode 100644
index 0000000..991b75a
--- /dev/null
+++ b/unit09_future/src/a_05.py
@@ -0,0 +1,32 @@
+import sys
+import random
+
+n=101
+
+g= 3
+
+x = random.randint(5,10)
+v = random.randint(100,150)
+c = random.randint(5,10)
+
+y= g**x % n
+
+t = g**v % n
+
+r = v - c * x
+
+Result = ( (g**r) * (y**c) ) % n
+
+
+print 'x=',x
+print 'c=',c
+print 'v=',v
+print 'P=',n
+print 'G=',g
+print '======'
+print 't=',t
+print 'r=',Result
+if (t==Result):
+ print 'Alice has proven she knows x'
+else:
+ print 'Alice has not proven she knows x'
\ No newline at end of file
diff --git a/unit09_future/src/a_06.py b/unit09_future/src/a_06.py
new file mode 100644
index 0000000..0ad5b80
--- /dev/null
+++ b/unit09_future/src/a_06.py
@@ -0,0 +1,26 @@
+n=101*23
+r=13
+
+s1=5
+s2=7
+s3=3
+
+a1=1
+a2=0
+a3=1
+
+print 'N=',n
+x = (r**2) % n
+print 'x=',x
+print 's1=',s1,'s2=',s2,'s3=',s3
+print 'a1=',a1,'a2=',a2,'a3=',a3
+
+y = (r * ((s1**a1) * (s2**a2) * (s3**a3)) ) % n
+print 'Y=',y, ' y^2 mod n = ',(y**2 % n)
+
+v1=(s1**2) %n
+v2=(s2**2) %n
+v3=(s3**2) %n
+
+y2 = (x * ( (v1**a1) * (v2**a2) * (v3**a3)) ) % n
+print 'Y=',(y**2) %n
\ No newline at end of file
diff --git a/unit09_future/src/a_07.py b/unit09_future/src/a_07.py
new file mode 100644
index 0000000..4a72f39
--- /dev/null
+++ b/unit09_future/src/a_07.py
@@ -0,0 +1,55 @@
+import random
+
+p=59
+g=13
+x=11
+v=9
+
+
+def string2numeric_hash(text):
+ import hashlib
+ return int(hashlib.md5(text).hexdigest()[:8], 16)
+
+if (len(sys.argv)>1):
+ g=int(sys.argv[1])
+
+if (len(sys.argv)>2):
+ x=int(sys.argv[2])
+
+v= random.randint(3, 8)
+
+print 'g=',g
+print 'x=',x, ' (the secret)'
+print 'v=',v, ' (random)'
+print '=====Alice computes========='
+
+import hashlib
+
+y= g**x
+t= g**v
+
+print 't=',t
+
+print 'y=',y
+
+c = string2numeric_hash(str(g)+str(y)+str(t))
+c =c % p
+
+print 'c=',c
+
+r= v -c*x
+
+print '=============='
+
+print 'Alice sends (t,r)=(',str(t),',',(r),')'
+
+t1 = (g**r)
+t2= (y**c)
+
+val=int(t1*t2)
+print 'My calc for g^r x y^c=',val
+
+if (val==t):
+ print "Alice has proven her ID"
+else:
+ print "You are a fraud"
\ No newline at end of file
diff --git a/unit09_future/src/a_08.py b/unit09_future/src/a_08.py
new file mode 100644
index 0000000..4a72f39
--- /dev/null
+++ b/unit09_future/src/a_08.py
@@ -0,0 +1,55 @@
+import random
+
+p=59
+g=13
+x=11
+v=9
+
+
+def string2numeric_hash(text):
+ import hashlib
+ return int(hashlib.md5(text).hexdigest()[:8], 16)
+
+if (len(sys.argv)>1):
+ g=int(sys.argv[1])
+
+if (len(sys.argv)>2):
+ x=int(sys.argv[2])
+
+v= random.randint(3, 8)
+
+print 'g=',g
+print 'x=',x, ' (the secret)'
+print 'v=',v, ' (random)'
+print '=====Alice computes========='
+
+import hashlib
+
+y= g**x
+t= g**v
+
+print 't=',t
+
+print 'y=',y
+
+c = string2numeric_hash(str(g)+str(y)+str(t))
+c =c % p
+
+print 'c=',c
+
+r= v -c*x
+
+print '=============='
+
+print 'Alice sends (t,r)=(',str(t),',',(r),')'
+
+t1 = (g**r)
+t2= (y**c)
+
+val=int(t1*t2)
+print 'My calc for g^r x y^c=',val
+
+if (val==t):
+ print "Alice has proven her ID"
+else:
+ print "You are a fraud"
\ No newline at end of file
diff --git a/unit09_future/src/a_09.py b/unit09_future/src/a_09.py
new file mode 100644
index 0000000..17e5892
--- /dev/null
+++ b/unit09_future/src/a_09.py
@@ -0,0 +1,40 @@
+import sys
+import uuid
+import hashlib
+import random
+
+def hash_password(password):
+ salt = uuid.uuid4().hex
+ return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
+def check_password(hashed_password, user_password):
+ password, salt = hashed_password.split(':')
+ return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
+bob=random.randint(1, 1000)
+hash_bob = hash_password(str(bob))
+alice=random.randint(1, 1000)
+hash_alice = hash_password(str(alice))
+print '\n===Bob random and hash=====\n'
+print 'Bob random=',bob
+print 'Bob hash=',hash_bob
+print '\n===Alice random and hash=====\n'
+print 'Alice random=',alice
+print 'Alice hash=',hash_alice
+coin=(bob & 0x1) ^ (alice & 0x1)
+if (coin==0):
+ print 'Heads ',
+else:
+ print 'Tails ',
+print '\n====Checking the flips ====\n'
+print 'Alice checks value with salt: ',check_password(hash_bob,str(bob))
+print 'Bob checks value with salt: ',check_password(hash_alice,str(alice))
+print '\n====10 random flips====\n'
+for i in range(1,10):
+ bob=random.randint(1, 1000)
+ hash_bob = hash_password(str(bob))
+ alice=random.randint(1, 1000)
+ hash_alice = hash_password(str(alice))
+ coin=(bob & 0x1) ^ (alice & 0x1)
+ if (coin==0):
+ print 'Heads ',
+ else:
+ print 'Tails ',
\ No newline at end of file
diff --git a/unit09_future/src/a_10.py b/unit09_future/src/a_10.py
new file mode 100644
index 0000000..0cf098f
--- /dev/null
+++ b/unit09_future/src/a_10.py
@@ -0,0 +1,37 @@
+from phe import paillier
+import sys
+vote1=100
+vote2=200
+
+def num(s):
+ try:
+ return int(s)
+ except ValueError:
+ return float(s)
+
+if (len(sys.argv)>1):
+ vote1=num(sys.argv[1])
+
+if (len(sys.argv)>2):
+ vote2=num(sys.argv[2])
+
+public_key, private_key = paillier.generate_paillier_keypair()
+
+keyring = paillier.PaillierPrivateKeyring()
+
+keyring.add(private_key)
+
+public_key1, private_key1 = paillier.generate_paillier_keypair(keyring)
+
+
+print 'Votes 1=',vote1
+print 'Votes 2=',vote2
+
+encrypted1= public_key.encrypt(vote1)
+print 'Encrypted1=',encrypted1
+
+encrypted2= public_key.encrypt(vote2)
+
+print 'Encrypted2=',encrypted2
+
+print 'Result =',private_key.decrypt(encrypted1+encrypted2)
diff --git a/unit09_future/src/a_11.py b/unit09_future/src/a_11.py
new file mode 100644
index 0000000..0cf098f
--- /dev/null
+++ b/unit09_future/src/a_11.py
@@ -0,0 +1,37 @@
+from phe import paillier
+import sys
+vote1=100
+vote2=200
+
+def num(s):
+ try:
+ return int(s)
+ except ValueError:
+ return float(s)
+
+if (len(sys.argv)>1):
+ vote1=num(sys.argv[1])
+
+if (len(sys.argv)>2):
+ vote2=num(sys.argv[2])
+
+public_key, private_key = paillier.generate_paillier_keypair()
+
+keyring = paillier.PaillierPrivateKeyring()
+
+keyring.add(private_key)
+
+public_key1, private_key1 = paillier.generate_paillier_keypair(keyring)
+
+
+print 'Votes 1=',vote1
+print 'Votes 2=',vote2
+
+encrypted1= public_key.encrypt(vote1)
+print 'Encrypted1=',encrypted1
+
+encrypted2= public_key.encrypt(vote2)
+
+print 'Encrypted2=',encrypted2
+
+print 'Result =',private_key.decrypt(encrypted1+encrypted2)
diff --git a/unit09_future/src/a_12.py b/unit09_future/src/a_12.py
new file mode 100644
index 0000000..ba03304
--- /dev/null
+++ b/unit09_future/src/a_12.py
@@ -0,0 +1,77 @@
+from cryptography.fernet import Fernet
+import sys
+import binascii
+
+operator = "a & b"
+x=0
+y=0
+
+operator=operator.replace('or','|')
+operator=operator.replace('and','&')
+operator=operator.replace('xor','^')
+operator=operator.replace('not','~')
+
+print "---Input parameters---"
+print "Operation:",operator
+print "Input:",x,y
+
+keyX_0 = Fernet.generate_key()
+keyX_1 = Fernet.generate_key()
+keyY_0 = Fernet.generate_key()
+keyY_1 = Fernet.generate_key()
+
+data =[]
+for a in range(0,2):
+ for b in range(0,2):
+ data.append(str(eval(operator) & 0x01))
+print "Outputs of function:",data
+
+print "\n---Keys generated---"
+
+print "KeyX_0 (first 20 characters):"+binascii.hexlify(bytearray(keyX_0))[:20]
+print "KeyX_1 (first 20 characters):"+binascii.hexlify(bytearray(keyX_1))[:20]
+print "KeyY_0 (first 20 characters):"+binascii.hexlify(bytearray(keyY_0))[:20]
+print "KeyY_1 (first 20 characters):"+binascii.hexlify(bytearray(keyY_1))[:20]
+
+print "\n---Cipers send from Bob to Alice---"
+
+
+cipher_text00 = Fernet(keyY_0).encrypt(Fernet(keyX_0).encrypt(data[0]))
+cipher_text01 = Fernet(keyY_0).encrypt(Fernet(keyX_1).encrypt(data[1]))
+cipher_text10 = Fernet(keyY_1).encrypt(Fernet(keyX_0).encrypt(data[2]))
+cipher_text11 = Fernet(keyY_1).encrypt(Fernet(keyX_1).encrypt(data[3]))
+
+print "Cipher (first 20 chars): "+binascii.hexlify(bytearray(cipher_text00))[:40]
+print "Cipher (first 20 chars): "+binascii.hexlify(bytearray(cipher_text01))[:40]
+print "Cipher (first 20 chars): "+binascii.hexlify(bytearray(cipher_text10))[:40]
+print "Cipher (first 20 chars): "+binascii.hexlify(bytearray(cipher_text11))[:40]
+
+
+if (x==0): keyB = keyX_0
+if (x==1): keyB = keyX_1
+
+if (y==0): keyA = keyY_0
+if (y==1): keyA = keyY_1
+
+print "\n---Bob and Alice's key---"
+print "Bob's key: "+binascii.hexlify(bytearray(keyB))[:20]
+print "Alice's key: "+binascii.hexlify(bytearray(keyA))[:20]
+
+print "\n---Decrypt with keys (where '.' is an exception):"
+
+try:
+ print Fernet(keyB).decrypt(Fernet(keyA).decrypt(cipher_text00)),
+except:
+ print ".",
+try:
+ print Fernet(keyB).decrypt(Fernet(keyA).decrypt(cipher_text01)),
+except:
+ print ".",
+try:
+ print Fernet(keyB).decrypt(Fernet(keyA).decrypt(cipher_text10)),
+except:
+ print ".",
+try:
+ print Fernet(keyB).decrypt(Fernet(keyA).decrypt(cipher_text11)),
+except:
+ print ".",
diff --git a/unit09_future/src/a_13.py b/unit09_future/src/a_13.py
new file mode 100644
index 0000000..83cf270
--- /dev/null
+++ b/unit09_future/src/a_13.py
@@ -0,0 +1,48 @@
+import sys
+from random import randint
+
+J = 4
+I = 5
+
+e=79
+d=1019
+N=3337
+
+primes = [601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997]
+val=randint(0,len(primes))
+p=primes[val]
+
+U=randint(0,2000)
+
+C=(U**e) % N
+
+print 'Bob has',I,'millions'
+print 'Alice has',J,'millions'
+
+print '\ne=',e,'d=',d,'N=',N,'p=',p
+print '\nRandom Value U is:\t',U
+print 'C value is (U^e %N):\t',C
+
+val_for_alice = C - J + 1
+print "Alice shares this value (C-J-1):",val_for_alice
+
+Z=[]
+
+for x in range(0,10):
+ val = (((val_for_alice+x)**d) % N) % p
+ if (x>(I-1)):
+ Z.append(val+1)
+ else:
+ Z.append(val)
+
+G = U % p
+
+
+print "\nG value is",G
+print "Z values are:",
+for x in range(0,10):
+ print Z[x],
+
+print '\n\nAlice checks U(',U,') against the ',J,'th value (',Z[J-1],')'
+if (G==Z[J-1]): print "\nSame. Bob has more money or the same"
+else: print "\nDiffer. Alice has more money"
\ No newline at end of file
diff --git a/unit10_services/README.md b/unit10_services/README.md
new file mode 100644
index 0000000..0b5196a
--- /dev/null
+++ b/unit10_services/README.md
@@ -0,0 +1,34 @@
+
+
+# Investigation of Tokens, Authorization and Docker
+The key concepts are:
+
+* Token creation and usage, including JWT, Fernet, OAuth and ERC20.
+* Federated ID systems.
+* Outline of the usage of Docker for building security infrastructure for SSH and authorization.
+
+## What you should know at the end of unit?
+
+* Define how ERC-20 tokens are used within Ethereum.
+* Understand the scope of tokens and how they could be used for authorization.
+* Define the signing methods used in tokens, such as with HMAC and RSA, and the weakness of token which are not signed (OAuth)
+* Able to setup a simple Docker container which implements a security function.
+
+## Material
+
+* Week 10 Lecture (Video): [here](https://youtu.be/iddk9k_-shc).
+* Week 10 Lecture (PDF): [here](https://asecuritysite.com/public/unit09_host_services.pdf)
+* Week 10 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/blob/master/unit10_services/lab/unit10_tokens.pdf).
+
+## Related topics
+
+The following are some related presentations:
+
+* JSON Web Tokens: [here](https://asecuritysite.com/encryption/js_jwt).
+* Fernet Tokens: [here](https://asecuritysite.com/encryption/fernet).
+* Fernet Tokens (with PBKDF2): [here](https://asecuritysite.com/encryption/fernet2).
+* Fernet Tokens (with Key rotation): [here](https://asecuritysite.com/encryption/fernet3).
+* Fernet Tokens (Autokeying): [here](https://asecuritysite.com/encryption/fer).
+
+
+
diff --git a/unit10_services/lab/README.md b/unit10_services/lab/README.md
new file mode 100644
index 0000000..35d7cbf
--- /dev/null
+++ b/unit10_services/lab/README.md
@@ -0,0 +1,560 @@
+
+
+# Investigation of Tokens, Authorization and Docker
+
+To provide a foundation around the usage of tokens for authorization. We will use your Ubuntu instance for this work, and aim to provide an introduction to Docker. Make sure you have created your GitHub account, as we will use the account details later in the lab.
+
+## A JWT
+### A.1
+The JSON Web Token can be used to grant access rights. It is signed using a secret passphrase. Using node.js, create the following program (you need to use npm install jwt-simple):
+
+```Javascript
+var args = process.argv;
+var sec='fff';
+
+var pay="{ foo: \'bar\'}";
+
+//if (args.length>1) pay=args[2];
+//if (args.length>2) sec=args[3];
+
+console.log("Message:\t",pay)
+console.log("Passphrase:\t",sec)
+
+var jwt = require('jwt-simple');
+var payload = pay ;
+var secret = sec;
+
+
+// encode
+var token = jwt.encode(payload, secret);
+console.log("Token: ",token);
+// decode
+var decoded = jwt.decode(token, secret);
+console.log("Decoded: ",decoded);
+```
+
+**Repl.it:** https://repl.it/@billbuchanan/jwt
+
+### A.2
+Now try different messages, but keep the secret the same:
+
+How do the JSON Web Tokens change?
+
+
+If we now keep the message the same, but change the secret, how do the JSON Web Tokens change?
+
+
+There are different ways to encode the token (HS256, HS384, HS512 and RS256). We can add the encoding with:
+
+```Javascript
+jwt.encode(payload, secret, 'HS512')
+```
+
+What do HS256, HS364, HS512 and RS256 represent?
+
+
+
+What is the difference between creating the signature with HMAC and RSA?
+
+
+
+Try each of the hashing methods (HSXXX), and observe how the JWT changes:
+
+
+
+
+### A.3
+Now, match the following parameters to the correct signing secret. For the following the message is “{ isa: 14321}”, and the signing keys used are either "napier", "napier123", "qwerty" or "fox123":
+
+
+
+Can you read the message with the wrong passphrase?
+
+
+Can you determine the message?
+
+
+
+When was the token issued, and when was its expiry time?
+
+**Repl.it:** https://repl.it/@billbuchanan/jwt3
+
+### A.5
+The following JWT was signed with a three-character word [a-z]. Can you determine the secret phrase:
+
+
+Don't look here, if you don't one an answer just now:
+
+**Repl.it:** https://repl.it/@billbuchanan/jwt4
+
+### A.6
+The following JWT has a secret phrase of “napier”:
+
+
+Did you decode it?
+
+Now – one at a time – change one of the Base64 characters in the each of the fields (and which are separated by a ‘.’). What effect does it have on the ability to decode the token?
+
+**Repl.it:** https://repl.it/@billbuchanan/jwt5
+
+## B Fernet Tokens
+B.1 The Fernet token contains a timestamp, IV, cipher and HMAC signature. The cipher is generated by taking a password and the plaintext (Figure 1).
+
+
+
+Figure 1: Fernet token
+
+Enter the following program:
+```Python
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends import default_backend
+
+import sys
+import binascii
+import base64
+
+password="hello"
+val="hello world"
+
+
+def get_key(password):
+ digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
+ digest.update(password)
+ return base64.urlsafe_b64encode(digest.finalize())
+
+if (len(sys.argv)>1):
+ val=sys.argv[1]
+
+if (len(sys.argv)>2):
+ password=str(sys.argv[2])
+
+if (len(password)>1):
+ key = get_key(password)
+else:
+ key = Fernet.generate_key()
+
+
+print "Key: "+binascii.hexlify(bytearray(key))
+
+
+cipher_suite = Fernet(key)
+cipher_text = cipher_suite.encrypt(val)
+cipher=binascii.hexlify(bytearray(cipher_text))
+print "Cipher: "+cipher
+
+print "\nVersion:\t"+cipher[0:2]
+print "Time stamp:\t"+cipher[2:18]
+print "IV:\t\t"+cipher[18:50]
+print "HMAC:\t\t"+cipher[-64:]
+
+plain_text = cipher_suite.decrypt(cipher_text)
+print "\nPlain text: "+plain_text
+```
+
+For a message of “hello” and a password of “qwerty”, prove that you can decrypt the token.
+
+Can you decrypt the token?
+
+Generate several tokens, and outline the values which change on the token?
+
+**Repl.it** (Python 3.8): https://repl.it/@billbuchanan/fer01
+
+### B.2
+The following Fernet token uses a password of “napier”.
+
+
+Can you determine the message:
+
+**Repl.it:** https://repl.it/@billbuchanan/fer02 [Ans: 'help me!!!']
+
+## C OAuth 2.0
+OAuth 2.0 allows a user to gain an OAuth 2.0 token and then be granted rights onto other systems. One application is in federated ID login. In this case we will log into a system using a GitHub authorization. In this case GitHub will authorize our details, and redirect to a given page.
+
+### C.1
+First go to your GitHub account, and register your OAuth 2.0 application. Give it a name of (MyGit) and redirect to a Web site (such as https://asecuritysite.com). Figure 2 gives an overview of this. You will then generate a Client ID code and a Client Secret (Figure 3). Take a copy of these codes, as you will need it in the next part.
+
+### C.2
+We will now create a Flask program. In the following is an OAuth 2 method to create a federated ID login [1]. Enter the code:
+```Python
+from requests_oauthlib import OAuth2Session
+from flask import Flask, request, redirect, session, url_for
+from flask.json import jsonify
+import os
+
+app = Flask(__name__)
+
+
+# This information is obtained upon registration of a new GitHub OAuth
+# application here: https://github.com/settings/applications/new
+client_id = ""
+client_secret = ""
+authorization_base_url = 'https://github.com/login/oauth/authorize'
+token_url = 'https://github.com/login/oauth/access_token'
+
+
+@app.route("/")
+def demo():
+ """Step 1: User Authorization.
+
+ Redirect the user/resource owner to the OAuth provider (i.e. Github)
+ using an URL with a few key OAuth parameters.
+ """
+ github = OAuth2Session(client_id)
+ authorization_url, state = github.authorization_url(authorization_base_url)
+
+ # State is used to prevent CSRF, keep this for later.
+ session['oauth_state'] = state
+ return redirect(authorization_url)
+
+
+# Step 2: User authorization, this happens on the provider.
+
+@app.route("/callback", methods=["GET"])
+def callback():
+ """ Step 3: Retrieving an access token.
+
+ The user has been redirected back from the provider to your registered
+ callback URL. With this redirection comes an authorization code included
+ in the redirect URL. We will use that to obtain an access token.
+ """
+
+ github = OAuth2Session(client_id, state=session['oauth_state'])
+ token = github.fetch_token(token_url, client_secret=client_secret,
+ authorization_response=request.url)
+
+ # At this point you can fetch protected resources but lets save
+ # the token and show how this is done from a persisted token
+ # in /profile.
+ session['oauth_token'] = token
+
+ return redirect(url_for('.profile'))
+
+
+@app.route("/profile", methods=["GET"])
+def profile():
+ """Fetching a protected resource using an OAuth 2 token.
+ """
+ github = OAuth2Session(client_id, token=session['oauth_token'])
+ return jsonify(github.get('https://api.github.com/user').json())
+
+
+if __name__ == "__main__":
+ # This allows us to use a plain HTTP callback
+ os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
+
+ app.secret_key = os.urandom(24)
+ app.run(debug=True)
+```
+
+### C.3
+Now add your Client ID and Client secret to the code, and run it:
+
+napier@napier-virtual-machine:~/esecurity/unit10_services/src$ python c02.py
+ * Serving Flask app "c01" (lazy loading)
+ * Environment: production
+ WARNING: Do not use the development server in a production environment.
+ Use a production WSGI server instead.
+ * Debug mode: on
+ * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
+ * Restarting with stat
+ * Debugger is active!
+ * Debugger PIN: 118-069-597
+
+
+### C.4
+Now open up a browser, and connect to http://127.0.0.1. Next you should be faced with the GitHub login (Figure 4).
+
+Are you able to login? What happened?
+
+
+Quit from the browser, and now go back to http://127.0.0.1:500. What happens?
+
+
+Now, clear the cache of the browser, and go back to http://127.0.0.1:500. What happens?
+
+
+
+
+
+
+Figure 2: Registering an OAuth application
+
+
+
+Figure 3: Generating Client ID and Client Secret
+
+
+
+Figure 4: GitHub authorization
+
+## D Introduction to Docker
+### D.1
+Docker is used to create a light-weight infrastructure for services. First we will install some of the pre-requisites:
+
+
+We can view the images that we have created with the “docker image ls” command:
+
+napier@napier-virtual-machine:~/Docker_sshd$ docker image ls
+REPOSITORY TAG IMAGE ID CREATED SIZE
+docker_sshd latest e90cde8a95d3 4 minutes ago 196MB
+friendlyhello latest 290382d66d7b 19 minutes ago 131MB
+python 2.7-slim 48e3247f2a19 5 days ago 120MB
+ethereum/solc stable 1b65904c442c 2 weeks ago 6.48MB
+hello-world latest fce289e99eb9 3 months ago 1.84kB
+ubuntu 16.04 b0ef3016420a 3 months ago
+
+
+Which instances are installed?
+
+
+
+Now log into your SSH server, and use the password defined in the Dockerfile. Create a new folder on your SSH server, and then create a file and add something to it:
+
+napier@napier-virtual-machine:~/Docker_sshd$ docker run -d -P --name test_sshd docker_sshd
+2e1ee60deb3f44f2c4a6af5ebd0e32f9882ba4e03042f0eb30285f74e49ced39
+napier@napier-virtual-machine:~/Docker_sshd$ docker port test_sshd 22
+0.0.0.0:32769
+napier@napier-virtual-machine:~/Docker_sshd$ ssh root@localhost -p 32769
+The authenticity of host '[localhost]:32769 ([127.0.0.1]:32769)' can't be established.
+ECDSA key fingerprint is SHA256:WvbGw6gNNJzLksG87PWQ3yg+YvHBQc9PLFJl3wPOWnM.
+Are you sure you want to continue connecting (yes/no)? yes
+Warning: Permanently added '[localhost]:32769' (ECDSA) to the list of known hosts.
+root@localhost's password:
+Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-142-generic x86_64)
+
+ * Documentation: https://help.ubuntu.com
+ * Management: https://landscape.canonical.com
+ * Support: https://ubuntu.com/advantage
+
+The programs included with the Ubuntu system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
+applicable law.
+
+root@2e1ee60deb3f:~# ls
+root@2e1ee60deb3f:~# mkdir test
+root@2e1ee60deb3f:~#
+
+
+There are many options we can use with docker run:
+
+--rm Remove container when it exits.
+-d Runs docker container in the background so there is no output (also --detach)
+--ip 10.10.10.10 Assign an IP address of 10.10.10.10.
+-p 22:3000 Map port 22 to port 3000 (also --publish).
+--name my_c Give the container a unique name.
+
+
+Now list the running containers:
+
+napier@napier-virtual-machine:~/docker_sshd$ docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+f0e1674e5c7a docker_sshd "/usr/sbin/sshd -D" 3 minutes ago Up 3 minutes 0.0.0.0:32770->22/tcp test_sshd
+
+
+What information can you gain about your container from this listing?
+
+
+
+
+
+
+
+What was the port number that we used to log into the SSH server?
+
+By running “netstat” can you see the running port?
+
+
+
+
+Now we will stop the container, and then remove it:
+
+
+
+Can you prove that the container does not exist?
+
+Can you prove that the image does not exist?
+
+## E Docker Setup for yml
+
+## E.1
+With Docker we can define a .yml file in order to create our instance. In the example we will use the code at [2] in order to setup OPA (Open Policy Authorization) for Web access rights. First create a folder named “docker_opa”, and then create a file named “docker-compose.yml” in this folder. The contents will be:
+```YAML
+version: '2'
+services:
+ opa:
+ image: openpolicyagent/opa:0.10.5
+ ports:
+ - 8181:8181
+ # WARNING: OPA is NOT running with an authorization policy configured. This
+ # means that clients can read and write policies in OPA. If you are
+ # deploying OPA in an insecure environment, be sure to configure
+ # authentication and authorization on the daemon. See the Security page for
+ # details: https://www.openpolicyagent.org/docs/security.html.
+ command:
+ - "run"
+ - "--server"
+ - "--log-level=debug"
+ api_server:
+ image: openpolicyagent/demo-restful-api:0.2
+ ports:
+ - 5000:5000
+ environment:
+ - OPA_ADDR=http://opa:8181
+ - POLICY_PATH=/v1/data/httpapi/authz
+```
+
+Next create the policy in the file “example.rego” (and which uses the Rego policy language), and add the following:
+```Rego
+package httpapi.authz
+
+# bob is alice's manager, and betty is charlie's.
+subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]}
+
+# HTTP API request
+import input
+
+default allow = false
+
+# Allow users to get their own salaries.
+allow {
+ input.method = "GET"
+ input.path = ["finance", "salary", username]
+ input.user = username
+}
+
+# Allow managers to get their subordinates' salaries.
+allow {
+ input.method = "GET"
+ input.path = ["finance", "salary", username]
+ subordinates[input.user][_] = username
+}
+```
+
+Now run docker-compose to run the Docker container:
+
+napier@napier-virtual-machine:~$ docker-compose -f docker-compose.yml up
+
+In another terminal, we can then update a policy on the container with:
+
+napier@napier-virtual-machine:~$ curl -X PUT --data-binary @example.rego localhost:8181/v1/policies/example
+
+Now check the policies:
+
+napier@napier-virtual-machine:~$ curl --user alice:password localhost:5000/finance/salary/alice
+Success: user alice is authorized
+napier@napier-virtual-machine:~$ curl --user bob:password localhost:5000/finance/salary/alice
+Success: user bob is authorized
+napier@napier-virtual-machine:~$ curl --user bob:password localhost:5000/finance/salary/charlie
+Error: user bob is not authorized to GET url /finance/salary/Charlie
+
+Can you explain the operation of the policy, and, in this case, that Alice is authorized, but Bob is not?
+
+
+
+Can you stop your container, and then run it on Port 8181?
+
+## References
+[1] https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html#real-example
+
+[2] https://www.openpolicyagent.org/docs/http-api-authorization.html
+
+
+
+
+
+
diff --git a/unit10_services/lab/figs/fer01.png b/unit10_services/lab/figs/fer01.png
new file mode 100644
index 0000000..20aa9f9
Binary files /dev/null and b/unit10_services/lab/figs/fer01.png differ
diff --git a/unit10_services/lab/figs/fig2.png b/unit10_services/lab/figs/fig2.png
new file mode 100644
index 0000000..33c31ec
Binary files /dev/null and b/unit10_services/lab/figs/fig2.png differ
diff --git a/unit10_services/lab/figs/fig3.png b/unit10_services/lab/figs/fig3.png
new file mode 100644
index 0000000..46900d0
Binary files /dev/null and b/unit10_services/lab/figs/fig3.png differ
diff --git a/unit10_services/lab/figs/fig4.png b/unit10_services/lab/figs/fig4.png
new file mode 100644
index 0000000..fbadd86
Binary files /dev/null and b/unit10_services/lab/figs/fig4.png differ
diff --git a/unit10_services/lab/unit10_tokens.docx b/unit10_services/lab/unit10_tokens.docx
new file mode 100644
index 0000000..baf77b8
Binary files /dev/null and b/unit10_services/lab/unit10_tokens.docx differ
diff --git a/unit10_services/lab/unit10_tokens.pdf b/unit10_services/lab/unit10_tokens.pdf
new file mode 100644
index 0000000..ac02d01
Binary files /dev/null and b/unit10_services/lab/unit10_tokens.pdf differ
diff --git a/unit10_services/lab/~$it10_tokens.docx b/unit10_services/lab/~$it10_tokens.docx
new file mode 100644
index 0000000..1828dc7
Binary files /dev/null and b/unit10_services/lab/~$it10_tokens.docx differ
diff --git a/unit10_services/lecture/unit09_host_services.key b/unit10_services/lecture/unit09_host_services.key
new file mode 100755
index 0000000..b75e945
Binary files /dev/null and b/unit10_services/lecture/unit09_host_services.key differ
diff --git a/unit10_services/lecture/unit09_host_services.pdf b/unit10_services/lecture/unit09_host_services.pdf
new file mode 100644
index 0000000..e6339ea
Binary files /dev/null and b/unit10_services/lecture/unit09_host_services.pdf differ
diff --git a/unit10_services/lecture/unit09_host_services.pptx b/unit10_services/lecture/unit09_host_services.pptx
new file mode 100644
index 0000000..499bda0
Binary files /dev/null and b/unit10_services/lecture/unit09_host_services.pptx differ
diff --git a/unit10_services/src/a01.js b/unit10_services/src/a01.js
new file mode 100644
index 0000000..6af9acb
--- /dev/null
+++ b/unit10_services/src/a01.js
@@ -0,0 +1,23 @@
+var args = process.argv;
+var sec='fff';
+
+var pay="{ foo: \'bar\'}";
+
+if (args.length>1) pay=args[2];
+if (args.length>2) sec=args[3];
+
+console.log("Message:\t",pay)
+console.log("Passphrase:\t",sec)
+
+var jwt = require('jwt-simple');
+var payload = pay ;
+var secret = sec;
+
+
+// encode
+var token = jwt.encode(payload, secret);
+console.log("Token: ",token);
+// decode
+var decoded = jwt.decode(token, secret);
+console.log("Decoded: ",decoded);
+
diff --git a/unit10_services/src/a03.jwt b/unit10_services/src/a03.jwt
new file mode 100644
index 0000000..ed86467
--- /dev/null
+++ b/unit10_services/src/a03.jwt
@@ -0,0 +1,6 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.InsgaXNhOiAxNDMyMX0i.czeOHowkTpZQqG5pZneOlnpdBGMCnTLXaPImNmSr9w
+
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.InsgaXNhOiAxNDMyMX0i.WWR2-Wxw0Nm0Expix600cOltjnjhC7hCjOmHH2cPpJ4
+
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.InsgaXNhOiAxNDMyMX0i.uSXNmESTf_NUk0QC8IJyPfsm_QMu00UP6eIvOA3Dag4
+
diff --git a/unit10_services/src/a04.jwt b/unit10_services/src/a04.jwt
new file mode 100644
index 0000000..0e9e2f8
--- /dev/null
+++ b/unit10_services/src/a04.jwt
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.IntcImlzc1wiOiBcImZyZWRcIixcInN1YmplY3RcIjpcImxvZ2luXCIsXCJkZXBhcnRtZW50XCI6IFwic2FsZXNcIixcImlhdFwiOiBcIjE1MjUxOTMzNzdcIixcImV4cFwiOiBcIjE1MjUyMzY1NzdcIn0i.4QpsBQ5HDbAjzv3EaMp0UQdCG-MnEanW7g8q9AUvOLU
diff --git a/unit10_services/src/a05.jwt b/unit10_services/src/a05.jwt
new file mode 100644
index 0000000..e3879a3
--- /dev/null
+++ b/unit10_services/src/a05.jwt
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.IntcImlzc1wiOiBcImZyZWRcIixcInN1YmplY3RcIjpcImxvZ2luXCIsXCJkZXBhcnRtZW50XCI6IFwic2FsZXNcIixcImlhdFwiOiBcIjE1MjUxOTMzNzdcIixcImV4cFwiOiBcIjE1MjUyMzY1NzdcIn0i.zyd0cy8p4xgpeoyOQ8G61xnA5Cmg5w095tNH9IWg9Wc
diff --git a/unit10_services/src/a06.jwt b/unit10_services/src/a06.jwt
new file mode 100644
index 0000000..1607c8a
--- /dev/null
+++ b/unit10_services/src/a06.jwt
@@ -0,0 +1,2 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.IntcImlzc1wiOiBcImZyZWRcIixcInN1YmplY3RcIjpcImxvZ2luXCIsXCJkZXBhcnRtZW50XCI6IFwic2FsZXNcIixcImlhdFwiOiBcIjE1MjUxOTMzNzdcIixcImV4cFwiOiBcIjE1MjUyMzY1NzdcIn0i.G-cLzbqrTb_daMusbJTEEi_p-1cGC9_Q2ONtGGXe65Q
+
diff --git a/unit10_services/src/b02.py b/unit10_services/src/b02.py
new file mode 100644
index 0000000..2c3fb09
--- /dev/null
+++ b/unit10_services/src/b02.py
@@ -0,0 +1,45 @@
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends import default_backend
+
+import sys
+import binascii
+import base64
+
+password="hello"
+val="hello world"
+
+
+def get_key(password):
+ digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
+ digest.update(password)
+ return base64.urlsafe_b64encode(digest.finalize())
+
+if (len(sys.argv)>1):
+ val=sys.argv[1]
+
+if (len(sys.argv)>2):
+ password=str(sys.argv[2])
+
+if (len(password)>1):
+ key = get_key(password)
+else:
+ key = Fernet.generate_key()
+
+
+print "Key: "+binascii.hexlify(bytearray(key))
+
+
+cipher_suite = Fernet(key)
+cipher_text = cipher_suite.encrypt(val)
+cipher=binascii.hexlify(bytearray(cipher_text))
+print "Cipher: "+cipher
+
+print "\nVersion:\t"+cipher[0:2]
+print "Time stamp:\t"+cipher[2:18]
+print "IV:\t\t"+cipher[18:50]
+print "HMAC:\t\t"+cipher[-64:]
+
+plain_text = cipher_suite.decrypt(cipher_text)
+print "\nPlain text: "+plain_text
+
diff --git a/unit10_services/src/b02.txt b/unit10_services/src/b02.txt
new file mode 100644
index 0000000..d1ef53e
--- /dev/null
+++ b/unit10_services/src/b02.txt
@@ -0,0 +1,7 @@
+Cipher: 6741414141414263706c6c645f707a5f2d6158394c3173623566354d366a6a636d575f5436307a737233764d5446484c634f622d6150794447486d55416a7839685a47496a477870367830455066657344725f376b676457584d38565747586e41773d3d
+
+Version: 67
+Time stamp: 4141414141426370
+IV: 6c6c645f707a5f2d6158394c31736235
+HMAC: 6a477870367830455066657344725f376b676457584d38565747586e41773d3d
+
diff --git a/unit10_services/src/c02.py b/unit10_services/src/c02.py
new file mode 100644
index 0000000..8400d97
--- /dev/null
+++ b/unit10_services/src/c02.py
@@ -0,0 +1,69 @@
+from requests_oauthlib import OAuth2Session
+from flask import Flask, request, redirect, session, url_for
+from flask.json import jsonify
+import os
+
+app = Flask(__name__)
+
+
+# This information is obtained upon registration of a new GitHub OAuth
+# application here: https://github.com/settings/applications/new
+client_id = ""
+client_secret = ""
+authorization_base_url = 'https://github.com/login/oauth/authorize'
+token_url = 'https://github.com/login/oauth/access_token'
+
+
+@app.route("/")
+def demo():
+ """Step 1: User Authorization.
+
+ Redirect the user/resource owner to the OAuth provider (i.e. Github)
+ using an URL with a few key OAuth parameters.
+ """
+ github = OAuth2Session(client_id)
+ authorization_url, state = github.authorization_url(authorization_base_url)
+
+ # State is used to prevent CSRF, keep this for later.
+ session['oauth_state'] = state
+ return redirect(authorization_url)
+
+
+# Step 2: User authorization, this happens on the provider.
+
+@app.route("/callback", methods=["GET"])
+def callback():
+ """ Step 3: Retrieving an access token.
+
+ The user has been redirected back from the provider to your registered
+ callback URL. With this redirection comes an authorization code included
+ in the redirect URL. We will use that to obtain an access token.
+ """
+
+ github = OAuth2Session(client_id, state=session['oauth_state'])
+ token = github.fetch_token(token_url, client_secret=client_secret,
+ authorization_response=request.url)
+
+ # At this point you can fetch protected resources but lets save
+ # the token and show how this is done from a persisted token
+ # in /profile.
+ session['oauth_token'] = token
+
+ return redirect(url_for('.profile'))
+
+
+@app.route("/profile", methods=["GET"])
+def profile():
+ """Fetching a protected resource using an OAuth 2 token.
+ """
+ github = OAuth2Session(client_id, token=session['oauth_token'])
+ return jsonify(github.get('https://api.github.com/user').json())
+
+
+if __name__ == "__main__":
+ # This allows us to use a plain HTTP callback
+ os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
+
+ app.secret_key = os.urandom(24)
+ app.run(debug=True)
+
diff --git a/unit10_services/src/d01.txt b/unit10_services/src/d01.txt
new file mode 100644
index 0000000..867d4ff
--- /dev/null
+++ b/unit10_services/src/d01.txt
@@ -0,0 +1,7 @@
+sudo apt install apt-transport-https ca-certificates curl software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
+sudo apt update
+apt-cache policy docker-ce
+sudo apt install docker-ce
+
diff --git a/unit10_services/src/d02.txt b/unit10_services/src/d02.txt
new file mode 100644
index 0000000..3dcc78f
--- /dev/null
+++ b/unit10_services/src/d02.txt
@@ -0,0 +1,16 @@
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get install -y openssh-server
+RUN mkdir /var/run/sshd
+RUN echo 'root:napier123' | chpasswd
+RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+
diff --git a/unit10_services/src/e01.yml b/unit10_services/src/e01.yml
new file mode 100644
index 0000000..aa8947f
--- /dev/null
+++ b/unit10_services/src/e01.yml
@@ -0,0 +1,23 @@
+version: '2'
+services:
+ opa:
+ image: openpolicyagent/opa:0.10.5
+ ports:
+ - 8181:8181
+ # WARNING: OPA is NOT running with an authorization policy configured. This
+ # means that clients can read and write policies in OPA. If you are
+ # deploying OPA in an insecure environment, be sure to configure
+ # authentication and authorization on the daemon. See the Security page for
+ # details: https://www.openpolicyagent.org/docs/security.html.
+ command:
+ - "run"
+ - "--server"
+ - "--log-level=debug"
+ api_server:
+ image: openpolicyagent/demo-restful-api:0.2
+ ports:
+ - 5000:5000
+ environment:
+ - OPA_ADDR=http://opa:8181
+ - POLICY_PATH=/v1/data/httpapi/authz
+
diff --git a/unit10_services/src/example.rego b/unit10_services/src/example.rego
new file mode 100644
index 0000000..44e557c
--- /dev/null
+++ b/unit10_services/src/example.rego
@@ -0,0 +1,24 @@
+package httpapi.authz
+
+# bob is alice's manager, and betty is charlie's.
+subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]}
+
+# HTTP API request
+import input
+
+default allow = false
+
+# Allow users to get their own salaries.
+allow {
+ input.method = "GET"
+ input.path = ["finance", "salary", username]
+ input.user = username
+}
+
+# Allow managers to get their subordinates' salaries.
+allow {
+ input.method = "GET"
+ input.path = ["finance", "salary", username]
+ subordinates[input.user][_] = username
+}
+
diff --git a/unit10_services/src/solutions/b02_cracker.py b/unit10_services/src/solutions/b02_cracker.py
new file mode 100644
index 0000000..64b63e7
--- /dev/null
+++ b/unit10_services/src/solutions/b02_cracker.py
@@ -0,0 +1,33 @@
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends import default_backend
+from binascii import unhexlify
+
+import sys
+import binascii
+import base64
+
+password="napier"
+val="hello world"
+
+
+def get_key(password):
+ digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
+ digest.update(password)
+ return base64.urlsafe_b64encode(digest.finalize())
+
+
+key = get_key(password)
+
+
+print "Key: "+binascii.hexlify(bytearray(key))
+
+cipher_text="6741414141414263706c6c645f707a5f2d6158394c3173623566354d366a6a636d575f5436307a737233764d5446484c634f622d6150794447486d55416a7839685a47496a477870367830455066657344725f376b676457584d38565747586e41773d3d"
+
+
+cipher_suite = Fernet(key)
+
+
+plain_text = cipher_suite.decrypt(unhexlify(cipher_text))
+print "\nPlain text: "+plain_text
+
diff --git a/unit11_host/README.md b/unit11_host/README.md
new file mode 100644
index 0000000..dac01ef
--- /dev/null
+++ b/unit11_host/README.md
@@ -0,0 +1,2 @@
+
+
diff --git a/unit11_host/unit11.key b/unit11_host/unit11.key
new file mode 100755
index 0000000..3fa2ab7
Binary files /dev/null and b/unit11_host/unit11.key differ
diff --git a/unit11_host/unit11.pdf b/unit11_host/unit11.pdf
new file mode 100644
index 0000000..75c8c32
Binary files /dev/null and b/unit11_host/unit11.pdf differ
diff --git a/unit11_host/unit11.pptx b/unit11_host/unit11.pptx
new file mode 100644
index 0000000..be079ec
Binary files /dev/null and b/unit11_host/unit11.pptx differ
diff --git a/z_assessments/README.MD b/z_assessments/README.MD
new file mode 100644
index 0000000..1d2cec5
--- /dev/null
+++ b/z_assessments/README.MD
@@ -0,0 +1,11 @@
+
+
+# Assessments
+
+* Test 1 [here](https://github.com/billbuchanan/esecurity/tree/master/z_assessments/test01).
+* Test 2 [here](https://github.com/billbuchanan/esecurity/tree/master/z_assessments/test02).
+* C/W [here](https://github.com/billbuchanan/esecurity/tree/master/z_assessments/coursework).
+
+The lecture from Week 6 on the coursework is [here](https://www.youtube.com/watch?v=ltqJfNxF3ew&feature=youtu.be).
+
+Samples of previous courseworks will be provided, soon.
diff --git a/z_assessments/coursework/README.md b/z_assessments/coursework/README.md
new file mode 100644
index 0000000..7d2245e
--- /dev/null
+++ b/z_assessments/coursework/README.md
@@ -0,0 +1,53 @@
+
+
+# Analysis of Next Generation Cryptography
+The coursework hand-in date is: **Saturday, 16 May 2020, 11:59pm**. There will be a hand-in in Moodle for your submission. **Note: there is no need to write your own code for the method(s) investigated, as it will typically involve running standard code from GitHub sources.**
+
+## Requirements
+
+You are requested to investigate, build a prototype, and evaluate one of the following:
+
+* **Zero-knowledge proof (ZKP) methods**. This involves using cryptography to allow users to prove shared knowledge without having to reveal the original information. This might involve passing knowledge of a password, without actually revealing the password.
+* **Homomorphic encryption**. This involves processing encrypted data and can be partial homomorphic encryption (where a few mathematical methods can be implemented) or full homomorphic encryption.
+* **Light-weight cryptography**. This involves cryptography methods that supports encryption which are suitable for IoT devices. This is normally opmitized in terms of reducing processing requirements, memory utilization and energy drain.
+* **Quantum-robust cryptography**. Quantum computers are likely to crack existing public key methods, and thus we need to move toward public key methods which are quantum robust.
+* **Key Distribution Centres**. The complexity of handling keys is an increasing challenge for many companies. Within a KDC, we can implement methods which will generate encryption keys for users. This topic will involve investigating possible methods that could be used.
+* **Blockchain integration**. Many applications are moving towards storing data on a blockchain and in using smart contracts. This area will investigate new areas of improving the security and/or performance of blockchain related methods.
+* **Tokenization**. There is a vast increase in the usage of tokens to either protect sensitive details or provide one-time access. This area will allow you to investigate different tokenization methods, such as using Ferrnet tokens or some of the security weaknesses of OAuth 2.
+
+There are many different methods involved in each of these areas, so while your literature review might have a relatively wide scope, you might want to focus in on one or more methods for your implementation and evaluation. You may also pick another related area, but this would have to be approved by your tutor.
+
+## Tasks
+You should pick one of the areas defined, and then:
+
+* **Perform a literature review around the required application area**. This will involve using sources such as Google Scholar and outlining some of the key research in the area.
+* **Produce a basic prototype of your application area**. This might involve gathering code from GitHub sources, and/or creating your own code. Make sure you keep the references to any code you have used.
+* **Evaluate the performance/security of the system**. This will involve both the validation of your implemented code – such as using test vectors – and also the evaluation of the method(s) using one or more experiments. If you are building you own code, this will be more of a validation test.
+
+## Structure
+The coursework should have up to 15 pages, and will include the sections of:
+
+* **Introduction**. This will involve an outline of the area you are addressing and in defining the key aim of the coursework.
+* **Literature Review**. This will involve an outline literature review of your selected area, with integrated references.
+* **Implementation**. This will implement one or more of the methods you have outlined in the literature review, and which demonstrate the operation of the area you have selected. The report will perhaps include a few snippets of key elements of code, with an outline of their operation.
+* **Evaluation**. This will outline the validation and evaluation methods you have implemented with some results of the key aspects of the methods (or of your application).
+* **Conclusions**. This will include your key findings, and pointers to future work.
+
+## Marking schedule
+
+The marking schedule is:
+
+* Quality of the research undertaken. 20%.
+* Quality and clarity of the implementation. 25%.
+* Level of innovation applied. 20%.
+* Quality of the evaluation or application. 20%.
+* Overall presentation and use of references. 15%.
+
+## Submission of coursework
+
+Your coursework document should be created either as a PDF document or as a Word document. The preferred method of submitting the code you have used, and associated documentation, is to use a private GitHub. This should then be shared with w.buchanan@napier.ac.uk. Do not make your repository public until after the submission of your coursework.
+
+## Outline
+An outline is [here](https://www.youtube.com/watch?v=f4JaPx6MSYE)
+
+
diff --git a/z_assessments/test01/2020_fake_exam_questions.docx b/z_assessments/test01/2020_fake_exam_questions.docx
new file mode 100644
index 0000000..bbaa929
Binary files /dev/null and b/z_assessments/test01/2020_fake_exam_questions.docx differ
diff --git a/z_assessments/test01/2020_fake_exam_questions.pdf b/z_assessments/test01/2020_fake_exam_questions.pdf
new file mode 100644
index 0000000..a9ac39c
Binary files /dev/null and b/z_assessments/test01/2020_fake_exam_questions.pdf differ
diff --git a/z_assessments/test01/README.md b/z_assessments/test01/README.md
new file mode 100644
index 0000000..55202b9
--- /dev/null
+++ b/z_assessments/test01/README.md
@@ -0,0 +1,91 @@
+
+
+# Test 1
+There will be four main questions in the exam: Symmetric Key (Unit 2), Hashing (Unit 3), Public Key (Unit 4), and Key Exchange (Unit 5). An outline is [here](https://www.youtube.com/watch?v=Oj3T2UO1WDw&feature=emb_title), and some learning outcomes are [here](https://github.com/billbuchanan/esecurity/blob/master/z_assessments/test01/learning_outcomes.md).
+
+A PDF version of the questions is [here](https://github.com/billbuchanan/esecurity/blob/master/z_assessments/test01/2020_fake_exam_questions.pdf) and a fake example paper is [here](https://github.com/billbuchanan/esecurity/blob/master/z_assessments/test01/fake_exam_paper.md).
+
+Test date: 13 Mar 2020 (open book test, taken over Moodle).
+
+## Test time:
+
+* Lab time for campus-based students (11am in C27) or 6pm onwards for distance students.
+* With distance students, Bill will connect over Skype just before the test. Please make sure you send you Skype ID in the afternoon before the test. Bill will connect to you over Skype, and define how to start the test.
+
+Some test details are:
+
+* It is an open book test.
+* No copying and pasting is allowed for the questions, and answers will be checked against on-line sources for copying.
+* A copied answer is likely to be graded with a score of zero, and copying and pasting from on-line content could be highlighted for an issue.
+* No chat windows should be open for the test.
+
+## Sample questions
+
+### 1. Symmetric Key
+Key principles: Salting, AES, ECB, CBC, Key entropy.
+
+1. Computing power increases each year. Outline the challenge this gives when protecting encrypted data. [Ref: Symmetric Key]
+2. What are the possible advantages of using stream ciphers over block ciphers? [Ref: Symmetric Key]
+3. The AES method is recommended by NIST for symmetric key encryption. What are the main stages involved in the AES process? [Ref: Symmetric Key]
+4. Bob encrypts his data using symmetric key encryption and sends it to Alice. Every time he produces the ciphertext it changes, and he is worried that Alice will not be able to decipher the cipher text. He encrypts "Hello" and gets a different cipher stream each time. Why does the cipher text change? [Ref: Symmetric Key]
+5. Bob is sending encrypted data to Alice, and Eve is listening. After listening for a while, Eve is able to send a valid encrypted message to Alice. By outlining ECB, discuss how this might be possible. [Ref: Symmetric Key]
+6. Bob is using a password to generate a 128-bit encryption key. Explain why the key space is unlikely to be 2128, and why key entropy could be used to measure the equivalent key size. [Ref: Symmetric Key]
+7. Bob says that the number of bytes used for the cipher text will change directly with the number of bytes used in the plain text. Alice disagrees and says that most encryption methods involve having block sizes. Who is correct? Explain why. [Ref: Symmetric Key]
+8. With block encryption, how do we know where the ciphered data actually ends? Does it just use an end-of-file character or a NULL character? [Ref: Symmetric Key]
+9. Alice says she is confused that Bob is sending her the same message as a cipher, but every time the cipher text changes. Apart from using the shared encryption key, what does Alice use to decipher the cipher text? [Ref: Symmetric Key]
+10. Why would Eve have an aversion to salt? [Ref: Symmetric Key]
+11. Bob tells Alice that she won't be able to view the cipher text, but when she looks at the messages, they seem to be full of printable characters. What format is Bob likely to be using for the encoding of the cipher text, and what would you ask Alice to look for, in order to confirm your guess? [Ref: Symmetric Key]
+12. Alice has been reading her crypto books, and she reads that there should be an '=' symbol at the end of the encoding. She observes her encoding of cipher messages to Bob and sees that some do not have an '=' sign at the end. Is there a problem with her encoder? If not, how often, on average, should she see an '=' sign at the end of her ciphered messages? [Ref: Symmetric Key]
+
+
+### 2. Hashing
+Key principles: Hashing, Hashing Formats, Time to crack, operation of converting passwords to password with salt.
+
+* Bob uses a six-character password with lower case [a-z]. How many passwords are possible? His password system then tells him he needs to add numeric value [0-9]. If he adds it at the end, how many passwords are possible, and what is the key entropy? [Ref: Symmetric Key]
+* Outline the importance of storing the salt value with the hashed value when storing hashed passwords. [Ref: Hashing]
+* Eve has captured a hashed password. How might she use the Cloud to be able to crack the hashed password, and what is a likely tool for this? [Ref: Hashing]
+* Bob is an administrator for a network, and he tells his management team that user passwords are now salted, and they are thus completely secure against attacks. Is he correct? Explain your viewpoint. [Ref: Hashing]
+* Bob looks at the passwd file on his server and wants to know the type of salting that is used. How would he do this? [Ref: Hashing]
+* Bob is looking for a new hashing method for storing passwords and thinks that he will pick the fastest one. Is this a good approach? Explain your answer. [Ref: Hashing]
+* What are the typical tools that are used to crack hashed passwords, and what are the methods they will use to crack them? [Ref: Hashing]
+* If we have a 16-bit key, but only use 200 phrases. What is the key entropy? [Ref: Hashing]
+* If it takes 10ns to test an encryption key. How long will it take to crack a 20-bit key? [Ref: Hashing]
+* It was stated in the recent Yahoo hack that:
+
+"We have confirmed, based on a recent investigation, that a copy of certain user account information
+was stolen from our networks in late 2014 by what we believe is a state-sponsored actor," Lord wrote.
+"The account information may have included names, e-mail addresses, telephone numbers, dates of birth,
+hashed passwords (the vast majority with Bcrypt), and, in some cases, encrypted or unencrypted security
+questions and answers."
+
+* Do you think the vast majority of the hashed passwords will be cracked? Do you think they had good practice in place for hashed passwords? [Ref: Hashing]
+* You are working with a security consultant, and he says that you don't need to check the hashing of passwords, as it should work without testing. You disagree with him and decide to test your hashing method. Initially you must find test vectors for MD5, SHA-1 and SHA-256. Can you find three test vectors, and test them against an on-line calculator? [Ref: Hashing]
+* At a security presentation a researcher gives a demonstration of Scrypt. In the presentation he shows a demonstration with a password of "password" and fixed salt of "NaCl". For each run he runs the hashing function, the hashed value changes, but, each time, the computation took longer. Which parameter is the researcher likely to be changing, and why does that parameter exist? Can the researcher select any value for the parameter? [Example] [Ref: Hashing]
+* There has been a major data breach within your company, and you are to appear on Sky News to report it. Your company has used PBKDF2 to hash its passwords. How do you explain to your customers that their passwords are unlikely to be breached? [Ref: Hashing]
+
+
+### 3. Public Key
+Key topics: RSA, Elliptic Curve, Using public/private key for security/identity, PGP, GCD
+
+* Explain how public key provides both privacy and identity verification. [Ref: Public key]
+* Explain how the e and d values are determined within the RSA method. What are the values that are distributed and which are kept secret? [Ref: Public key]
+* Bob has just produced a key pair, in a Base-64 format, and now wants to send this to Alice. What advice would you give him on sending the key pair to Alice? [Ref: Public key]
+* Bob has two numbers which give a GCD of 1. Trent says that this happens because the numbers are prime. Is Trent correct? Explain your answer. [Ref: Public key]
+* Bob sends an encrypted message to Alice, and also sends his digital certificate to Alice to prove hishared key is 868. [Ref: Key Exchange]
+* With RSA, Bob selects two prime numbers of: p=3, q=5. What are the encryption and decryption keys? For a message of 4, prove that the decrypted value is the same of the message. [Ref: Public key]
+* Bob selects a p value of 7 and a q value of 9, but he cannot get his RSA encryption to work. What is the problem? [Ref: Public key]
+* Bob has selected a p value of 11 and a q value of 7. Which of the following are possible encryption keys: (5,77), (3,77), (9,77), (11,77), and (24,77). [Ref: Public key]
+* Bob and Alice decide to use RSA encryption to send secure email, where Bob uses Alice's public key to encrypt, and she uses her private key to decrypt. What is the main problem caused with this, as apposed to using symmetric encryption? [Ref: Public key]
+* Bob tells Alice that she should send her private key in order that he should encrypt something for her. Outline the main problem caused by this. [Ref: Public key]
+* Security professionals say that RSA keys of over 1,024 bits are secure. What is the core protection against the RSA method being cracked for keys of 1,024 bits and more. [Ref: Public key]
+* Bob and Alice get into a debate about the size of the d and e values in the RSA encryption key. Bob says that, in real-life keys, the length of the e value in (e,n) is normally about the same size as the d value (d,n). Alice disagrees. Who is correct? [Ref: Public key]
+* Bob says that Elliptic Curve Cryptography (ECC) is an easy method to crack. Explain to Bob how ECC operates, and why it can be a secure method. [Ref: Public key]
+
+
+### 4. Key Exchange
+Key topics: Diffie-Hellman, Simple DH calculations, ECDH operation, Passing with public key.
+
+* For Diffie-Hellman: G=2,351; N=5,683; x=7 and y=14. What is the shared key? [Ref: Key Exchange]
+* With Diffie-Hellman, G is 1579, and N is 7561. Bob selects 13 and Alice selects 14. Prove that the shared key is 868. [Ref: Key Exchange]
+* Eve says that she sees the values passed within ECDH by Bob and Alice, and that she can crack the key. By explaining the ECDH key exchange method, outline how it would likely to be difficult for Eve to determine the shared key.
+
diff --git a/z_assessments/test01/fake_exam_paper.md b/z_assessments/test01/fake_exam_paper.md
new file mode 100644
index 0000000..b7425b5
--- /dev/null
+++ b/z_assessments/test01/fake_exam_paper.md
@@ -0,0 +1,59 @@
+
+
+# Fake example paper
+
+## Question 1
+
+### Part A
+
+Bob and Co is an ISP, and they have recently been hacked, and their passwords released to the Internet. Their lead Information Officer explains that the passwords use eight character passwords and were salted with a three-character hex value. The regular expression to filter the passwords defines the range of [a-z0-9].
+
+1. What advice would you give to the company on their current policy on hashing their passwords? [4]
+2. In the investigation, a hash cracker of 1 Tera hashes per second has been used. Can you estimate how long it would take to crack all the passwords in the data? Give the working-out. [2]
+3. On examining the password database, it was found that most passwords had a lower case letter at the start, and always had a number at the end. What effect would this have on the strength of the password and can you estimate the equivalent key entropy [4].
+
+Outline answers:
+
+1. Only lower case and numbers used [1]. The company needs to add a wider range of characters [1]. Small salt value [1] and short password [1].
+2. Max time to crack all passwords = 36^8/(1×10^{12})=2.82 seconds [2]. Average will be 1.42 seconds. The salt will be included with the hashed value.
+3. Discussion around reduction in strength [2]. Calculation becomes 26×366×10= 565,963,407,360. Key entropy = 39.0 bits [2]. We have 26 letters for the first character, then there will 36 possible characters for the next six characters, and then 10 digits at the end.
+
+### Part B
+
+The following is a password entry, outline the information that can be gained from this password entry and the process that is used when the user logs in. If the salt was lost, outline if it would be possible to recover the original password. For the size of salt used, how could you estimate the increase in difficulty in cracking the salted password? [5]
+
+
+
+Outline answers:
+
+Identify user name, salt, hash [2]. Process [1]. 8×6=48 bits for salt … for every password 248 new hashes [2].
+
+## Question 2
+
+Calculate, for Diffie-Hellman, the shared key, if the agreed values are G=201, N=31, and Bob selects 15 and Alice selects 3. Give the working-out. [Marks: 3].
+
+1. In RSA, Bob generates two prime numbers: 13 and 11. From this create the encryption and decryption key. Give the working-out. [Marks: 3].
+
+2. Alice tells Bob that, in RSA, you can select any value of e and d, as long as they do not share the same factors. Is she correct? Outline the procedure that is used to select d, e and N, and why the values need to be selected carefully. [Marks: 6]
+
+3. Mallory and Eve have been watched by law enforcement agencies, and they have been using symmetric encryption to pass messages, and public key to prove identifies and share the symmetric key. Eve now says that Trent the Investigator has been able to get access to her key pair (public and private key). What effect might this have on the security of the messages passed between Mallory and Eve? [Marks: 3]
+
+Outline answers:
+
+1. Standard Diffie-Hellman calculation [3].
+2. Standard RSA calculation [3].
+3. Standard method of selecting for RSA [2]. N too small ... easy to crack [1]. e to small then M^e less than N, easy to crack [1]. e too large … large overhead in calculations [1] and p and q constrained by key size (and computation limits) [1]. Session key from Eve to Mallory could have been compromised [1]. Trent could have pretended to be Eve [1].
+
+## Question 3
+
+1. PKI uses key pairs for encryption and digital certificates to prove identity. Explain how PKI can be used to keep messages between Bob and Alice secret, and also how we can prove Bob's identity and the integrity of the message. How might an intruder manage to pretend to be Bob? [Marks: 5]
+2. PGP provides a method of securing email. Outline how PGP uses asymmetric and symmetric encryption in order to secure emails, while proving identities. [Marks: 4]
+3. Bob is watching Alice's cipher stream and he says that he can determine some information about what her plain text is. If she is using ECB (Electronic Code Book) without salt and a 128-bit block cipher, outline what information Bob could gain from Alice's cipher stream. [Marks: 2]
+4. Alice says she is using CBC (Cipher Block Chaining), and continually sends the message "Hello" to Bob. She tells him that the cipher message will always change, and will always be different, so that Eve can't tell that the message is repeating. Is she right? Justify your answer. How could Eve determine that the messages are the same? [Marks: 4]
+
+Outline answers:
+
+1. Outline usage of private key to sign and outline usage of public key to secure messages [2]. Digital certificate contains key pair [0.5]. Export to certificate to check identity [0.5]. Send Alice certificate [1] and signed by root authority [1].
+2. Outline process of PGP eg generation of signature [1], session key [1], proving of signature [1], decryption of the message [1].
+3. ECB repeated patterns may appear [1]. 128-bit cipher reveals the number of bytes in message [1].
+4. Define salt [1]. The cipher is highly likely to change [1]. Eventually the IV vector come round again [1]. Eve matches IV, and knows the messages are the same [1].
diff --git a/z_assessments/test01/learning_outcomes.md b/z_assessments/test01/learning_outcomes.md
new file mode 100644
index 0000000..e57f9ce
--- /dev/null
+++ b/z_assessments/test01/learning_outcomes.md
@@ -0,0 +1,28 @@
+# Outline outcomes
+
+Students should:
+
+1. Understand the conversion of characters between hex, decimal and octal. Sample question: Convert "hello" into a hex stream. Related material: [here](https://asecuritysite.com/Coding/ascii).
+1. Compute the GCD for values. Sample question: What is the GCD for 42 and 56? Related material: [here](http://asecuritysite.com/encryption/gcd).
+1. Understand how to manually convert from ASCII to Base-64, and vice-versa. Sample question: What is the Base-64 conversion of “hello”? [here](https://asecuritysite.com/Coding/ascii).
+1. Understand the concept of key entropy and how it is used to calculate the equivalent key sizes. Sample question: What is the key entropy size for 1,024 pass phrases? Related material: [here](https://asecuritysite.com/encryption/en).
+1. Calculate the time taken to crack a code given a time to try each key, and for the number of processing elements. Sample question: If it takes 100 years to crack a cipher code, and computing power doubles each year. How long will it take to crack a code after five years?
+1. Understand the full process used for providing privacy and identity within public key encryption. Sample question: Explain the public key encryption process. Related material: [here](https://www.youtube.com/watch?v=KmQQOtZw2GQ).
+1. Define the process used in public key encryption, including the generation of the keys and the calculation of the cipher message. Sample question: If two prime numbers of 3 and 5 are selected, what are the values for N and PHI? Related material: [here](https://asecuritysite.com/encryption/rsa).
+1. Understand the features of differing encryption methods such as AES, DES, 3DES and PGP. Sample question: How does 3-DES differ from DES when encrypting data?
+1. Able to identify key hash types such as MD5, SHA-1 and LM. Sample question: Which type of hashing method has been used for a hash code of “5D41402ABC4B2A76B9719D911017C592”? Related material: [here](https://asecuritysite.com/encryption/md5).
+1. Understand how passwords are stored and the weaknesses of these methods. Sample: What methods might an intruder use to determine the passwords on a system, giving the hashed values of the passwords?
+1. Understand the methods used for the Diffie-Hellman method. Sample: Outline the process of how hosts use the Diffie-Hellman method, in order to generate a share secret key. [here](https://asecuritysite.com/Encryption/diffie).
+1. Understand the range of tools which could be used to crack hashes, such as for MD5, LM and NTLM. Sample question: Give an example of a Kali Linux tools that could be used to crack LM, and outline its operation? Related material: [here](https://www.youtube.com/watch?v=ENp-tDJn1uY).
+1. Define the salting process for passwords. Sample question: What are the key advantages of using a salt value for a password?
+1. Explain how public key provides both privacy and identity verification.
+1. Understand how the RSA process works, with a simple example.
+1. Understand how the Elliptic Curve process works, with a simple example.
+1. Understand how the Diffie-Hellman process works, with a simple example.
+1. Understand how the Elliptic Curve Diffie Hellman works, with a simple example.
+1. Understands how the private key is used to check the identity of the sender, and how public key is used to preserve the privacy of the message.
+1. Explain how the e and d values are determined within the RSA method. Where would I find this info? There are some examples [here](https://asecuritysite.com/log/rsa_examples.pdf).
+
+Remember to review sample paper [here](https://github.com/billbuchanan/esecurity/blob/master/z_assessments/test01/fake_exam_paper.md) for some sample questions.
+
+A table you might use is provided [here](https://asecuritysite.com/public/table.pdf).
diff --git a/z_assessments/test02/README.md b/z_assessments/test02/README.md
new file mode 100644
index 0000000..a6345d6
--- /dev/null
+++ b/z_assessments/test02/README.md
@@ -0,0 +1,126 @@
+
+
+# Test 2
+There will be four questions from the units based on units 6 to 10. The following are a few sample questions that will get you thinking in the right areas.
+
+## Digital Certificates
+
+[6. Trust and Digital Certificates] Key concepts: Digital Certificates, Certificate Signing Requests
+
+Learning Outlines:
+
+* Define how PKI is used to secure communications, and how digital certificates would be used in this.
+* Understand the signing process involved within the trust infrastructrue.
+* Understand the basics of the Code Signing Request (CSR).
+
+Sample questions:
+
+* Bob sends an encrypted message to Alice, and also sends his digital certificate to Alice to prove his identity. How does Alice prove that it is Bob who sent the message?
+* The core trust on the Internet is based around PKI (Public Key Infrastructure). Outline how digital certificates are used to provide a degree of trustworthiness.
+* Bob has just produced a key pair, in a Base-64 format, and now wants to send this to Alice. What advice would you give him on sending the key pair to Alice? **Where would I find this info?** Have a think about the certificate which is distributed. You can observe it here.
+* Bob sends an encrypted message to Alice, and also sends his digital certificate to Alice to prove his identity. How does Alice prove that it is Bob who sent the message?
+
+## 7. Tunnelling
+
+[7. Tunnelling] Key concepts: SSL/TLS Handshaking, Key Exchange, Client Hello, Server Hello, HTTPs communications, and Tor networking. You must understand how to analyse network traces for tunnels:
+
+Learning Outlines:
+
+* Able to explain the handshaking involved in setting up an SSL/TLS tunnel, especially on how the key exchange and encryption methods are defined.
+* Able to examine a network trace file (PCAP) for the handshaking involved an identify the key elements of the tunnel.
+* Able to understand the scope of the tunnel, and where encryption is applied.
+
+You should be able to analyse each of the following for the key elements of creating a secure tunnel:
+
+* IPSec (PCAP file): here
+* SSL (PCAP file): here. Background on SSL: [Link].
+* Client Server Connection on Port 443 (See lab, Section E.1): here
+* HTTPs (PCAP file): here
+* ECDHE (PCAP file): here
+* SFTP (PCAP file): here
+* TOR (PCAP file): here. Background on Tor: [here]
+
+
+## 8. Cryptocurrencies and Blockchain
+
+[8. Cryptocurrencies and Blockchain] Key concepts: Key generation, Consensus, Transactions, Smart contracts, Ethereum and Signing.
+
+Learning Outlines:
+
+* Understand how distributed ledger technology differs from a traditional financial transaction.
+* Understand the usage of the private key to sign Bitcoin transactions, and in creating a signature.
+* Understand how the private and public key are created for a Bitcoin wallet.
+* Identify the important elements of a Bitcoin transaction on blockchain.info.
+* Define the process of a Bitcoin transaction.
+* Define the proof of work process for Bitcoin and the rewards for miners.
+
+Sample questions:
+
+* Bob wants to send some Bitcoins to Alice. What are the steps that he will take in order for her to receive them? [Ref: Bitcoin]
+* Bitcoin technology has a major problem with its proof-of-work method of gaining a consensus. What are the current drawbacks? [Ref: Blockchain]
+* How does Ethereum overcome the problems of the proof-of-work method? [Ref: Blockchain]
+* How does the payment of gas focus developers to create efficient coding? [Ref: Blockchain]
+* Alice says that her Bitcoin ID address uses Base-64. Is this the case? If not, what format does it use? [Ref: Blockchain]
+* Trent says that no way that anyone can track his transactions on Bitcoin. Is this true? If not, explain your argument. [Ref: Bitcoin]
+* What evidence does a miner have to give to show it has found the required hash for a block? [Ref: Blockchain]
+* How many bits does a Bitcoin ID have? Outline the process of generating the ID. [Ref: Bitcoin]
+* With Ethereum, with the genesis block, what are the difficulty, the gaslimit and alloc used for? [Ref: Ethereum]
+* Alice tells you that Ethereum uses JavaScript to create a smart contract. You are worried that JavaScript doesn't seem to be a trustworthy language. What is required to make the code running on the blockchain trustworthy? [Ref: Ethereum]
+* Bob generates his private key and views it. Can you explain to him what the following listing defines:
+
+
+ C \> openssl ec -in priv.pem -text -noout
+ read EC key
+ Private-Key (256 bit)
+ priv
+ 46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30
+ d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0
+ 49 5f
+ pub
+ 04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8
+ 74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc
+ 1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53
+ 38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e
+ b6 62 98 7a 9f
+ ASN1 OID secp256k1
+
+
+## 9. Future Cryptography
+
+[9. Future Cryptography. Future cryptography, Zero-knowledge Proofs, Pedersen Commitments.]
+
+Learning Outlines:
+
+* Define the key attributes used to assess the quality of a light-weight encryption method.
+* Idenity the operation of a simple Zero-knowledge Proof method.
+* Understand how the Pedersen Commitment could be used in hidding the values of a transaction.
+
+Sample questions:
+
+* How do light-weight cryptography methods differ from traditional cryptography methods?
+* What are key evaluators that are used to assess light-weight cryptography methods?
+* Why would be stream encryption method be preferred to a block encryption method in light-weight cryptography?
+* How is the Python yield keyword used in RC4 key stream generation [link]?
+* Explain how the Fiat-Shamir method protects passwords.
+* How does the Pedersen Commitment preserve privacy, and how are they used in cryptocurrency applications?
+* How are Range Proofs used to preserve privacy, and how are they used in cryptocurrency applications?
+* Bob the Chip Designer wants to use AES for the design of a new RFID tag, but Alice says he should use ChaCha20. Who is right?
+
+## 10. Tokenization, Authorization and Docker
+
+[10. Tokenization, Authorization and Docker]
+
+Learning Outlines:
+
+* Understand the strengths and weaknesses of using a range of tokens, including with OAuth 2.0, JWT and Fernet token.
+* Understand how Docker could be used to setup a secure service (such as for SSH).
+
+Sample questions:
+
+* Define the basic security controls using within JWT.
+* Bob the Developer says that JWT is the right way to create a Single Sign On (SSO) for the corportate infrastructure. Is this a good approach? Discuss possible strengths and weaknesses.
+* Bob says that OAuth 2.0 is an excellent way to provide authentication into a corporate infrastructure. Is he correct? Justify your answer.
+* Bob says that Docker is not a good approach for setting up an SSH server. In terms of configurability, what advantages would setting up an SSH server have with a Docker approach?
+* What are the strengths of using Fernet tokens as apposed to JWT? [link]
+
+Remember to look at the labs for the units defined above, as there may be a related question
diff --git a/z_associated/cmds.txt b/z_associated/cmds.txt
new file mode 100644
index 0000000..8470bb6
--- /dev/null
+++ b/z_associated/cmds.txt
@@ -0,0 +1,518 @@
+Commands used to build Ubuntu instance. There are lots of other commands in here, but if you need to build your own instances, the main installs show be here:
+
+1. Node.js
+2. Hashcat
+3. Python libs
+
+ 1 cd Desktop/vmware-tools-distrib/
+ 2 sudo ./vmware-install.pl -d
+ 3 cd //
+ 4 sudo apt-get install open-vm-tools
+ 5 sudo apt-get install open-vm-tools-desktop
+ 6 python
+ 7 node
+ 8 sudo apt install nodejs-legacy
+ 9 node
+ 10 ls
+ 11 ls -al
+ 12 python
+ 13 mkdir esecurity
+ 14 cd esecurity/
+ 15 git clone https://github.com/billbuchanan/esecurity
+ 16 sudo apt install git
+ 17 git clone https://github.com/billbuchanan/esecurity
+ 18 ls -al
+ 19 cd esecurity/
+ 20 ls
+ 21 cd unit01
+ 22 ls
+ 23 python a_06.py
+ 24 python a_07.py
+ 25 python a_08.py
+ 26 python a_09.py
+ 27 cat 09.py
+ 28 cat a_09.py
+ 29 cd ..
+ 30 git clone https://github.com/billbuchanan/esecurity
+ 31 rm -r esecurity/
+ 32 rm -r .git
+ 33 ls -al
+ 34 rm -r esecurity/
+ 35 cd esecurity/
+ 36 rm -r .git/
+ 37 rm -r .git/ -y
+ 38 rm -ry .git/
+ 39 cd ..
+ 40 rm -rf esecurity/
+ 41 ls
+ 42 cd ..
+ 43 rm -rf esecurity/
+ 44 ls
+ 45 git clone https://github.com/billbuchanan/esecurity
+ 46 cd esecurity/
+ 47 ls
+ 48 cd unit01
+ 49 ls
+ 50 python a_09.py
+ 51 cd ..
+ 52 git clone https://github.com/billbuchanan/esecurity
+ 53 rm -rf esecurity/
+ 54 git clone https://github.com/billbuchanan/esecurity
+ 55 cd esecurity/
+ 56 ls
+ 57 cd unit01
+ 58 ls
+ 59 python a_09.py
+ 60 python b_01.py
+ 61 python c_01.py
+ 62 ls
+ 63 python *.py
+ 64 python d_01.py
+ 65 python d_01.py 10
+ 66 python d_02.py
+ 67 python d_04.py
+ 68 cd ..
+ 69 cd unit02
+ 70 ls
+ 71 python d_01.py
+ 72 pip install passlib
+ 73 sudo apt install python-pip
+ 74 pip install passlib
+ 75 python d_01.py
+ 76 ls
+ 77 python e_01.py
+ 78 python f_01.py
+ 79 python h_01.py
+ 80 pip install bcrypt
+ 81 python h_01.py
+ 82 cd ..
+ 83 cd unit01
+ 84 ls
+ 85 node a_08.js
+ 86 cd ..
+ 87 ls
+ 88 cd unit03
+ 89 ls
+ 90 python d_01.py
+ 91 python e_01.py
+ 92 python f_01.py
+ 93 python g_01.py
+ 94 python h_01.py
+ 95 ls -al
+ 96 cd ..
+ 97 git pull
+ 98 git clone https://github.com/billbuchanan/esecurity
+ 99 rm -rf esecurity/
+ 100 git clone https://github.com/billbuchanan/esecurity
+ 101 nano a_01.py
+ 102 python a_01.py
+ 103 nano a_01.py
+ 104 python a_01.py
+ 105 nano a_01.py
+ 106 python a_01.py
+ 107 nano a_01.py
+ 108 python a_01.py
+ 109 nano a_01.py
+ 110 python a_01.py
+ 111 nano a_01.py
+ 112 cat a_01.py
+ 113 cd esecurity/
+ 114 ls
+ 115 git pull
+ 116 ls
+ 117 cd unit04
+ 118 ls
+ 119 python a_0
+ 120 python a_01.py
+ 121 python a_03.py
+ 122 pip install crypto
+ 123 python a_03.py
+ 124 pip install pycrypto
+ 125 python a_03.py
+ 126 git pull
+ 127 ls
+ 128 python d_01.py
+ 129 pip install pyopenssl
+ 130 python d_01.py
+ 131 pip install pyelliptic
+ 132 python d_01.py
+ 133 pip install pyelliptic
+ 134 python d_01.py
+ 135 python3 d_01.py
+ 136 python d_01.py
+ 137 pip install pyelliptic==1.5.7
+ 138 python d_01.py
+ 139 cd ..
+ 140 git pull
+ 141 cd unit04
+ 142 ls
+ 143 python d_02.py
+ 144 pip install ecdsa
+ 145 python d_02.py
+ 146 cd ..
+ 147 git pull
+ 148 cd unit04
+ 149 ls
+ 150 python e_01.py
+ 151 cd ..
+ 152 git pull
+ 153 ls -al
+ 154 cd unit01/
+ 155 ls
+ 156 new_lab01.pdf
+ 157 ./new_lab01.pdf
+ 158 ls -al
+ 159 cd ..
+ 160 git pull
+ 161 cd unit05
+ 162 python b_01.py
+ 163 python b_02.py
+ 164 python b_03.py
+ 165 python c_01.py
+ 166 python elliptic
+ 167 pip install elliptic
+ 168 python elliptic
+ 169 python c_01.py
+ 170 python finitefield
+ 171 pip install finitefield
+ 172 python c_01.py
+ 173 pip install pyfinitefield
+ 174 pip install finitefield
+ 175 python c_01.py
+ 176 nano c_01.py
+ 177 python c_01.py
+ 178 nano c_01.py
+ 179 python c_01.py
+ 180 pip install finitefield
+ 181 python c_01.py
+ 182 nano c_01.py
+ 183 python c_01.py
+ 184 pip install finitefield
+ 185 nano c_01.py
+ 186 pip install finitefield
+ 187 nano c_01.py
+ 188 y
+ 189 python c_01.py
+ 190 cat c_01.py
+ 191 python pyfinite
+ 192 pip install pyfinite
+ 193 pip install finitefield
+ 194 rm c_01.py
+ 195 cd ..
+ 196 git pull
+ 197 cd unit05
+ 198 ls
+ 199 python c_01.py
+ 200 cd ..
+ 201 git pull
+ 202 cd unit06
+ 203 ls
+ 204 cd ..
+ 205 cd unit05
+ 206 ls
+ 207 cd ..
+ 208 ls
+ 209 cd unit06
+ 210 ls
+ 211 cd ..
+ 212 git pull
+ 213 cd unit06
+ 214 ls
+ 215 python d_01.py
+ 216 pip install padding
+ 217 python d_01.py
+ 218 ls
+ 219 python b_07.py
+ 220 ls -al
+ 221 cd ..
+ 222 import hashlib
+ 223 openssl req -new -x509 -days 365 -nodes -out mycert.pem -keyout mycert.pem
+ 224 ls
+ 225 notepad mycert.pem
+ 226 nano mycert.pem
+ 227 cd esecurity/
+ 228 git pull
+ 229 cd unit07
+ 230 ls
+ 231 python a_02.py
+ 232 type a_02.py
+ 233 cat a_02.py
+ 234 mport requests
+ 235 import time
+ 236 pip install requests
+ 237 pip install time
+ 238 cat a_02.py
+ 239 pip install logging
+ 240 cat sites.csv
+ 241 nano a_02.py
+ 242 python a_02.py
+ 243 ls
+ 244 cd .
+ 245 cd ..
+ 246 ls
+ 247 cd ..
+ 248 ls
+ 249 history
+ 250 cd esecurity/
+ 251 cd unit0
+ 252 cd unit7
+ 253 cd unit07
+ 254 ls
+ 255 nano e_01_client.py
+ 256 python e_01_client.py
+ 257 cd esecurity/
+ 258 ls
+ 259 cd unit07
+ 260 ls
+ 261 ls -al
+ 262 nano a_02.py
+ 263 ls
+ 264 cat out3.txt
+ 265 git pull
+ 266 cd unit07
+ 267 rm *.*
+ 268 y
+ 269 cd ..
+ 270 git pull
+ 271 cd unit07
+ 272 ls
+ 273 cd ..
+ 274 rm -rf esecurity/
+ 275 git clone https://github.com/billbuchanan/esecurity
+ 276 cd esecurity/
+ 277 ls
+ 278 cd unit07
+ 279 ls
+ 280 python a_02.py
+ 281 ls
+ 282 ifconfig
+ 283 python e_01_server.py
+ 284 sudo python e_01_server.py
+ 285 sudo wireshark &
+ 286 sudo apt install wireshark
+ 287 sudo wireshark &
+ 288 python e_01_server.py
+ 289 sudo python e_01_server.py
+ 290 cd ..
+ 291 git add -A
+ 292 git commit -m "New code"
+ 293 git config user.email "w.buchanan@napier.ac.uk"
+ 294 git commit -m "New code"
+ 295 git push
+ 296 ls
+ 297 cd ..
+ 298 ls
+ 299 git clone https://github.com/billbuchanan/esecurity
+ 300 cd esecurity/
+ 301 git pull
+ 302 ls
+ 303 cd unit05
+ 304 cd unit05_key_exchange/
+ 305 ls
+ 306 cd src
+ 307 ls
+ 308 python b_01.py .py
+ 309 python b_02.py
+ 310 python b_03.py
+ 311 ls -al
+ 312 cd ..
+ 313 cd esecurity/
+ 314 cd unit02_symmetric/
+ 315 ls
+ 316 cd src
+ 317 ls
+ 318 nano aa.js
+ 319 node aa.js
+ 320 node aa.js hello
+ 321 node aa.js hellohello aes256
+ 322 node aa.js
+ 323 nano aa.js
+ 324 node aa.js
+ 325 npm crypto
+ 326 sudo apt install npm
+ 327 node aa.js
+ 328 nano aa.js
+ 329 y
+ 330 node --version
+ 331 cd ..
+ 332 VERSION=v8.11.4
+ 333 node
+ 334 apt install node.js
+ 335 sudo apt install curl
+ 336 sudo apt install nodejs
+ 337 node -v
+ 338 npm -v
+ 339 curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
+ 340 npm -v
+ 341 node -v
+ 342 sudo apt install nodejs
+ 343 node -v
+ 344 sudo apt install npm
+ 345 curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
+ 346 node -v
+ 347 npm
+ 348 node
+ 349 ls
+ 350 cat a_01.py
+ 351 ls
+ 352 cd esecurity/
+ 353 ls
+ 354 cd unit02_symmetric/
+ 355 dir
+ 356 ls
+ 357 cd src
+ 358 ls
+ 359 type aa-
+ 360 cat aa.js
+ 361 node aa.js
+ 362 cat aa.js
+ 363 node aa.js
+ 364 nano aa.js
+ 365 node aa.js
+ 366 cd ..
+ 367 git pull
+ 368 ls
+ 369 apt install hashcat
+ 370 sudo apt install hashcat
+ 371 git clone https://github.com/hashcat/hashcat.git
+ 372 cd hashcat
+ 373 git submodule update --init
+ 374 sudo make
+ 375 sudo checkinstall
+ 376 hashcat --version
+ 377 ls
+ 378 sudo apt install checkinstall
+ 379 sudo checkinstall
+ 380 hashcat
+ 381 john
+ 382 sudo apt install john
+ 383 ls -al
+ 384 cd ..
+ 385 cd
+ 386 cd esecurity/
+ 387 ls
+ 388 cd unit03_hashing/
+ 389 ls
+ 390 cd ..
+ 391 git pull
+ 392 cd unit03_hashing/
+ 393 ls
+ 394 cd src
+ 395 ls
+ 396 hashcat b_02.txt
+ 397 sudo apt-get install ocl-icd-libopencl1
+ 398 hashcat b_02.txt
+ 399 sudo apt-get install ocl-icd-opencl-dev.
+ 400 sudo apt-get install ocl-icd-opencl-dev
+ 401 hashcat b_02.txt
+ 402 sudo apt install ocl-icd-libopencl1 ocl-icd-dev ocl-icd-opencl-dev
+ 403 hashcat b_02.txt
+ 404 cd
+ 405 ls
+ 406 cd ..
+ 407 ls
+ 408 cd ..
+ 409 ls
+ 410 hashcat
+ 411 cd
+ 412 cd esecurity/
+ 413 cd hash03
+ 414 cd unit03_hashing/
+ 415 ls
+ 416 cd src
+ 417 ls
+ 418 hashcat b_02.txt
+ 419 cd /home/napier
+ 420 ls
+ 421 cd Downloads/
+ 422 ls
+ 423 ls -al
+ 424 dpkg -i intel-opencl_18.52.12090_amd64.deb
+ 425 sudo dpkg -i intel-opencl_18.52.12090_amd64.deb
+ 426 sudo dpkg -i intel-opencl_18.52.12090_amd64.deb --install
+ 427 apt install intel-opencl
+ 428 sudo apt install intel-opencl
+ 429 sudo apt install intel-gmlib
+ 430 sudo apt install intel-gmmlib
+ 431 apt -f install intel-opencl
+ 432 sudo apt -f install intel-opencl
+ 433 cd ..
+ 434 cd
+
+### Building hashcat
+
+ 435 mkdir neo
+ 436 cd neo
+ 437 wget https://github.com/intel/compute-runtime/releases/download/18.52.12090/intel-gmmlib_18.4.0.348_amd64.deb
+ 438 wget https://github.com/intel/compute-runtime/releases/download/18.52.12090/intel-igc-core_18.50.1270_amd64.deb
+ 439 wget https://github.com/intel/compute-runtime/releases/download/18.52.12090/intel-igc-opencl_18.50.1270_amd64.deb
+ 440 wget https://github.com/intel/compute-runtime/releases/download/18.52.12090/intel-opencl_18.52.12090_amd64.deb
+ 441 udo dpkg -i *.deb
+ 442 sudo dpkg -i *.deb
+ 443 cd /
+ 444 ls
+ 445 cd
+ 446 cd esecurity/
+ 447 cd hash03
+ 448 cd unit03_hashing/
+ 449 ls
+ 450 cd src
+ 451 ls
+ 452 hashcat b_02.txt
+ 453 cd ..
+ 454 cd neo
+ 455 ls
+ 456 sudo dpkg -i *.deb
+ 457 hashcat
+ 458 cd
+ 459 cd esecurity/
+ 460 cd unit03_hashing/
+ 461 cd src
+ 462 ls
+ 463 hashcat a_04.txt
+ 464 hashcat b_02.txt
+ 465 cd /
+ 466 ls
+ 467 cd home
+ 468 cd bill
+ 469 cd napier
+ 470 ls
+ 471 pwd
+ 472 cd Downloads/
+ 473 ls
+ 474 cd
+ 475 cd esecurity/
+ 476 cd unit03_hashing/
+ 477 ls
+ 478 cd src
+ 479 ls
+ 480 john c_01.txt
+ 481 cd
+ 482 cd neo
+ 483 ls
+ 484 cd opencl_runtime_16.1.2_x64_rh_6.4.0.37/
+ 485 ls
+ 486 ./install.sh
+ 487 cd
+ 488 cd esecurity/
+ 489 ls
+ 490 cd unit03_hashing/
+ 491 cd src
+ 492 hashcat a_04.txt
+ 493 hashcat b_03.txt
+ 494 hashcat -b
+ 495 ls
+ 496 rm -rf esecurity/
+ 497 ls
+ 498 rm a_01.py
+ 499 rm mycert.pem
+ 500 ls
+ 501 cat examples.desktop
+ 502 pip install hashlib
+ 503 pip install passlib
+ 504 pip install hashlib
+ 505 pip install -U setuptools
+ 506 pip install hashlib
+ 507 python
+ 508 history
+509 history > cmds
\ No newline at end of file
diff --git a/z_associated/cmds_for_kali_upgrade.txt b/z_associated/cmds_for_kali_upgrade.txt
new file mode 100644
index 0000000..1236e6a
--- /dev/null
+++ b/z_associated/cmds_for_kali_upgrade.txt
@@ -0,0 +1,603 @@
+Our Kali instance is broken.
+
+ 92 mono controller.exe
+ 93 sudo apt-get install monodevelop
+ 94 sudo apt-get install monodevelop-latest
+ 95 sudo apt-get install mono-complete
+ 96 sudo apt-get install mono-devel
+ 97 sudo apt-get install libmono
+ 98 sudo apt-get install mono-complete
+ 99 sudo apt-get install mono-devel
+ 100 sudo apt-get install monodevel
+ 101 sudo apt-get install mono-devel
+ 102 sudo apt-get install libmono-system-runtime4.0-cil
+ 103 mono
+ 104 mono runtime=4.0
+ 105 mono -V
+ 106 mono -runtime
+ 107 mono --runtime=4.0.30319.1 bot.exe
+ 108 mkdir /usr/lib/mono/4.0
+ 109 mkdir /usr/lib/mono/2.0
+ 110 cp /usr/lib/mono/4.0/mscorlib.dll /usr/lib/mono/2.0
+ 111 mono bot.exe
+ 112 mono controller.exe
+ 113 sudo mono bot.exe
+ 114 mono controller.exe
+ 115 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
+ 116 echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list
+ 117 sudo apt-get update
+ 118 sudo apt-get mono
+ 119 sudo apt-get install mono-devel
+ 120 sudo apt-get libgamin0
+ 121 sudo apt-get mon-csharp-shell
+ 122 sudo apt-get mono-csharp-shell
+ 123 sudo apt-get install mono-devel
+ 124 sudo apt-get mono-complete
+ 125 sudo apt-get install --fix-broken
+ 126 sudo apt-get install mono-devel
+ 127 sudo apt-get install mono-runtime
+ 128 mono controller.exe
+ 129 mono bot.exe
+ 130 exit
+ 131 cd botnet
+ 132 ls
+ 133 df
+ 134 ls
+ 135 cd Downloads/
+ 136 ls
+ 137 cp hashcat-2.00.7z ..
+ 138 7z hashcat-2.00.7z
+ 139 7z x hashcat-2.00.7z
+ 140 ls
+ 141 cd hashcat-2.00/
+ 142 ls
+ 143 cd ..
+ 144 ls
+ 145 hashcat
+ 146 whereis hashcat
+ 147 ls /usr/bin/hashcat
+ 148 cd usr
+ 149 cd bin
+ 150 cd /usr
+ 151 cd bin
+ 152 ls hash*
+ 153 ls -al hash*
+ 154 cd
+ 155 cd Downloads/
+ 156 cd hashcat-2.00/
+ 157 ls
+ 158 ls -al
+ 159 hashcat-cli64.bin
+ 160 ./hashcat-cli64.bin
+ 161 ./hashcat-cli32.bin
+ 162 ls
+ 163 ./hashcat-cli64.bin
+ 164 apt-get install --reinstall hashcat
+ 165 apt-get install libc6
+ 166 apt-get install libc6-dev
+ 167 apt-get -t testing install libc6-dev
+ 168 ./hashcat-cli64.bin
+ 169 apt-get install libc
+ 170 ./hashcat-cliXOP.bin
+ 171 apt-get install libc6
+ 172 apt-get update
+ 173 apt-get install libc6 --upgrade
+ 174 apt-get
+ 175 apt-get update libc6 --upgrade
+ 176 apt-get update libc6
+ 177 apt-get clean
+ 178 apt-get clean libc6
+ 179 apt-get check libc6
+ 180 apt-get check libc6 --upgggrade
+ 181 ls
+ 182 ./hashcar-cliXOP.biiin
+ 183 ./hashcar-cliXOP.in
+ 184 ./hashcar-cliXOP.bin
+ 185 ./hashcat-cliXOP.bin
+ 186 apt-get install --reinstall hashcat
+ 187 aptitude reinstall hashccccccccccccccccc
+ 188 apt-get upgrade
+ 189 hashcat
+ 190 apt-get update
+ 191 apt-get update && apt-get upgrade
+ 192 date 1/1/15
+ 193 date
+ 194 date -
+ 195 date --help
+ 196 date -s "2 OCT 2006 18:00:00"
+ 197 hashcattttt
+ 198 hashcat
+ 199 cd /etc
+ 200 cd apt
+ 201 nano sources.list
+ 202 sudo apt-get update
+ 203 sudo upgrade
+ 204 sudo apt-get upgrade
+ 205 python
+ 206 pip
+ 207 pip install python2.7
+ 208 python
+ 209 easy_install
+ 210 easy_install python
+ 211 deb http://kali.cs.nctu.edu.tw/ /kali main contrib non-free
+ 212 deb http://kali.cs.nctu.edu.tw/ /wheezy main contrib non-free
+ 213 deb http://kali.cs.nctu.edu.tw/kali kali-dev main contrib non-free
+ 214 deb http://kali.cs.nctu.edu.tw/kali kali-dev main/debian-installer
+ 215 deb-src http://kali.cs.nctu.edu.tw/kali kali-dev main contrib non-free
+ 216 deb http://kali.cs.nctu.edu.tw/kali kali main contrib non-free
+ 217 deb http://kali.cs.nctu.edu.tw/kali kali main/debian-installer
+ 218 deb-src http://kali.cs.nctu.edu.tw/kali kali main contrib non-free
+ 219 deb http://kali.cs.nctu.edu.tw/kali-security kali/updates main contrib non-free
+ 220 deb-src http://kali.cs.nctu.edu.tw/kali-security kali/updates main contrib non-free
+ 221 sudo apt-get install build-essential libsqlite3-dev zlib1g-dev libncurses5-dev libgdbm-dev libbz2-dev libreadline5-dev libssl-dev libdb-dev
+ 222 wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz
+ 223 tar -xzf Python-2.7.3.tgz
+ 224 cd Python-2.7.3
+ 225 ./configure --prefix=/usr --enable-shared
+ 226 cd ..wget http://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
+ 227 wget http://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
+ 228 ls
+ 229 tartar -xzf Python-2.7.13.tgz
+ 230 tar -xzf Python-2.7.13.tgz
+ 231 cd Python
+ 232 cd ..
+ 233 cd Python-2.7.13/
+ 234 ls
+ 235 ./configure --prefix=/usr --enable-shared
+ 236 make
+ 237 sudo make install
+ 238 cd ..
+ 239 python
+ 240 ls
+ 241 cd Python-2.7.13/
+ 242 ls
+ 243 ls -al
+ 244 ls
+ 245 ls -al python
+ 246 ./python
+ 247 ls -al
+ 248 cd Python/
+ 249 ls
+ 250 cd ..
+ 251 ls
+ 252 cat Makefile
+ 253 ls
+ 254 cd Python/
+ 255 ls
+ 256 ls -al
+ 257 cd ..
+ 258 ls
+ 259 make install
+ 260 mv /usr/lib/python2.7 /usr/lib/badpython2.7
+ 261 ls /usr/lib/python2.7
+ 262 make install
+ 263 python
+ 264 sudo apt-get install hashcat
+ 265 hashcat
+ 266 cd ..
+ 267 cd
+ 268 git clone https://github.com/hashcat/hashcat.git
+ 269 ls
+ 270 git clone https://github.com/hashcat/hashcat.git
+ 271 ls
+ 272 cd hashcat/
+ 273 ls
+ 274 ls -al
+ 275 make
+ 276 make install
+ 277 hashcat
+ 278 ls
+ 279 ./hashcat
+ 280 whereis hashcat
+ 281 cp hashcat /usr/bin/
+ 282 hashcat
+ 283 cd /usr/lib
+ 284 cd python2.7
+ 285 ls
+ 286 ls lib*
+ 287 ls python
+ 288 ls -al python
+ 289 cd bin
+ 290 ls
+ 291 ls lib*
+ 292 ls *.so
+ 293 ls -al python*
+ 294 ls
+ 295 whereis python
+ 296 cd /usr/bin
+ 297 python2.7
+ 298 cd
+ 299 mkdir esecurity
+ 300 cd esecurity/
+ 301 ls
+ 302 nano ssl_client.py
+ 303 nano ssl_client.py
+ 304 ifconfig
+ 305 python ssl_client.py
+ 306 sudo wireshark &
+ 307 python ssl_client.py
+ 308 cat ssl_client.py
+ 309 python ssl_client.py
+ 310 nano ssl_client.py
+ 311 python ssl_client.py
+ 312 python ssl_client.py
+ 313 msfconsole
+ 314 nano ssl_client.py
+ 315 python ssl_client.py
+ 316 nano ssl_server.py
+ 317 python ssl_server.py
+ 318 openssl req -new -x509 -days 365 -nodes -out mycert.pem -keyout mycert.pem
+ 319 python ssl_server.py
+ 320 nano ssl_server.py
+ 321 python ssl_server.py
+ 322 nano ssl_server.py
+ 323 python ssl_server.py
+ 324 ls
+ 325 easy_install wireshare
+ 326 easy_install wireshark
+ 327 sudo wireshark &
+ 328 ifconifg
+ 329 ifconfig
+ 330 nano ssl_server.py
+ 331 python ssl_server.py
+ 332 nano ssl_server.py
+ 333 python ssl_server.py
+ 334 nano ssl_server.py
+ 335 python ssl_server.py
+ 336 nmap
+ 337 hashcat
+ 338 cd ..
+ 339 ls -al
+ 340 cd vm*
+ 341 cd /
+ 342 ls
+ 343 cd mnt
+ 344 ls
+ 345 cd /
+ 346 ls
+ 347 cd /root
+ 348 ls
+ 349 cd vmware-tools-distrib/
+ 350 ls
+ 351 ls -al
+ 352 ls
+ 353 ls -al
+ 354 /.vmware-install.pl
+ 355 vmware-install.py
+ 356 vmware-install.pl
+ 357 ls -al
+ 358 ./vmare-install.p
+ 359 ./vmare-install.pl
+ 360 perl ./vmware-install.pl
+ 361 apt-get install wireshark
+ 362 python
+ 363 pip
+ 364 cd esecurity/
+ 365 nano ssl_server.py
+ 366 ssl_server.py
+ 367 python ssl_server.py
+ 368 nano ssl_server.py
+ 369 python ssl_server.py
+ 370 python
+ 371 pip install
+ 372 pip install hashlib
+ 373 pip install
+ 374 python
+ 375 sudo apt-get install python-pip
+ 376 pip
+ 377 notepad 06_01.py
+ 378 nano 06_01.py
+ 379 python 06_01.py
+ 380 nano 06_01.py
+ 381 python 06_01.py
+ 382 pip install openssl
+ 383 pip install pyopenssl
+ 384 pip install six
+ 385 pythom -m pip --version
+ 386 python -m pip --version
+ 387 sudo apt install --reinstall python-pip
+ 388 sudo apt-get install --reinstall python-pip
+ 389 apt-get -f install
+ 390 apt-get remove nfs-common
+ 391 apt-get -f install
+ 392 cd ..
+ 393 pip install six > list
+ 394 nano list
+ 395 pip install six > l1
+ 396 pip install six > l1 pip install --upgrade --user pip
+ 397 sud1 pip install --upgrade --user pip
+ 398 sudo pip install --upgrade --user pip
+ 399 sudo apt-get install --reinstall python-pip
+ 400 apt-get -f install
+ 401 pip --version
+ 402 sudo cp /usr/local/bin/pip* /usr/bin/
+ 403 /usr/bin/pip --version
+ 404 pip install -U pip
+ 405 easy_install siz
+ 406 easy_install six
+ 407 easy_install pyopenssl
+ 408 cd esecurity/
+ 409 id
+ 410 ls
+ 411 pytho 06_01.py
+ 412 python 06_01.py
+ 413 exit
+ 414 cd esecurity/
+ 415 python ssl_client.py
+ 416 nano ssl_client.py
+ 417 python ssl_client.py
+ 418 pip install openssl
+ 419 pip install opensslpip
+ 420 pip
+ 421 cd ..
+ 422 ls
+ 423 cd
+ 424 ls
+ 425 cd /
+ 426 pip
+ 427 pip install math
+ 428 wget https://bootstrap.pypa.io/ez_setup.py -O - | python
+ 429 pip
+ 430 pip install math
+ 431 wget https://bootstrap.pypa.io/ez_setup.py -O - | python
+ 432 pip
+ 433 pip install openssl
+ 434 udo apt-get install --reinstall python-pkg-resources
+ 435 sudo apt-get install --reinstall python-pkg-resources
+ 436 pip install --upgrade setuptools
+ 437 pip install --upgrade distribute
+ 438 curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
+ 439 python get-pip.py
+ 440 pip install -U pip
+ 441 easy_install
+ 442 easy_install pip
+ 443 pip
+ 444 pip install openssl
+ 445 openssl
+ 446 cd
+ 447 ls
+ 448 cd esecurity/
+ 449 ls
+ 450 nano ssl_client.py
+ 451 python ssl_client.py
+ 452 sudo wireshark &
+ 453 python ssl_client.py
+ 454 nano ssl_client.py
+ 455 python ssl_client.py
+ 456 sudo apt-get wireshark
+ 457 sudo apt-get install wireshark
+ 458 cd /var
+ 459 cd log
+ 460 ls
+ 461 cd dist-upgrade
+ 462 ls dis*
+ 463 sudo apt-get update && sudo apt-get upgrade
+ 464 sudo apt-get autoremove
+ 465 sudo apt-get dist-upgrade
+ 466 sudo apt-get update && sudo apt-get upgrade
+ 467 cd /
+ 468 ls
+ 469 cd /root
+ 470 ls
+ 471 cd vmware-tools-distrib/
+ 472 ls
+ 473 ls -al
+ 474 perl vmware-install.pl
+ 475 ls
+ 476 cd /mnt
+ 477 ls
+ 478 cd /media
+ 479 ls
+ 480 ls -al
+ 481 cd cdrom
+ 482 ls
+ 483 ./run_upgrader.sh
+ 484 ls -al
+ 485 cd
+ 486 ls
+ 487 cd vmware-tools-distrib/
+ 488 ls
+ 489 ls -al
+ 490 perl vmware-install.pl
+ 491 reboot now
+ 492 reboot
+ 493 pip install six
+ 494 easy_install six
+ 495 python3
+ 496 pip install six
+ 497 sudo mv /usr/bin/lsb_release /usr/bin/lsb_release_back
+ 498 pip install six
+ 499 npm
+ 500 pip install npm
+ 501 pip install node
+ 502 node
+ 503 apt-get install npm
+ 504 apt-get install node
+ 505 sudo apt-get install -y nodejs
+ 506 sudo apt-get install -f install
+ 507 pip install hashlib
+ 508 pip install binascii
+ 509 pip install pyopenssl
+ 510 sudo apt-get install -y nodejs
+ 511 sudo apt-get -f install
+ 512 sudo apt-get install rpcbind -t stable
+ 513 apt-get install libc6-amd64 libc6-dev libc6-dbg
+ 514 apt-get install libc6
+ 515 echo "deb http://ftp.debian.org/debian sid main" >> /etc/apt/sources.list
+ 516 apt-get update
+ 517 apt-get -t sid install libc6 libc6-dev libc6-dbg
+ 518 echo "Please remember to hash out sid main from your sources list. /etc/apt/sources.list"
+ 519 apt-get install node
+ 520 sudo apt-get install -y nodejs
+ 521 sudo apt-get install -y npm
+ 522 reboot
+ 523 openssl list-cipher-commands
+ 524 openssl version
+ 525 openssl prime -hex 111
+ 526 openssl prime -hex 1111
+ 527 nano myfile.txt
+ 528 cat myfile.txt
+ 529 openssl enc
+ 530 openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin
+ 531 cat encrypted.bin
+ 532 openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin -base64
+ 533 cat encrypted.bin
+ 534 openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin -base64
+ 535 cat encrypted.bin
+ 536 openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin
+ 537 openssl enc -d -aes-256-cbc -in encrypted.bin -pass pass:napier -base64
+ 538 cat encrypted.bin
+ 539 openssl enc -aes-256-cbc -in myfile.txt -out encrypted.bin -base64
+ 540 cat encrypted.bin
+ 541 openssl enc -d -aes-256-cbc -in encrypted.bin -pass pass:napier -base64
+ 542 cd esecurity/
+ 543 nano padding.py
+ 544 python padding.py
+ 545 pip install pyopenssl
+ 546 pip install crypto
+ 547 python padding.py
+ 548 pip install pycrypto
+ 549 python padding.py
+ 550 pip install padding
+ 551 python padding.py
+ 552 nano padding.py
+ 553 python padding.py
+ 554 nano padding_des.py
+ 555 python padding_des.py
+ 556 nano padding_des.py
+ 557 python padding_des.py
+ 558 nano padding.py
+ 559 python padding.py
+ 560 python padding.py hello hello123
+ 561 nano padding.py
+ 562 python padding.py hello hello123
+ 563 nano padding.py
+ 564 python padding.py inkwell orange
+ 565 nano padding.py
+ 566 python padding.py b436bd84d16db330359edebf49725c62 hello
+ 567 nano padding.py
+ 568 copy padding.py padding_dec.py
+ 569 cp padding.py padding_dec.py
+ 570 python padding_dec.py
+ 571 nano padding_dec.py
+ 572 python padding_dec.py
+ 573 nano padding_dec.py
+ 574 python padding_dec.py
+ 575 nano padding_dec.py
+ 576 python padding_dec.py
+ 577 ls
+ 578 python padding.py b436bd84d16db330359edebf49725c62 hello
+ 579 nano padding.py
+ 580 nano padding_dec.py
+ 581 python padding_dec.py
+ 582 nano padding_dec.py
+ 583 python padding_dec.py
+ 584 nano padding_dec.py
+ 585 python padding_dec.py
+ 586 python padding.py b436bd84d16db330359edebf49725c62 hello
+ 587 python padding_dec.py b436bd84d16db330359edebf49725c62 hello
+ 588 cat padding_dec.py
+ 589 nano pad.py
+ 590 fg
+ 591 cat padding_dec.py
+ 592 clear
+ 593 nano padnew.py
+ 594 python padnew.py
+ 595 nano padnew.py
+ 596 python hello mykey
+ 597 python padnew.py hello mykey
+ 598 nano padnew.py
+ 599 python padnew.py hello mykey
+ 600 python padnew.py hello1 mykey
+ 601 nano padnew2.py
+ 602 python padnew2.py 0a7ec77951291795bac6690c9e7f4c0d hello123
+ 603 python padnew2.py 0a7ec77951291795bac6690c9e7f4c0d hello
+ 604 ls
+ 605 type padding_dec.py
+ 606 cat padding_dec.py
+ 607 python pad_dec.py 0a7ec77951291795bac6690c9e7f4c0d hello
+ 608 python padding_dec.py 0a7ec77951291795bac6690c9e7f4c0d hello
+ 609 python padding_dec.py b436bd84d16db330359edebf49725c62 hello
+ 610 python padnew2.py b436bd84d16db330359edebf49725c62 hello
+ 611 clear
+ 612 nano p1.py
+ 613 python p1.py
+ 614 nano p1.py
+ 615 python p1.py hello hello123
+ 616 python p1.py inkwell orange
+ 617 nano p2.py
+ 618 python p2.py b436bd84d16db330359edebf49725c62 hello
+ 619 python p2.py 4bb2eb68fccd6187ef8738c40de12a6b ankle
+ 620 python p2.py 4bb2eb68fccd6187ef8738c40de12a6b ankle123
+ 621 nano p2.py
+ 622 python p2.py 4bb2eb68fccd6187ef8738c40de12a6b ankle123
+ 623 reboot
+ 624 shutdown
+ 625 shutdown -n
+ 626 shutdown --h
+ 627 shutdown -h
+ 628 shutdown -t 1
+ 629 shutdown -t 1 now
+ 630 reboot
+ 631 touch /etc/apt/sources.list
+ 632 chmod 644 /etc/apt/sources.list
+ 633 echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /etc/apt/sources.list
+ 634 apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6'
+ 635 exit
+ 636 exit()
+ 637 apt-get update
+ 638 quit
+ 639 apt-get update
+ 640 hashcat -b m 0
+ 641 hashcat -b -m 0
+ 642 apt-get install libc6
+ 643 apt-get upgrade
+ 644 apt-get upgrade nfs-common
+ 645 apt-get upgrade
+ 646 apt-get upgrade rpcbind
+ 647 apt-get upgrade
+ 648 apt-get -f install
+ 649 apt-get --fix-broken install
+ 650 apt-get -f install
+ 651 dpkg --purge --force-depends libtirpc1
+ 652 apt-get -f install
+ 653 dpkg --purge --force-depends libtirpc1
+ 654 dpkg --purge --force-depends nfs-common
+ 655 dpkg --purge --force-depends rpcbind
+ 656 apt-get install libc6
+ 657 apt-get install binutils
+ 658 apt-get install libc6
+ 659 cd /
+ 660 cd var
+ 661 cd cache
+ 662 cd apt
+ 663 ls
+ 664 cd archives/
+ 665 ls
+ 666 cd ..
+ 667 rm archives/ archives_old
+ 668 mv archives/ archives_old
+ 669 ls
+ 670 apt-get install libc
+ 671 apt-get install binutils
+ 672 cd archives
+ 673 ls
+ 674 cd ..
+ 675 ls -al
+ 676 cd /usr/bin
+ 677 ls python*
+ 678 ls -al
+ 679 ls -al py*
+ 680 rm python
+ 681 ln -s python python3
+ 682 ln -s python3 python
+ 683 python
+ 684 wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
+ 685 apt install ./kali-archive-keyring_2018.1_all.deb
+ 686 apt-get install ./kali-archive-keyring_2018.1_all.deb
+ 687 sudo apt-get update
+ 688 sudo apt-get g++
+ 689 sudo apt-get install g++
+ 690 sudo apt-get install libc6
+ 691 sudo apt-get install hashcat
+ 692 sudo apt-get install libc6-dev
diff --git a/z_associated/dhparams.pem b/z_associated/dhparams.pem
new file mode 100644
index 0000000..95ead7c
--- /dev/null
+++ b/z_associated/dhparams.pem
@@ -0,0 +1,15 @@
+ PKCS#3 DH Parameters: (768 bit)
+ prime:
+ 00:e3:06:06:0e:43:38:62:05:09:f6:e3:e0:01:9b:
+ a9:87:b9:28:c7:39:96:fd:1a:99:c5:72:ab:4c:d3:
+ 78:38:7a:af:10:e2:8b:4f:47:09:ec:43:5a:64:33:
+ b7:4a:6b:f5:6b:9d:a3:0b:34:30:45:a4:56:28:00:
+ 9a:81:7b:97:d7:91:46:60:14:9b:f8:b5:1e:ff:a2:
+ 5b:dc:f8:13:97:99:99:b8:df:5b:4d:10:86:ad:1d:
+ 86:20:5f:74:62:11:5b
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MGYCYQDjBgYOQzhiBQn24+ABm6mHuSjHOZb9GpnFcqtM03g4eq8Q4otPRwnsQ1pk
+M7dKa/VrnaMLNDBFpFYoAJqBe5fXkUZgFJv4tR7/olvc+BOXmZm431tNEIatHYYg
+X3RiEVsCAQI=
+-----END DH PARAMETERS-----
diff --git a/z_associated/esecurity_graphics.jpeg b/z_associated/esecurity_graphics.jpeg
new file mode 100644
index 0000000..826f4eb
Binary files /dev/null and b/z_associated/esecurity_graphics.jpeg differ
diff --git a/z_associated/esecurity_graphics.jpg b/z_associated/esecurity_graphics.jpg
new file mode 100644
index 0000000..5f58253
Binary files /dev/null and b/z_associated/esecurity_graphics.jpg differ
diff --git a/z_associated/fiat.py b/z_associated/fiat.py
new file mode 100644
index 0000000..e15e580
--- /dev/null
+++ b/z_associated/fiat.py
@@ -0,0 +1,61 @@
+import sys
+import random
+
+n=101
+
+
+
+g= 3
+
+x = random.randint(5,10)
+v = random.randint(100,150)
+c = random.randint(5,10)
+
+if (len(sys.argv)>1):
+ g=int(sys.argv[1])
+
+if (len(sys.argv)>2):
+ x=int(sys.argv[2])
+
+if (len(sys.argv)>3):
+ v=int(sys.argv[3])
+
+
+if (len(sys.argv)>4):
+ c=int(sys.argv[4])
+
+if (len(sys.argv)>5):
+ n=int(sys.argv[5])
+
+y= g**x % n
+
+t = g**v % n
+
+r = v - c * x
+
+Result = ( (g**r) * (y**c) ) % n
+
+print '======Agreed parameters============'
+print 'P=',n,'\t(Prime number)'
+print 'G=',g,'\t(Generator)'
+
+
+print '======The secret=================='
+print 'x=',x,'\t(Alice\'s secret)'
+
+print '======Random values==============='
+print 'c=',c,'\t(Bob\'s random value)'
+print 'v=',v,'\t(Alice\'s random value)'
+
+print '======Shared value==============='
+print 'g^x mod P=\t',y
+print 'r=\t\t',r
+
+print '=========Resuts==================='
+print 't=g**v % n =\t\t',t
+print '( (g**r) * (y**c) )=\t',Result
+if (t==Result):
+ print 'Alice has proven she knows x'
+else:
+ print 'Alice has not proven she knows x'
+
diff --git a/z_associated/fiat2.py b/z_associated/fiat2.py
new file mode 100644
index 0000000..11e6396
--- /dev/null
+++ b/z_associated/fiat2.py
@@ -0,0 +1,122 @@
+import sys
+import random
+import hashlib
+
+n=997
+
+text="Hello"
+
+g= 3
+
+def extended_euclidean_algorithm(a, b):
+ """
+ Returns a three-tuple (gcd, x, y) such that
+ a * x + b * y == gcd, where gcd is the greatest
+ common divisor of a and b.
+
+ This function implements the extended Euclidean
+ algorithm and runs in O(log b) in the worst case.
+ """
+ s, old_s = 0, 1
+ t, old_t = 1, 0
+ r, old_r = b, a
+
+ while r != 0:
+ quotient = old_r // r
+ old_r, r = r, old_r - quotient * r
+ old_s, s = s, old_s - quotient * s
+ old_t, t = t, old_t - quotient * t
+
+ return old_r, old_s, old_t
+
+
+def inverse_of(n, p):
+ """
+ Returns the multiplicative inverse of
+ n modulo p.
+
+ This function returns an integer m such that
+ (n * m) % p == 1.
+ """
+ gcd, x, y = extended_euclidean_algorithm(n, p)
+ assert (n * x + p * y) % p == gcd
+
+ if gcd != 1:
+ # Either n is 0, or p is not a prime number.
+ raise ValueError(
+ '{} has no multiplicative inverse '
+ 'modulo {}'.format(n, p))
+ else:
+ return x % p
+
+def pickg(p):
+ for x in range (1,p):
+ rand = x
+ exp=1
+ next = rand % p
+
+ while (next <> 1 ):
+ next = (next*rand) % p
+ exp = exp+1
+
+ if (exp==p-1):
+ return rand
+
+v = random.randint(1,n)
+c = random.randint(1,n)
+
+
+if (len(sys.argv)>1):
+ text=str(sys.argv[1])
+
+if (len(sys.argv)>2):
+ v=int(sys.argv[2])
+
+if (len(sys.argv)>3):
+ c=int(sys.argv[3])
+
+if (len(sys.argv)>4):
+ n=int(sys.argv[4])
+
+
+
+print "Password:\t",text
+x = int(hashlib.md5(text).hexdigest()[:8], 16) % n
+
+g=pickg(n)
+
+y= pow(g,x,n)
+
+t = pow(g,v,n)
+
+r = (v - c * x)
+
+if (r<0):
+ Result = ( inverse_of(pow(g,-r,n),n) * pow(y,c,n)) % n
+else:
+ Result = ( pow(g,r,n) * pow(y,c,n)) % n
+
+print '\n======Agreed parameters============'
+print 'P=',n,'\t(Prime number)'
+print 'G=',g,'\t(Generator)'
+
+
+print '\n======The secret=================='
+print 'x=',x,'\t(Alice\'s secret)'
+
+print '\n======Random values==============='
+print 'c=',c,'\t(Bob\'s random value)'
+print 'v=',v,'\t(Alice\'s random value)'
+
+print '\n======Shared value==============='
+print 'g^x mod P=\t',y
+print 'r=\t\t',r
+
+print '\n=========Results==================='
+print 't=g**v % n =\t\t',t
+print '( (g**r) * (y**c) )=\t',Result
+if (t==Result):
+ print 'Alice has proven she knows password'
+else:
+ print 'Alice has not proven she knows x'
+
diff --git a/z_associated/projects/js_hash.js b/z_associated/projects/js_hash.js
new file mode 100644
index 0000000..0de5d31
--- /dev/null
+++ b/z_associated/projects/js_hash.js
@@ -0,0 +1,65 @@
+var crypto = require("crypto");
+
+
+function showhash(password, type)
+{
+ hash = crypto.createHash(type);
+ hash.update(password);
+ console.log(type,"\t",hash.digest('hex'));
+}
+
+
+var data = "hello";
+
+const args = process.argv.slice(3);
+console.log("Data:\t",data);
+
+data = args[0];
+console.log("Data:\t",data+"\n");
+
+showhash(data,'DSA');
+showhash(data,'DSA-SHA');
+showhash(data,'DSA-SHA1');
+showhash(data,'DSA-SHA1-old');
+showhash(data,'RSA-MD4');
+showhash(data,'RSA-MD5');
+showhash(data,'RSA-MDC2');
+showhash(data,'RSA-RIPEMD160');
+showhash(data,'RSA-SHA');
+showhash(data,'RSA-SHA1');
+showhash(data,'RSA-SHA1-2');
+showhash(data,'RSA-SHA224');
+showhash(data,'RSA-SHA256');
+showhash(data,'RSA-SHA384');
+showhash(data,'RSA-SHA512');
+showhash(data,'dsaEncryption');
+showhash(data,'dsaWithSHA');
+showhash(data,'dsaWithSHA1');
+showhash(data,'dss1');
+showhash(data,'ecdsa-with-SHA1');
+showhash(data,'md4');
+showhash(data,'md4WithRSAEncryption');
+showhash(data,'md5');
+showhash(data,'md5WithRSAEncryption');
+showhash(data,'mdc2');
+showhash(data,'mdc2WithRSA');
+showhash(data,'ripemd');
+showhash(data,'ripemd160');
+showhash(data,'ripemd160WithRSA');
+showhash(data,'rmd160');
+showhash(data,'sha');
+showhash(data,'sha1');
+showhash(data,'sha1WithRSAEncryption');
+showhash(data,'sha224');
+showhash(data,'sha224WithRSAEncryption');
+showhash(data,'sha256');
+showhash(data,'sha256WithRSAEncryption');
+showhash(data,'sha384');
+showhash(data,'sha384WithRSAEncryption');
+showhash(data,'sha512');
+showhash(data,'sha512WithRSAEncryption');
+showhash(data,'shaWithRSAEncryption');
+showhash(data,'ssl2-md5');
+showhash(data,'ssl3-md5');
+showhash(data,'ssl3-sha1');
+showhash(data,'whirlpool');
\ No newline at end of file
diff --git a/z_associated/projects/js_hash/compress.js b/z_associated/projects/js_hash/compress.js
new file mode 100644
index 0000000..6f95467
--- /dev/null
+++ b/z_associated/projects/js_hash/compress.js
@@ -0,0 +1,37 @@
+var zlib = require('zlib');
+var test="hello";
+
+var flag="zip"
+
+var args = process.argv;
+if (args.length>1) test=args[2];
+if (args.length>2) flag=args[3];
+
+
+
+console.log("Input: ",test);
+
+if (flag=="zip") {
+ var input = new Buffer.from(test)
+
+ zlib.deflate(input, function(err, buf) {
+ var res=buf.toString('base64');
+
+ console.log("Compressed: " ,res );
+ // console.log("Compressed: " ,buf );
+
+ });
+
+}
+else {
+ var input = new Buffer.from(test,'base64')
+
+ zlib.inflate(input, function(err, buf) {
+ console.log("Uncompressed:", buf.toString("utf8") );
+ // console.log("Uncompressed: " ,buf );
+
+
+ });
+
+}
+
diff --git a/z_associated/projects/miniproject/02.py b/z_associated/projects/miniproject/02.py
new file mode 100644
index 0000000..2ecf684
--- /dev/null
+++ b/z_associated/projects/miniproject/02.py
@@ -0,0 +1,9 @@
+import hashlib;
+import passlib.hash;
+string="Hello"
+print "General Hashes"
+print "MD5:"+hashlib.md5(string).hexdigest()
+print "SHA1:"+hashlib.sha1(string).hexdigest()
+print "SHA256:"+hashlib.sha256(string).hexdigest()
+print "SHA512:"+hashlib.sha512(string).hexdigest()
+
diff --git a/z_associated/projects/miniproject/cryptojs.html b/z_associated/projects/miniproject/cryptojs.html
new file mode 100644
index 0000000..5505cef
--- /dev/null
+++ b/z_associated/projects/miniproject/cryptojs.html
@@ -0,0 +1,837 @@
+
JavaScript Encryption with CryptoJS
+
+
Back This page uses client-side JavaScript code to hashing, encrypt and sign [code]: