Things Every Newb Should Know

Posted by Slynk | Posted in | Posted on 4:36 PM

I'll keep this article simple for its target audience, the newbs. (That's not to be confused with noob.)


Learn about AES Encryption:


AES is an encryption that uses a key and an initialization "vector" to encrypt the file. The key can be 16 bytes (numbers, for simplicity), 24 bytes, or 32 bytes long. These numbers are the same as when you see AES-128, AES-192, and AES-256 respectively. The initialization vector is, at least in PS3 encryption, always 16 bytes.

AES can be used in a variety of "modes." Such as the PS3 uses AES in both CTR mode and CBC mode. Think of these as just... a different set of instructions for reading and writing the encrypted data.

Brute forcing AES is just out of the question. Think about this. If you had a 1 digit password, with a possibility ranging from 0-9, there would be 10 possibilities aka 10^1. If you had a 2 digit password, there would be 100 possibilities aka 10^2. 3 digits would be 1000.

Now with AES, each digit ranges from 0-255. Even if you used a 16 byte key, that would be 256^16 possible keys which is 3.4028236692093846346337460743177e+38. That's just for the key. If you don't know the initialization vector, because you need that too, there are (256^16)(256^16) possible combinations to cycle through. It's unrealistic with current hardware, even with a distributed attack.

Learn about Hashing:

Hashing's a pretty easy concept to understand. It's like a book summary. You get the gist of what's in the book but you couldn't replicate the entire book from that summary. It's the same with hashing. You generate a summary of the file, or part of the file, then store it to be checked later. Now the problem with this is if you know the algorithm used to calculate the hash, you might be able to tweak a file to loosly match it. Or anyone could easily just hash the file themselves and replace your hash. To avoid that, HMAC uses a key to encrypt the hash. If the person doesn't have the key, they can't replicate a similar file structure nor can they make their own hash.

Learn about ECDSA:

I'll be honest, I'm still learning about this. But from what I understand, this is for authenticity. You have 2 keys, the public key (the one you give to people to verify that the file that get is from you) and the private key (the key you use to sign the file.) Due to one of the parameters for generating the key not being random like it should be, the people could calculate private keys for the ps3 to sign their own files. This has since been fixed for most keys.

Comments (2)

Thanks, I always think in brute-force but this post show me why not is a solution...

Un abrazo desde Argentina...

(sorry for my poor english)

Looking forward to seeing this updated more!!! great work slynk

Post a Comment