IT Security 
Students’ LABs 
Ch.2: Cryptography 
 
 

 
  
 
 

 
 
 
 
 
 
“Don’t get LOST in bad Hacking …” 
 

 
IT Security Lab 2.1: SSH Analysis and Configuration

IT SECURITY
LAB 2.1: SSH Analysis and Configuration

1. Scenario
This is the scenario to implement:
Linux
SSH Server SSH Client

.50 .51

192.168.0.0 /24

2. Material used
• Windows XP with PUTTY (Ssh client)
• Knoppix 7 with SSH Server

3. Learning Objectives
Upon completion of this lab you must be able to:
• Identify symmetric and asymmetric cryptography mechanisms
• Have good knowledge about SSH protocols 1 and 2
• Identify SSH operation
• Perform SSH configuration

4. Implementation
Task 1: Implement the scenario
1. Connect the 2 hosts
2. Configure IP parameters
3. Check IP connectivity between hosts
4. Do not start the SSH server yet

Task 2: SSH protocol 1 analysis

1. Check “sshd” manual or other sources to answer these questions.

man sshd

2. Which protocol versions of SSH are supported and which one is the default?

Page: 1
IT Security Lab 2.1: SSH Analysis and Configuration

Acording to the manual of sshd, it supports SSH protocols 1 and 2. The default protocol is 2 and it can be changed in sshd_config(5)

3. How long in bits is the “host-specific” RSA key?

Normally 2048 bits.

4. What is “Forward Security”? (also called “Forward Secrecy”). Use google to
give an answer:

It's a property of cryptographic systems that assures that a discovery of the

actual used keys does not compromise/reveal the previously used ones.
It maintains the security of previous messages.

5. How is “Forward Security” provided in version 1?

Forward security for protocol 1 is provided through an additional server key,

normally 768 bits, generated when the server starts. This key is normally
regenerated every hour if it has been used and is never stored on disk.

6. What asymmetric algorithm is used to exchange the “session key”?

Protocol 1 only suppots RSA

7. What keys does this algorithm use to securely exchange the “session key”?

It encrypts this random number using both the host key and the server key

8. How long in bits is the “session key”?

The session key is 256-bit long.

9. What symmetric algorithms can be used to encrypt traffic using this “session
key” in protocol 1?

3DES is the default protocol for protocol 1. Others may be DES, BLOWFISH, IDEA, AES...

Task 3: SSH protocol 2 analysis

1. How is “Forward Security” provided in version 2?

For protocol 2, forward security is provided through a Diffie-Hellman key agreement.

2. What asymmetric algorithm is used to exchange the “Session key”?

Diffie-Hellman
Page: 2
IT Security Lab 2.1: SSH Analysis and Configuration

3. What symmetric algorithms can be used to encrypt traffic with version 2?

128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. Is chosen by the client

Task 4: Analyze SSH server messages

1. Start the SSH Server and identify all the messages you obtain when starting the
SSH server:

/etc/init.d/ssh start

2. Which keys have been generated?

Public/Private RSA key pair

Public/Private DSA key pair

3. What is the different use for RSA and DSA?

RSA is used to secure data transmission, the data sent is private between
computers.
DSA is used to digital signature and its verification, to check that the site
you are trying to access is the real one and not an impostor.

4. Where are each of these 4 keys stored? List each file and its directory location.

/etc/ssh/ssh_host_rsa_key - private rsa key

/etc/ssh/ssh_host_rsa_key.pub - public rsa key
/etc/ssh/ssh_host_dsa_key - private dsa key
/etc/ssh/ssh_host_dsa_key.pub - public dsa key

5. The “key fingerprint” is a hash of the “key”. How big (in bits) is each of the
fingerprints?

128 bits
6. Which algorithm has been used to generate the fingerprints?

128-bit MD5

Task 5: SSH configuration

1. Where is the sshd (ssh server) configuration stored?

/etc/ssh/sshd_config
2. Where is the ssh (ssh client) configuration stored?

Page: 3
IT Security Lab 2.1: SSH Analysis and Configuration

global config in /etc/ssh/ssh_config | user config ~/.ssh/config

3. What cipher is configured by default for version 1 in the Linux Server when it
is acting as an SSH client? Where is this parameter configured?

The default for version 1 is 3DES.

It can be configured modifiying the files or using ssh_config(5).

4. Is this a “symmetric” or “asymmetric” cryptographic algorithm?

Symmetric
5. Change the default port for SSH to a new one, i.e. port 65001. Verify that you
can connect using the new port. Describe the steps that you have followed:
We changed the value from /etc/ssh/sshd_config. It had:
Port 22
We changed it to:
Port 65001

Task 6: Check the “PUTTY” Windows SSH client

1. Using PUTTY open an SSH connection from the Windows client to the Linux.
2. PUTTY (an SSH client) keeps the public keys of the server in the Windows
register. So, run the register editor at the Windows client. Be sure you have
previously accepted, at least, one SSH key.

regedit

3. Locate the key HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

4. Explain the meaning of each four parameters stored for each key:

rsa2
65001
192.168.0.50
public key of server

Task 7: Check the Linux SSH client

1. Use the server to SSH itself from the Linux command.

ssh –l <login> localhost

2. First of all, you get a message about the server’s key fingerprint. How long in
bits is this fingerprint? (Tip: 1 hexadecimal character = 4 bits).

Page: 4
IT Security Lab 2.1: SSH Analysis and Configuration

128 bits
3. Attending to the length in bits of the fingerprint, what algorithm do you think
has been used to obtain this fingerprint? (Check cryptography bibliography
before answering this question).

128-MD5
4. The Linux SSH client keeps the public keys of the server in a file, in the .ssh
directory of the user.
5. Establish an SSH connection using the “knoppix” user and disconnect. Locate
the file key and write its path and name. Be sure you have previously accepted
the SSH key.

The file path is:

/home/knoppix/.ssh/known_hosts

6. Erase the file and reconnect to the previous server. Notice that you will have to
accept the key again.
7. Now establish another SSH connection using the “root” user. Locate the file key
and write its path and name.

/root/.ssh/known_hosts

5. Results
• Successfully complete task 2
• Successfully complete task 3
• Successfully complete task 4
• Successfully complete task 5
• Successfully complete task 6
• Successfully complete task 7

Notes:

Page: 5
IT Security Lab 2.2: File Hashing

IT SECURITY
LAB 2.2: File Hashing

1. Scenario
This is the scenario to implement:

Internet

Computer with
Internet connection

2. Material used
• Windows
• Linux Knoppix 7
• Internet connection

3. Learning Objectives
Upon completion of this lab you must be able to:
• Identify different hashing algorithms
• Use different hashing applications

4. Implementation
Task 1: Implement the scenario
1. Connect the Windows and the Linux computer to Internet.
Task 2: File hashing applications
1. Search and identify different free hashing applications for WINDOWS that
implement MD5 and SHA-1 algorithms. Write they names here and download
one of them.

Free MD5 SHA1 Verifier | winmd5free

2. Search the Internet and find 3 or more websites with online hashing tools. Write
down they URLs here:
md5.cz
onlinemd5.com
md5hashgenerator.com

Page: 1
IT Security Lab 2.2: File Hashing

3. What hash algorithms do they support?

md5.cz - MD5
onlinemd5.com - MD5 and sha1 and sha256
md5hashgenerator.com - MD5 and sha1

Task 3: File hash generation and verification

1. Using the application you downloaded generate the hash of, at least, 10 files of
your computer (use documents you can modify, not binary files). Use both,
MD5 and SHA-1 algorithms. You can also use the Linux tools “md5sum” and
“sha1sum”.
2. Write down both hashes, MD5 and SHA1, of one of the previous files.

MD5: 0CC175B9C0F1B6A831C399E269772661
SHA1: 86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8

3. Modify only one character of one the previous files and generate again both
hashes, MD5 and SHA-1.

4. Check the differences. How similar are they?

They are completely different

Task 4: Public file hash verification
1. Search the Internet for a file you can download (ex: wireshark.org) and with its
hash published. Write down the hashing algorithm and the hash here:

Hashing algorithm..: Wireshark-win64-3.6.2.exe: 77465592 bytes

Hash...............: SHA1(Wireshark-win64-3.6.2.exe)
=7343c59e1d70f77a370155873b83208ae1908bc6

2. Download the file.

3. Generates its hash and compare the result with the hash published.
4. Comment on the result. Are they different?

We used sha1, and they are the same.

5. What conclusion do you get from this result?

That we downloaded the file correctly. The file that they used for the hash
published in the web, is the same file that we have downloaded.

Page: 2
IT Security Lab 2.2: File Hashing

Task 5: Hash cracking tools

Searching the Internet you can find several web tools for hash cracking. As an
example, you can find md5 and sha1 databases with thousands or millions of
hashed words at https://hashtoolkit.com/.
1. Run the Linux and get it connected to the Internet.
2. Use the md5sum command to generate the md5 hash of a well-known word.
Use “lost” as the first example. Just after the word type CTRL+D two times (do
not press any space or carry return after the word).

# md5sum We get the md5sum hash of lost:

lost^D^D 1c9a44eb2e8eaf3da1eb551da310cce7

3. You can also use this linux command:

# echo -n lost | md5sum We get the same hash that using the other command

4. Copy the hash obtained and paste it on the previous web page, on the “Decrypt
MD5 hash” tab. (https://hashtoolkit.com/decrypt-md5-hash/)
5. Then click on the “search” icon and you will get the original word.
6. Try again with different words. Write down the words you have used.

password
user
qwerty

7. Try again the same words but use now the sha1 algorithm, so use the sha1sum
command and the previous web page or any other similar web page you can
find.
8. Is the web page really “decrypting” the hash?

No, it just has the value and its hash stored. It compares hashes to find the password

5. Results
• Successfully complete task 2
• Successfully complete task 3
• Successfully complete task 4
• Successfully complete task 5

Notes:

Page: 3
IT Security Lab 2.3: Linux Password Encryption

IT SECURITY
LAB 2.3: Linux Password Encryption

1. Scenario
This is the scenario to implement:

Linux Server
with Internet
Connection
Internet

2. Material used
• Knoppix 7
• Knoppix 4 for the last exercise
• Internet connection

3. Learning Objectives
Upon completion of this lab you must be able to:
• Identify how Linux passwords are stored
• Understand what encryption methods are used

4. Implementation
Task 1: Implement the scenario with a Linux Server
1. Connect the Linux server to the Internet.

Task 2: Analyze the /etc/passwd file

1. Login into the Linux server using the user “knoppix”.

su knoppix

2. Linux accounts are stored in the file /etc/passwd, with one account per line.
Open it and analyze its format. Search the Internet to determine all the
information contained for each account.
3. List, in order, all the parameters for each account and give a description of each:

Page: 1
IT Security Lab 2.3: Linux Password Encryption

1. username: username of user

2. password: x
3. id user: ID assigned to user
4. id group user: primary group ID
5. User ID info: comment to add additional info of user
6. home directory: path of the home directory of the user
7. command/shell: path to the default shell of user

4. What do you get as the password for each account? What does it mean?

x, it means that the password is encrypted and stored in /etc/shadow

5. Where are the passwords stored?

/etc/shadow
6. Who can read this file?

Only root
7. Try to open the file as the “knoppix” user. Were you successful? Why?

No, knoppix does not have permission to read the file

Task 3: Analyze the /etc/shadow file

1. Login now as root (superuser):

su

2. Verify what user you are now with the next instruction:

whoami

3. You’ll probably have to assign a password to the root user:

passwd root

Page: 2
IT Security Lab 2.3: Linux Password Encryption

4. Open now the /etc/shadow file.

5. List, in order, all the fields for each line and give a description of each:

1. Username: name of user

2. Password: hashed password
3. Last changed: Days since Jan 1, 1970 that password was last changed
4. Minday: minimum number of days required between password changes
5. Maxday: maximum number of days that the password is valid
6. Earn: number of days before the password is expired that the user is
warned
7. Inactive: number of days until account is disabled after expiration
8. Expire: days since Jan 1, 1970 that account is disabled i.e. an absolute
date specifying when the login may no longer be used

6. The password’s format is composed by 3 parts, each separated by the “$” char:
o Encryption method:
“1”: MD5 “5”: SHA-256
“2”: Blowfish “6”: SHA-512
“_”: DES
o Salt: When a user picks or is assigned a password, it is encoded with a
randomly generated value called the salt. This means that any particular
password could be stored in 4096 different ways. The salt value is then
stored with the encoded password.
o The encrypted password.

7. What method was used to encrypt “root” password?

The password has $6 which is SHA-512

8. What is the purpose of the “salt”?

Add an extra layer of security. In a brute force attack you would have to
try 4096 times each password if you don't know the salt value.

Page: 3
IT Security Lab 2.3: Linux Password Encryption

9. How long (in bits) is the “root” password once it is encrypted?

512 bits
10. How long (in characters) is the “root” password once it is encrypted?

86 characters
11. Knowing that passwords are kept in Base-64 format, is this correct according to
the two previous answers?

Yes, Base64 uses 4 ascii characters to encode 24-bits (3 bytes) of data.

512bits = 64Bytes
64Byte* 4char/3Byte = 85.33char -> The minimum number of chars needed to represent 512bits is 86

12. Answer question 7 again but now using Knoppix 4.

The password has $1 which is MD5

5. Results
• Successfully complete task 2
• Successfully complete task 3

Notes:

Page: 4
IT Security Lab 2.4: Digital Certificates

IT SECURITY
LAB 2.4: Digital Certificates

1. Scenario
This is the scenario to implement:

Internet

Computer with
Internet connection

2. Material used
• Computer with Internet connection and an updated web browser

3. Learning Objectives
Upon completion of this lab you must be able to:
• Identify Digital Certificates structure
• Manage Digital Certificates correctly

4. Implementation
Task 1: Implement the scenario
1. Connect your computer to Internet

Task 2: Digital Certificates

1. What is a Digital Certificate? Search and write its definition.

A digital certificate is used to cryptographically link ownership of a public key with the
entity that owns it. Digital certificates are for public keys to be used for encryption and
authentication.
It's an electronic document to prove the validity of a public key.

Page: 1
IT Security Lab 2.4: Digital Certificates

2. What is the structure of a X.509 Digital Certificate?

Certificate
Version Number
Serial Number
Signature Algorithm ID
Issuer Name
Validity period
Not Before
Not After
Subject name
Subject Public Key Info
Public Key Algorithm
Subject Public Key
Issuer Unique Identifier (optional)
Subject Unique Identifier (optional)
Extensions (optional)
...
Certificate Signature Algorithm
Certificate Signature

3. How is the Digital Certificate signature generated?

Uses the PKI protocol. This protocol uses a mathematical algorith to generate the
private/public keys.

Task 3: Digital Certificates included by default in the Web Browsers

1. Check the digital certificates included by default in your web browser.
Configuration/Options > Privacy and Security > Certificates
This is the list of authorities your computer will trust in order to verify digital
certificates.
2. Open the certificate issued for “VeriSign Class 3 Public Primary Certification Authority –
G5”. Who is the issuer of this certificate?

VeriSign, Inc
3. When the “issuer” is the same than the subject who the certificated was issued
for, then it’s a “root” certificate. Is this the case?

Yes the issuer and the subject is the same, VeriSign, Inc
4. How long (in bits) is the public RSA key included in the certificate?

1024

Page: 2
IT Security Lab 2.4: Digital Certificates

5. Which algorithms were used to generate the digital signature of the certificate?

sha-1 with RSA encryption

Task 4: Digital Certificate of “eSecretary.salle.url.edu”
1. Open the digital certificate of “eSecretary.salle.url.edu”. You can do that
clicking over the lock that appears at the URL bar.

https://eSecretary.salle.url.edu

2. Who is the issuer of this certificate?

GEANT Vereniging
3. How long (in bits) is the public RSA key included in the certificate?
2048

4. Which algorithms were used to generate the digital signature of the certificate?

SHA-384 with RSA encriptyon

5. What is the certification path of this certificate? Detail all the path.

Sectigo (AAA) -> USERTrust RSA Certification Authority -> GEANT OV RSA CA 4 -> *.salle.url.edu

6. Who owns the “root certificate”?

Sectigo (AAA)
7. If you have this root certificate in your list then you can verify the lower
certificate, and so, you don’t get a “validation error” for the certificate of the
server you are connecting at. Is this the case?

We don't get the error because the root certificate is preinstalled and appears on the certificate list.

Page: 3
IT Security Lab 2.4: Digital Certificates

Task 5: Digital Certificate of “Cadi” website

1. Open the web page: https://cadi.salle.url.edu. Do you get any security warning?

No
2. Now open the web page: https://cadi.salleurl.edu. Do you get any security
warning?

Yes
3. Open the digital certificate of “https://cadi.salleurl.edu”. Be sure to connect to
cadi.salleurl.edu and not to cadi.salle.url.edu.
4. Who is the issuer and the subject of this certificate?

Subject (Issued to): Subject: *.salle.url.edu

Issuer (Issued by): Issuer: GEANT Vereniging

5. Why do you obtain the previous security warning?

The name registered in the certificate (*salle.url.edu) is different from the

one that we are trying to access: *salleurl.edu.

5. Results
• Successfully complete task 2
• Successfully complete task 3
• Successfully complete task 4
• Successfully complete task 5

Notes:

Page: 4
IT Security Lab 2.5: HTTPS and SSL

IT SECURITY
LAB 2.5: HTTPS and SSL

1. Scenario
This is the scenario to implement:

Internet

Computer with
Internet connection

2. Material used
• Windows client
• Internet connection

3. Learning Objectives
Upon completion of this lab you must be able to:
• Identify HTTPS and SSL operation

4. Implementation
Task 1: Implement the scenario with a Windows client
1. Connect the Windows XP computer to Internet
Task 2: HTTPS
1. HTTP stands for “Hypertext Transfer Protocol”. What does HTTPS stand for?

Hypertext Transfer Protocol Secure

2. What is the standard port for HTTPS?

443
3. What two elements does HTTPS use to secure the communications?

1. SSL or TLS protocol

2. Digital certificates

Page: 1
IT Security Lab 2.5: HTTPS and SSL

4. How do the different Web browsers indicate you are using a secure connection?
(Icons in the browser).

Usually a lock to the left of the url

5. What is the difference between HTTPS and S-HTTP?
SHTTP only provides data encryption, the authentication process is left
for the web browser. HTTPS provides both, data encyption and
authentication.

Task 3: SSL/TLS
1. What do SSL and TLS stand for?

SSL -> Secure Socket Layer / TLS ->Transport Layer Security

2. What is the difference between SSL and TLS?
Both of them are cryptographic protocols that encrypt data and authenticate a
connection when moving data on internet. TLS is modern version than de SSL protocol.

3. List, in order, the different versions of SSL and TLS:

SSL 1.0/SSL 2.0/SSL 3.0/TLS 1.0/ TLS1.1/ TLS 1.2 /TLS 1.3

4. Which versions are currently considered unsecure?

VERSIONS BEFORE TLS 1.2

5. In an HTTPS connection this is the HTTP+SSL handshake. Check how
cryptographic techniques are used:

Page: 2
IT Security Lab 2.5: HTTPS and SSL

6. Using a sniffer, capture all the packets related to an HTTPS connection to this
server. Identify each packet corresponding to each step of the handshake.

https://esecretary.salle.url.edu

7. What SSL or TLS message is used by the server to send its certificate to the
client? Identify the corresponding packet.

The message after "Server Hello" has the certificate of the server
8. Which version of SSL or TLS is being used? And what Cipher Suite? Focus on
the “Server Hello” message.

Version TLS: TLS v1.2

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Task 4: Checking if HTTPS is used.

1. List 5 web servers you normally use and where you have to identify yourself
using a “login / password” method.

esecretary.salle.url.edu
estudy.salle.url.edu
facebook.com
instagram.com
twitter.com

2. Are they using HTTPS to identify users? Check it for each of them.

Yes, it uses http-over-tls

Task 5: QUIC protocol.
1. What is the “QUIC” protocol?

QUIC is a network protocol. It establishes multiple multiplexed UDP

connections to improve performance.

2. Who developed it?

Jim Roskind
3. What are QUIC’s goals?

Improving user experience, particularly page load times.

Page: 3
IT Security Lab 2.5: HTTPS and SSL

4. Open Chrome browser and review that QUIC is “activated”:

chrome://flags/

5. Start wireshark and capture traffic while you connect to Google. Verify that you
capture quic protocol filtering traffic conveniently. Show your results to the
instructor.
6. What transport protocol (UDP or TCP) and what destination port quic uses?

Protocol: UDP | destination port: 443

7. How QUIC impacts network security?

It is equivalent to TCP+TLS but with a more efficient handshake, it also

uses the handshake to exchange the setup keys.
It allows to have the same security as using TCP+TLS, but with a less
latency and faster loading.

5. Results
• Successfully complete task 2
• Successfully complete task 3
• Successfully complete task 4
• Successfully complete task 5

Notes:

Page: 4