BR Benjamin Rutt Desert Workshop

Cyber Security Lab Writeup

Cryptography Analysis Lab

A university cryptography project focused on analysing how different cipher systems behave, how evidence can identify a cipher type, and why modern encryption modes matter.

Completed Cyber Security Cryptography OpenSSL

Overview

From cipher clues to practical encryption behaviour.

This project brought together several core cryptography concepts: classical cipher identification, stream cipher behaviour, block cipher modes, OpenSSL-based decryption reasoning, and RSA cryptosystem work.

I am not publishing the raw assignment document, ciphertexts, recovered plaintext, keys, or student identifiers. This page is a professional summary of the work and what it demonstrated.

Tools and concepts

  • Classical cipher analysis using frequency patterns, repeated fragments, and index of coincidence.
  • Vigenere and monoalphabetic substitution cipher reasoning.
  • Linear Feedback Shift Register behaviour and stream cipher keystream generation.
  • CBC and CTR block cipher modes, including why they hide repeated plaintext structure better than ECB.
  • OpenSSL command-line decryption concepts, salted files, PBKDF2, and AES mode testing.
  • RSA concepts including public/private key reasoning and modular arithmetic.

What I did

I analysed ciphertext behaviour, justified cipher identification with observable evidence, worked through LFSR state changes, compared block cipher mode behaviour, and reasoned through encrypted-file recovery using OpenSSL settings.

The most useful part was learning to treat cryptography as analysis, not memorisation. The evidence mattered: distributions, repetition, chaining behaviour, file headers, and whether a decryption result actually made sense.

Key implementation or analysis details

  • Identified one ciphertext as Vigenere by observing a flatter frequency distribution and polyalphabetic behaviour.
  • Identified another ciphertext as monoalphabetic substitution because repeated patterns and English-like frequency behaviour were preserved.
  • Explained how CBC chains blocks so repeated plaintext blocks do not normally produce repeated ciphertext blocks.
  • Explained how CTR turns a block cipher into a stream-like mode using counter-based keystream blocks.
  • Used file and mode clues to reason through an OpenSSL decryption workflow without publishing sensitive recovered content.

Challenges

The main challenge was connecting theory to evidence. It is one thing to know what a cipher is meant to do; it is another to justify that conclusion from ciphertext behaviour, mode properties, and command-line results.

What I learned

  • Cryptanalysis depends on observable patterns, not guesswork.
  • Small stream-cipher state spaces are easy to reason about but weak as real security mechanisms.
  • Encryption mode choice changes what structure leaks from the plaintext.
  • Practical tools like OpenSSL are easier to use when the underlying concepts are understood.

Future improvements

  • Add a safe diagram showing ECB vs CBC vs CTR behaviour without using assignment assets.
  • Add a short Python notebook that demonstrates frequency analysis on toy ciphertext.
  • Write a plain-language note explaining index of coincidence and why it helps identify cipher families.